hxxps://drive[.]google[.]com/file/d/1073T932OIWDGN4l0KPjrj9kUF3DlmQgL/view?usp=sharing

Analysis

max time kernel
1698s
max time network
1756s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-07-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1073T932OIWDGN4l0KPjrj9kUF3DlmQgL/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

flow	ioc
270	drive.google.com
290	drive.google.com
109	drive.google.com
150	drive.google.com
152	drive.google.com
153	drive.google.com
271	drive.google.com
3	drive.google.com
45	drive.google.com
300	drive.google.com
298	drive.google.com
1	drive.google.com
2	drive.google.com
44	drive.google.com
151	drive.google.com
296	drive.google.com

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = af28e482bfe2da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "775"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3055"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "189"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3244"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dbdb5c84bfe2da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "653"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dad8a87fbfe2da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6155c980bfe2da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "544"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "754"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8742b680bfe2da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "589"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 14 IoCs

pid	Process
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	1656	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1656	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1656	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1656	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4924	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4924	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2376	MicrosoftEdge.exe
Token: SeDebugPrivilege	2376	MicrosoftEdge.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe
Token: SeDebugPrivilege	5512	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5512	firefox.exe
5512	firefox.exe
5512	firefox.exe
5512	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5512	firefox.exe
5512	firefox.exe
5512	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2376	MicrosoftEdge.exe
1404	MicrosoftEdgeCP.exe
1656	MicrosoftEdgeCP.exe
1404	MicrosoftEdgeCP.exe
5020	MicrosoftEdgeCP.exe
5020	MicrosoftEdgeCP.exe
5020	MicrosoftEdgeCP.exe
5512	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 5016	1404	MicrosoftEdgeCP.exe	76
PID 1404 wrote to memory of 5016	1404	MicrosoftEdgeCP.exe	76
PID 1404 wrote to memory of 5016	1404	MicrosoftEdgeCP.exe	76
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 2752	1404	MicrosoftEdgeCP.exe	79
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 2128	1404	MicrosoftEdgeCP.exe	83
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 1404 wrote to memory of 1780	1404	MicrosoftEdgeCP.exe	82
PID 5568 wrote to memory of 5512	5568	firefox.exe	90
PID 5568 wrote to memory of 5512	5568	firefox.exe	90
PID 5568 wrote to memory of 5512	5568	firefox.exe	90
PID 5568 wrote to memory of 5512	5568	firefox.exe	90
PID 5568 wrote to memory of 5512	5568	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1073T932OIWDGN4l0KPjrj9kUF3DlmQgL/view?usp=sharing"
1⤵
PID:4196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2128

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5568
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.0.353720535\581876911" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8273baf1-cfaa-4538-b563-dd30b5dface9} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 1796 25857bb8a58 gpu
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.1.767790121\1706114407" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0bee8c-d67f-4b7f-8241-eea63cb137d9} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 2152 2584576fe58 socket
    3⤵
    PID:6532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.2.272877570\1735885157" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e9acf53-b3c6-4f3f-bc27-54f7cbe611c4} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 3032 2585bed0f58 tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.3.1028757108\937064581" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a4ab891-1638-4278-aa60-5ad43c3c6dba} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 3420 25845762858 tab
    3⤵
    PID:1000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.4.8080785\1093755422" -childID 3 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4331b94a-a8dc-4657-82e6-615d86d75300} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 4324 2585cec1e58 tab
    3⤵
    PID:6324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.5.1995538088\545622027" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 4888 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1f2a08-f46c-4981-ba97-5362cd75efdd} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5016 2585e242f58 tab
    3⤵
    PID:6764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.6.1118936360\1477954186" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 4992 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {849bdd03-fd64-4e00-acfb-e5699cfeb72a} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 4964 2585e869558 tab
    3⤵
    PID:6756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.7.1480940858\1918450001" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {053d40ce-f28c-4a20-af74-a29c0cf4165d} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5212 2585e869858 tab
    3⤵
    PID:7156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.8.1667364292\1676948910" -childID 7 -isForBrowser -prefsHandle 5708 -prefMapHandle 5692 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e15f59b-b8c8-4492-9154-faac1d9a397b} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5716 2584572e158 tab
    3⤵
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.9.877831929\1911779295" -childID 8 -isForBrowser -prefsHandle 5880 -prefMapHandle 5884 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b530cf0c-7945-4d80-83de-79cf84aa1b0d} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5900 2585ffd3358 tab
    3⤵
    PID:5256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.10.648861684\813560441" -childID 9 -isForBrowser -prefsHandle 4464 -prefMapHandle 4532 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb2fb0e1-1c18-4cba-becd-6b157501fa07} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 1320 2585e86aa58 tab
    3⤵
    PID:2172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.11.1818276825\1282333894" -childID 10 -isForBrowser -prefsHandle 4692 -prefMapHandle 5284 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f01a5fd-1bf0-47aa-b066-19e624b135c9} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5480 2585f666858 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.12.1716385512\1211586280" -childID 11 -isForBrowser -prefsHandle 6224 -prefMapHandle 6172 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5739eca-bf61-4910-a163-dcf8a0967d28} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 6232 25860042458 tab
    3⤵
    PID:6648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5512.13.1077264068\984982962" -childID 12 -isForBrowser -prefsHandle 5736 -prefMapHandle 5724 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9a4786-a504-400c-8c5f-d0f26013d93c} 5512 "\\.\pipe\gecko-crash-server-pipe.5512" 5820 2584572e158 tab
    3⤵
    PID:592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\22678

Filesize
15KB

MD5
abe0c455b218fd0223b053d4c2f95330

SHA1
d33b546b87b580a6ed5dff632013185f47068874

SHA256
cc7a12fcd702e0ce3fc3c88c6ed129463b0ddd508c093d0b2e1cc75f91aac121

SHA512
d8af35a15f6bd43148408b403f85a95965621e8dc687faba764fad310cc4e4400af5c0a1b27094bd989f703db68d4b4a57dfcee7abd482b2a084d6280c88169d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\thumbnails\79336f0961658a61d3e64af0d20cfdaa.png

Filesize
32KB

MD5
a8a611ef5ed5f8b632fb56aa3183c047

SHA1
cf1e4f6dda547536927bb5fd036be79491552f73

SHA256
224ab7204099e7aea099acc4159f87fc7b23faba2109909d641b9118f945f3e1

SHA512
f2c25ed48a9e311f2024ee495245828096807361a5760a2b7bc6eaa299a443259775550198cf17f2a0a772775b1e51d01a8577a88055671e3d0a37676e231457

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\m=RqjULd[1].js

Filesize
18KB

MD5
e95653e4fbc897499096fb0d822740e7

SHA1
851b7c1a447e1c0b20fb151744118c20109a1a5e

SHA256
6e907a0bdaa5a79461b71a7196261826f886dc179c39937f47da69b78479d396

SHA512
831095b46f1de2f05f7efc904fb7406a973b2094c24a3060481d0f00c97a3ede2b69d8b6ee9c05c49aec1e0de2b9ce5f73f31e5028abfb6b34c525c90b9a25bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\m=bm51tf[1].js

Filesize
1KB

MD5
1c3cc58d1238dbf021aa956365718fda

SHA1
4987b3754cb52820805b47118906fff2daae9a07

SHA256
9336d140abddeb7ac56d286e3f3ec08705e32d32cfd7954c30692d0de804ca3a

SHA512
d0fa1ea3519b25f9a496dbc815a9ba16ef0e145372d2e820596c57155bd8038dc8cc2db0897a29867c8e4067781991865e5146622f889ffe731e0a830c13f1eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\44SCH9C7\ntp[1].htm

Filesize
64KB

MD5
6d5cac05abfb4346e54a13ab958153e4

SHA1
3219ba3788ee3ca25607096d4c5b4789491b6144

SHA256
c22d3063e79e4994bbcbbd7c8a370e628e7d1d06cd5eb1a2680444d0ddacc81f

SHA512
7c90877e74ae7d61c21364fa61b3bb8a267fd53a670ad0b19c0ce83c7260272c9821294908344d802d16a8d5a025dc357ff74b1d88c559f332b2070e540ccdd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\44SCH9C7\otBannerSdk[1].js

Filesize
426KB

MD5
9407efa17b9fa09288ff833eeb111cc7

SHA1
4fba1d46d43eeaeff48b8493245e5cda953285c8

SHA256
9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a

SHA512
f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\J3O4MIS0\common.5dd7cff85de67632bfd7[1].js

Filesize
743KB

MD5
cd8d2938dfcc295d8d63f9e40e79b3b4

SHA1
08a48c71162cb94c0a4737376c499de1b4666a90

SHA256
881c2664c20a836f6784a1db963fe6f69f5809912ffa0b2d54ecc1361526e922

SHA512
fc252ab5d8444efbc3072b1101c7ce89f91cca35cef475eaa3c28b33dc746aa36b6ac82d1a6d896a975a3e086d8e73882af29392d1235962883bf9e7f0feb590

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\J3O4MIS0\microsoft.8aa91a5fe4f5d8517ae1[1].js

Filesize
142KB

MD5
1b4bd481201681e6e6609b4e84d91900

SHA1
712b959a52f424694b3fa5b852c3d7adf27bc19d

SHA256
ce3eeed6a430adf998eac68138d70e1d064cc81a54274c00b71a22f6c1e0b2b0

SHA512
e844c8e156b94fdedc70830471a4b8cd095926c0a0e5fa3c2685b34a7efbc8d2bfdd662513f46a2021b92d46289ad25ebe7b54d3885c438ea3d4fb7cfb17e5fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\OODMTX2L\otSDKStub[1].js

Filesize
22KB

MD5
4ab1f8890d25b8991347267757b97564

SHA1
77e0c938ab737969ce4145a0f66f5218d640a0f4

SHA256
b0729bf573f57578c2197be145663a338b0f265c14bee646a7d2dbde4b3854cb

SHA512
a57fbc16f30213c0ad1a0e9bf030da87398d7aeb3217b90946293aa8aec83295a40ca6c2363d65452db4bd0d02c1fe5237bd93e037d975ffce3636a1292df9ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\XDEV4Y9Q\vendors.c47bf4f4981f23895ddb[1].js

Filesize
206KB

MD5
01cd3e668d1acb88b93ab929d450ae63

SHA1
f44e64fd07d828ef0b41a127faf5fc4d0ccb7515

SHA256
76d32a47254928b038acae6e59dbad89eff8d7126eae4391a3a869a3ab6a4eaf

SHA512
b8c1db0645e3aca3e5953724077fa2699216e1f8f780346fba8bbe27f1ec2d8c7bef62dba1a88d3cec8db445418bdc7c3307ac3bf84abfd400d1f1678681e368

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\7WW2K1G8\www.bing[1].xml

Filesize
97B

MD5
6e4b0f925230fe9e9bc5667e7bee2ed1

SHA1
15a2153c4af7aba3ac1601bc87728bfefd5e1431

SHA256
b52415bbf9c8d011af954ee555fc3c34c000985baf23cc3427112fa32f0b094f

SHA512
6eb8b75c908391c6640ce37d1f5a905532ed6933003cc495a37da5edc0567d4504b23323c8f305bca628b7a07d9e18f35a26ea4f7111e3eb1360f48d9557c06d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\7WW2K1G8\www.bing[1].xml

Filesize
1KB

MD5
fd42c4c7f3e89be8bfe0e974f0136c91

SHA1
457eddc8986e29bf712c546db76d74e7bd030294

SHA256
cc0d760145392b80c4cfcfe2c08ad485c3c7d53cd952998f5bec868d02b535d0

SHA512
87d0ad4074597292391c0dfafce0a3007c354f542a5036dc4e2563760b356af5fa36cda9646fc25ca7cbec7aa25998f80c17856958b926c8c793acbb2b6b968a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\90MICI13\www.msn[1].xml

Filesize
485B

MD5
5126ed0797c253bcb9accdf6927dd840

SHA1
a20866832a919113b2467dd809aacd8f94236ad3

SHA256
687caea640d60238966a7a2c7adfe8356166d0839be3916bf1a55923a60c947f

SHA512
3e58160f978253d10e10f403b3caf91fdd4ce69c23af03dc4d8726196c7ed0053bc9821de29ae1dde59717d655a1f40a3e3a9bf907b9fcaa5ff6e83890478823

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GI3E9IBQ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TDWLA2UE\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XT2JA7TF\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3C93D2AD49BDC47B.TMP

Filesize
20KB

MD5
bb236cd25239080d444c33de8ad484ef

SHA1
1bd27318690c3ace3719d05acbd00a4ca3a34cac

SHA256
ea7441f082bd0eb1586ea42e3864c869b89041e2ffa8621003fc33606c7f22f7

SHA512
f875a6b17ed01d9e883e5173eceb9cca5c9ab260160da5e4364846e2dc0de7ab96e81ed366254c1238bd70036e93bfd039094a5b18f381b7a88f88ef28ad09b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrzjJ5llpyk[1].woff2

Filesize
21KB

MD5
a1b55be91533b805029605a9ac9347f0

SHA1
f00455b0ad22b2ccc4d1a169439fd496b1288100

SHA256
3a23a9e9355d971a976d00b70d8dfee439256cc65c83262a22fd5eb9af640b98

SHA512
05542f5c318bebe58228eaee4d46cb95272d0e57c1bf0ee9ec37d55f5e3420dbc611e2a28ae82aa736a65b6a247013f27bf21d41f48e86d118a83e536b6db14a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\G2A Method v5.pdf[1].webp

Filesize
1KB

MD5
e8d8640682b904cc1746d2d2867b0bf9

SHA1
ca4eef9feca7d69049c80da1357ca99016cde07f

SHA256
48394cf7e0a6161e1ccda855f9de975d1d4fcdac915da46ea9df23c5aaa973bd

SHA512
45c7020fe21f5cef4b4d4c4cb123def197d9449af45c83f27214dcc9b58b50c8ac67c01b994c76468fc6f2c62f0beba24639b21eed16bf05f229220c9693e710

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\cb=gapi[1].js

Filesize
206KB

MD5
01aca6d674132913ecbc9db2b2d9ad03

SHA1
c9fb646739e2ed2e18869867e3fcdd9364ff046f

SHA256
f41d574aeffffe2094c610397398b37da40813e31cded45f92037c49295f4d15

SHA512
c96ab1a80f2db279ea53f8bedbd1b2feb17c3ac7ff29181235883d78b065fca21c59c832b04bb6c50fc6cd56287f5fb7977a1d9a2dfb5c7ac45443d86f56bbd0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\lazy.min[1].js

Filesize
118KB

MD5
e5fac0d6ffcaadd75020efbe09518d4f

SHA1
53fa589e878139d9f88cdb009b7687cdb697ddc6

SHA256
054479d12c972e67b68e356ff809d63fafefee27e1c4bebee6be8b58736f2878

SHA512
32d486f4cc518ad8cff4dd603caae59a82b6d5dce0e4b9ba095392f7d8e84e53f7b368c3063dcb476fda3c8d97d9a3eed4ebcdc0d6220ead760d37ef324f52be

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AHDF3J57\m=_b,_tp[1].js

Filesize
186KB

MD5
a387bfe4373f8bafb7c3e1f7a32c10c2

SHA1
c1c2f8fa561b4c918d18e7f8e1fc0c5c461e09b7

SHA256
88fe11722dd06573277dc7b0e522f379fee49cc15ae17081dc214b24c96caa02

SHA512
07a3129dfdcac73103e03588750fb220a8f34198455b8d64889919fc4cb16e1c0c6cc78b06eaaff6c580ce513b16861017432e73c777c16973fb04bbbc3f8869

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E9T98K4E\Chrome_Owned_96x96[1].png

Filesize
6KB

MD5
c101133ecb2d66f0ea98131267d2a10a

SHA1
8c038b9b39fa23e0ad2226f0016bf51fa0b86e37

SHA256
e3654539251df82d59096e81c875d1244ffb7ab92dbf3ce26f63f675121d8918

SHA512
751e9bfd75d1685a490972fe0d40fdbcda97607f6a500d051b400b002ed8c1d7cf9dab019388b74796c9afeaed4e317ac6b40a7e936d234536aeb0cb6c0d8434

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E9T98K4E\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E9T98K4E\callout[1].htm

Filesize
31KB

MD5
45fc49e8ce5704aa49aff7e9563f6f25

SHA1
910977aeb869fa50d9a66d640ad4ec63c0a23a26

SHA256
35f9a8b3e38d5088ae3ce4a269860b8f9d87205d83900a7bf8fac416f2d01acb

SHA512
56d923c505e6e9ac529c4e1d8e58ce03da915de26a1de3a2eda962e82834138fa31e4a61dd8f8cdac51a501906bc57f35715409a9664f80945148c5c641f9510

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E9T98K4E\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E9T98K4E\css[1].css

Filesize
800B

MD5
567b2a9c2ff51e07119f91ab83539d8c

SHA1
c9bb920b539877ba8dd54b72461b5ce74e98aad8

SHA256
155036a4145981ebfcb13621ed3579dce388b21a9b24d35b398cde98ddef0bee

SHA512
d4253d572168cb7260da40174ae184a49bef79828de91397ed0c2cc9702872a512cfbc8c3a038e8b0a0e8766fd83cd94196156f4b823cf211c1719892ec22e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\rs=AA2YrTtu68wU8rQSEu1zLoTY_BOBQXibAg[1].css

Filesize
3KB

MD5
48f5c818894433670d96c3583ee2aa3b

SHA1
49be98e9c4dadcfcdbec38084c07c81ecef7469a

SHA256
0044ba73ab1aca417121434dc303867366beead312f0bbe2a1a18d9c397e12b2

SHA512
18d2d44dbfd07292d4b0eb6a08dc4ab22e6b8efdc4dd17dc30c683c0913eac27e0db7afacdf50e545522fb2ad1468f06af96f3ce8ad09872711032adac038b37

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ITC6F7XX\rs=AA2YrTtz52bnQKD0_FuEioBge0VOKV8DNw[1].js

Filesize
227KB

MD5
780c670aa2efdc14e9e98bc130d4f7b6

SHA1
672d29a5d24e110713e075eb465a178005e361bb

SHA256
f1b89f7c47403558459fe7a8e1123cacd63863691c90654981a3ce27a6219c54

SHA512
29131bd3b780e0cd9b1aad7738c496823a154d31f4c7b1ad5bf468f203bf98c4382a0f37c1dc9e8ee3ef764d0568f173a06748ba90176657769b079c2d8cc4ef

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk[1].woff2

Filesize
21KB

MD5
3300ca07eeb9979e159cf81c36f4b41f

SHA1
b904a403892ae08aded7ad087c9804f926920f2d

SHA256
bf7fd548e6b782afc630d74d28dc23043f5f7f1c4128d205369071830c878308

SHA512
d15ff7346781a7a0544d1a712e043d4e3d02f8007cb2cfd1245c916b2af1cea642b4dc3ce99509936fdf78e6d673743cdb0dde607386bf76166cf4ecac2da754

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk[1].woff2

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\cb=gapi[1].js

Filesize
122KB

MD5
7d41ce8af12a1020f76d0d4620a30b79

SHA1
913cdcd6daf53cecb2639d9a451c4f1f88071d9e

SHA256
2b4ae5731b6361fef2a0b2ea0d005ca674d5cfa837628dc8acf4140b2c8b3843

SHA512
f42cd6041d26407cb75ab57788a71aab626d3a94c50a2a4a04dcb6c89fb728695c44054c0dd79e3c2824bfa9188d6ca8e7a3cb71e6eef7f645f93839147ae0f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\m=MpJwZc,UUJqVe,sy6,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
fafef991b71fbcebc0b6f7e2bd31c913

SHA1
0077d0c5f292a67b9e8ef0d1ccd7303186f9624e

SHA256
d084db6c76fa1c60e8e98d6abba64a4132eaf56cb35fb668e4a49c97a5ee7d84

SHA512
a27e890a9a70d1332ff9c5197f49617ab3866cb5219886758bb96c47a164495b915d6626c08ce4cb07e761b6521c84ef53a30bc83410f775341605ba31673a7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\m=v,wb[1].js

Filesize
1.8MB

MD5
76e1552dae5474a4640ecac9f64db740

SHA1
fde346c7de1ff7e3b13dd641cbd00ffd62387eef

SHA256
2ef26c1f1090ff29c78807cfc696598a9731f7c8a9caacfa6fbbf75987b9e7e4

SHA512
abc306d89df1b33e093755592fccf98912e1d694d034200cb84fbba4f7f15251c0153502baae59950cdcec11daae465b759f184b6cd3b5155418dd5a628c4809

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z96YQN7I\rs=AO0039tZmqueSQoJzpO2J3QiTrdMbK7hcQ[1].css

Filesize
2.3MB

MD5
cb7e0e17413bb2b32ad95ac37db03504

SHA1
561fee87ca7be9e2235f59b8c54972d7236092b3

SHA256
1ebf9dc59b3a486aa2918be8467febfb227902f300b9a49a5be3ac734a7fe493

SHA512
4d91d06e8ea819a5106434332f02ae65adf23475f6cf0fbb54d017216e4622e55115118a63cf3986ff81292f9c35fb5c08f055dc69e41e0d8df2b28c19285397

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
dfbd7f92b7e7c5d3e6b890094c0c7377

SHA1
d0dc563b710131864ed91fdbd0c71ce323f3b756

SHA256
ed8be162dadc5a4d144011de390ff1f98725d9bc624424a20c886f0d9f9d5ec1

SHA512
833932cfcef17d9a8227846cfb700957d7afba7cc01a90057ef406dd95343d6ecf5cc958d40d4a7ab535fa1ad95d98400095284d8a65b2f02209e8420e2760cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
312B

MD5
85859620492a14fcf77d7cdfd19701f4

SHA1
b63690bddc9b965c491054408fcd87a87c9e3f80

SHA256
8e8d8b2fa68447abf53a04d311eea0cc3a47cd91ef411b19e2b9ea43fb364c9e

SHA512
296a217b54c89569fdad3b13a59bff3216732bd42196199093835e8453a6d83e1acf8dd3d6c9515d79ba6e6574d031b9c1113c6c8fecfa523e64aa1a2d73ed0b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
472B

MD5
7d8447301dbf44a2606b95423cbf71e3

SHA1
039aec501cf4c7b2fad66a52faf41d840f970e98

SHA256
bcedfa9bdbdadf406298d9f7850ff02dd3449fa179e3f614434e5ddb351138be

SHA512
dcc857ccf78428fcf2593e94bf900358a833c76ff5435a75bafd00bb299f61a8cdf4b9f9f53961d365021a84449f509618f13e6bf41a0c26bc461abd69079187

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
472B

MD5
18b08b27a0ddf8158744dbe9363a3d3d

SHA1
981b1cde8729122e5550f3cb4ff99bb7843a0f55

SHA256
09b7a0650ab2ab22a7f7396cbcff0e3846b9c36fdd1106835758c239cbfdcf48

SHA512
20d9dd16b837bc7ce1de08e84f28502741ea819c00a86e6fbe07fc002ce989cced87b8218638ee564d9e4415d37894cd7ea1d69b1842822ad2bd0b17ecfd2f29

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

Filesize
471B

MD5
81f352c0db715285a62fbf29b2216d25

SHA1
91ca3dbf15752b132dbfe4fbf22c8dc047dc969c

SHA256
3e7f3918e9d68a81aa57bcec632dad60d1c3b32a69e4a39860b58ff646b9ac70

SHA512
9bdb37aba2162e7c34843d0388c469c28a530ffe6a860a41209d463cc84bf3c34228b60ad0840c08616f240a1580099cfe66d4ffa4ae5fabe902e7234374f7d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
471B

MD5
1c70ec8c9f44884f03f5e8c102041279

SHA1
6e430d499b9be5c8eea974dae2eb9f34c101d390

SHA256
3014f55cca7621f59f82faa4db5d2871f0516020da43ebb5552415b6aa266654

SHA512
81018f6359a3ce68a39d4fe71f2456f010713f860aa9fabea917bb53b771691f9e25363f81d1be712e25133e672e6b2d253ffc670923984f6e131990615c4ca3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a0ceedf5d7a75b34361c3a4daa75f4dd

SHA1
e8d42d18a87c48effa01f9093d1f79a325200f84

SHA256
1353a98289e67b42459010931dcd9eeedae72a6ebd3ac6511cc06523ab6f4911

SHA512
da8495490c9319544a8d0ad039fc13d493f73cbd6335ed7473c7786682e70d3f32d7faa87d380658738a7ebbdc9158bdbda657dda9dccfb5ca515b35b37b0e22

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
359cc95a8b931b34c7cad71447c1bf47

SHA1
f9e8958b22f0a3d961a77d2673ad9ba99bac1d23

SHA256
32bc8d77f19079a3cea8797f5148d0f40143466206f99e3af72788cee53515ae

SHA512
fcc1618dbac0c228eb437217500324a045fe555c1122179f814965bbfd40cffe3e7c22e9a7c8492badf348685d13679cc9a4ac394818827a707e26413ac15089

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
e504477e733b3d34dfb81a9faa5ee361

SHA1
8ae958dea0fc87f572b05b0f0f612df2e1ae6c7c

SHA256
0f2f83554f14900de02fa231de28b926561cd35090f5e798067708b3a0ede88b

SHA512
8171f0795fb508a39b01fbbdd0b0dd3db8ffc5f47b78db3433b81ad70e6bdd8753dc9661d8535d46f3207903eebf3a4bddcd3d40b85337317e47358c2d542d4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
d880df2b82bd2fdecd97f4b942dcc857

SHA1
ad96e303edd25d4f922a5fb1563812ac755336b3

SHA256
abcb0ed64572757bbaeade62e85b27aee3b4e39552f63961ed0f040df70bf2c2

SHA512
5daf07ac7360ed956d046a7790540600fb5c007f5aee02062e0f2e605ab265e673b2d8129be9b3f2f7457d55fb272e71089483447514b3d059f77b2b713926b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
398B

MD5
996725dfc03527b7a0b483139a5ad0a1

SHA1
426a09b2b93a2974c7fffae5c137022518edb774

SHA256
7dc4119e1c44218ebb0452ffa95870fa822142d585c0a01a47f822edc62764b2

SHA512
cc362b9e644e9c6745c1f06782abc79f909050bd89fc4df083479e91cce9969b15f67dca1de5aa1d919bcf4378f79b4f9d8f41515d36d7bf4d030d5cdcab0b90

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
7c2c72780f1180671c0316462bd7c166

SHA1
b5fe5ee7ef4861bad33b237390be914d3ca8e3af

SHA256
48778a10c08c78598c62d040b2a5879da0044a5dd754f1c46406e9f1a71aa8d9

SHA512
1ed607ef052e03553e45362b96a2d47942366778af25c4c0a32338def0feaf22b45280fe748ac3d6f44ef3cf36efc21f477cf4652c7752ce26a508cab972612f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
398B

MD5
e94b85dcfcdf40b67d1d6e4e86af25b4

SHA1
6fe9923d8478827371a6ccabe12ab30be395119a

SHA256
6c23ab411fc13ae9029a4d82035e0d93af981a2c88766121b7f2d6d1a5a741e3

SHA512
a7b11fffbf50d15f69758f13090fcb02bdda12b77258e014e1fb0efc42c39d4aa5d6ea021bc936fcc2f9f4fdc0ff4a968bb67a823d2a4bb7d54e01c4b0be8db7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

Filesize
402B

MD5
d6be131e9347fe96af5d88c56eeb3881

SHA1
ad468d2d433e4e7bcb80519658a9159eec65003c

SHA256
cd79625b5c6587b8b64c63a68e434e8177348af9b71e885a48dbfe91bce92763

SHA512
f7220ace11aafe88de8b898a91058fd16878e5f298e151e7a6d5801a1af01de34acbf1f03770667122053641b0baa9f5d21aaba5ef19e193a74e254804037e0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
406B

MD5
85af46abf960514c7dc80b7038f2b015

SHA1
01c934f29313c9fe55f4dc63a7b4113fa8b5c8a0

SHA256
e29b23a8a099f4f62ccd0b3704b4a1f0738e1bae4daa91b8d15b616d6efd9380

SHA512
e7dcac81f05cc63c6fb90b493691460faa7a7aadc7e28b0263cd83c5cee5062c77ca472598a175b32c80431f4831d61f386b4740474c87e16428df820b89dc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
4248daebfa2d5bd2e724e70dda30b947

SHA1
d955535b14fdeef4d49e09b0f0198b20e15af9ee

SHA256
1d0c093ecb0a24f432d40027d1c6457f2c7e4037f9b14246a659b04b1bc44b19

SHA512
40826dfbc2c619b99f85a976c7c306b416c0a0c683c373161f26d1ca8fff629efe188fec4caf20f0907d0dfe462026c88006fcdda8f0d9675def92c8a1609031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\SiteSecurityServiceState.txt

Filesize
766B

MD5
ca9848a11634a3ec94320fbee2ad77c8

SHA1
695d131375930c7ffdc4ed6d31863558e33ba1db

SHA256
475f660aa0ca90581350483c6851baa8f813d12dac7279228271d8344dad224f

SHA512
1efcb3d31d5553cd88ec4a4ea8bc6ea707fc40b4718774a7cce9679752613418bfbafb6ca61d6836d3714617d3bdc08701375d9b12c7133182bb50e43935eee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\bookmarkbackups\bookmarks-2024-07-30_11_ScpUM-Ibb5LR1l4-7-Og+g==.jsonlz4

Filesize
950B

MD5
708d579bb783ed9e58c4e87173aa5028

SHA1
54dcdeb367c15a06aa620df1559de185668992a5

SHA256
3f7fa0f3a61236b17951ef95bd63347281c40abbbcce937e8fc787d31c8faa28

SHA512
1c7f8b921e5f32d67b1150e24092ab800ca4939993832cc46f43638bdcce380da1e74b44aa2f368a74e5ae29b76ca1e3a20b837517a4f0464b7af53098772e95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
fad162c9a3278155864c118de3ca52d6

SHA1
feefc4ec3a6eb8139f03d338b5469793ce3369a6

SHA256
8d3632bcb1f7f208a820c7932faed4c7048569e4e80ba7e1ab2e52aa36c888b9

SHA512
868b01e1810881d33cdb6a9669728b2b67d2d4873f051f2860d609981ba9cc5695339f8986f894dc11648931ccf84d2ce02844607191d999ecfadb441b547421

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\36a51ef2-d7fd-47fb-834e-ce832abd7163

Filesize
746B

MD5
198e79f1310e23cff8350b1624570fbd

SHA1
653d58458ecb9a450d609f6bf39caaade35eea91

SHA256
0b77d8887264957e83e0ea53c25c689ccda5190fc95fe7e2628942466f9b34e7

SHA512
003fea27a4749cb51925d27d5dbba00b87731908856c298447e2b49afa82b358c851217b857c04f0213c75b6d6556dcece98f8a45c5c244ff58f544c2290d0f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\fa331134-61ae-4504-9384-fda03cd4884f

Filesize
11KB

MD5
405daee9e80b012f0d6539ec2a38f2f3

SHA1
1bc293160539b32f733937c8f8c56a0293852a3e

SHA256
160905c3994a758807448672b65f3b7babd97859249f5ab71d48e007dd7001eb

SHA512
8c33988f9b71b1c1da9f4416c0afb640cedd7994bead6ab2c0805264d5325d103fabbf246a9101ed0020ac61565bf9a68977c738b7865a17f30e14d7b1dd60c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
a48f5fe0ec7da144d787a5d1cff69861

SHA1
9e2dc61c17af7f9398ae0fb8cdb7b032a0682700

SHA256
c85c5296a9b8d2aa24f10ba3cfc963053d2f3f3e56a447829aeb602962269eb3

SHA512
a13b8d7ae35588e41200acbf06b3e08d7fdfc1d284520e476d598c6813bbec662eb7924da566ed8fc12e9c940881f8763931d355321a67af40cb0b8f56828c73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
f1b891fb1a953f458eb0522a1b381578

SHA1
a0d3d202e9f848e3bbc78163d09d30427999f991

SHA256
0e9e3e03599a723a9c40b16d9f049e8007e5e17e73d30f0b8ba1fc72b3b3fd6f

SHA512
39c8c125422801a1c6382942169e72c44c02120655974401719303f2a02c21d6babd25dc24bba6ca1e8a393429fb04f108c8d274e701e8710c8f3ccfdaa50118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
3365736603a65df6b99d6b4be90bda94

SHA1
3c7d483f53e681a7d249de874f52d36ef2d4d139

SHA256
14fba1d150967f70c48d790555ba12e7ce599a84a7d93117ce4ad99c1068ba18

SHA512
defb7fdb02530af6e3a7ca614179c0040f9aab5e168df958ca006d62ca25beb857befe0d5e5df5e42fa5e1f3612b1fc89bcbb00515156c37da4f41aa3b8ffca3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
feb0737a1a88770af4763c117bff0b9e

SHA1
bc882ec58e8e3f5a39c40e1ae977d2ab98b020ea

SHA256
c65a8d42f1ef53a899af0fd6c23fae47ed11e0b946aa5b5e759553e226faeb5b

SHA512
2266f72503cc87ea340f270444edefb089497e8221c338d520d8a0c97eaa5fdd92e5c7e3aac8d1fb7a2f4dcd4c7f4628699ae20445dcf2418efcaec2dd67a15e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
42b4727baba0fbacf7b6e05bf6d115d3

SHA1
27a383367c1070905d4a42f14d3557d1e747d2ba

SHA256
1e3c0f1b87449f3cd88d021a7f3d609ed97a54d065ee9d0599811bc8c5d13c30

SHA512
2c9851c8a29022d1dc7b3fe1fc6f11997f58510f57a51d5ef10a06c6d012d2128921a89e9636c60dca070915ddb156ce3e4f28a8d8599906a9466d62e71132e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
ade813973c3921818b6226f6ecf974c7

SHA1
7927ba35c306361f8456e1e41f29947a8b8e3d01

SHA256
a0751f4473bab456be79449fe0144c5fb205d2c86f9b890698395297a9e20ace

SHA512
d4f9e4d262412fbb5844d78f7c287bcbeed3858dcc1e818069b7f92ef53ee1c94acf933d0a51a71524bbfc577614884883273571de18a36b9d07debe37c46198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
43b9f7f9a9a68fef37e5f69e87366ee6

SHA1
e9fc0ed5bbbb25349956d3e4296900c27177a9e3

SHA256
4a692865548cef555922e0d1f44003b01c234620f332196dd6e6194adee07f20

SHA512
0eea35b606e40877bf1702d58da611f77c38330b04c7faa867b66c15a70f7b8606de5197ddb406790e37da9b352ac466e17c96169b2ce589da231e4ba6d08f52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
f72c2c8a738f1bdd4a5e24326ff248df

SHA1
d60277881f6b36509d709948fcf7ed3ec3da74a6

SHA256
06575a0a693c9e0f265fcf03ee5b6ced4dd922ac999f5d767a9a7d92fb199082

SHA512
7fa2cc3e4f6e6f9c77fc12e188a0ef4e5dfd9079e1ddd2d689669513bd2e512136ac4485b34aa0ed8587c8cd519572d31eb2496b4091e229b6c339bf25c27d6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
c0011a7fbfc84c2cdd68e447969da676

SHA1
5f1d55a377bce8e08c9c835aac5adb31a14d5fe1

SHA256
be12ecb08207dee32e4d9d27f8ad43f53a8e19426daa529bfb776831c743a84c

SHA512
10bc0ef5b5ec8d127657d265c568ffc3856d378c7ccbd4f694b4fc8f47932230371d7fbc8f7c345b426dab11de220bdb175d3cdf1e7945ea8028fe3c46bd806f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\targeting.snapshot.json

Filesize
3KB

MD5
b51fee82587f2fc045081e8ec3b0ba2e

SHA1
a5cd49a5172cc7b09d6de0c7d50504a006aac312

SHA256
33273db6f173ec5878472218c78b0dad92d94c867df345e504962dd0b5e49d2a

SHA512
39a0db7dadd9a754051ec3c420070765bdd585ad1f0f82aa433c67ef766429ba1ba81e9ad2b9ffec1b6b46a8e650d1ad431f530d30ffbdb0ab2cc5dd8c7f123b

Download Submit
memory/1780-348-0x0000027112E00000-0x0000027112F00000-memory.dmp

Filesize
1024KB

Download
memory/1780-285-0x0000027100500000-0x0000027100600000-memory.dmp

Filesize
1024KB

Download
memory/1780-349-0x0000027113370000-0x0000027113372000-memory.dmp

Filesize
8KB

Download
memory/1780-346-0x0000027111160000-0x0000027111180000-memory.dmp

Filesize
128KB

Download
memory/1780-344-0x0000027111140000-0x0000027111160000-memory.dmp

Filesize
128KB

Download
memory/2376-35-0x000001E292BF0000-0x000001E292BF2000-memory.dmp

Filesize
8KB

Download
memory/2376-16-0x000001E295920000-0x000001E295930000-memory.dmp

Filesize
64KB

Download
memory/2376-0-0x000001E295820000-0x000001E295830000-memory.dmp

Filesize
64KB

Download
memory/2752-96-0x0000020457F20000-0x0000020457F22000-memory.dmp

Filesize
8KB

Download
memory/2752-98-0x0000020457F40000-0x0000020457F42000-memory.dmp

Filesize
8KB

Download
memory/2752-100-0x0000020457F60000-0x0000020457F62000-memory.dmp

Filesize
8KB

Download
memory/2752-82-0x0000020447300000-0x0000020447400000-memory.dmp

Filesize
1024KB

Download
memory/5016-74-0x00000173AE880000-0x00000173AE882000-memory.dmp

Filesize
8KB

Download
memory/5016-72-0x00000173AE7C0000-0x00000173AE7C2000-memory.dmp

Filesize
8KB

Download
memory/5016-69-0x00000173AE790000-0x00000173AE792000-memory.dmp

Filesize
8KB

Download
memory/5020-246-0x0000020929140000-0x0000020929240000-memory.dmp

Filesize
1024KB

Download
memory/5020-202-0x00000209277C0000-0x00000209277E0000-memory.dmp

Filesize
128KB

Download
memory/5020-257-0x0000020929260000-0x0000020929360000-memory.dmp

Filesize
1024KB

Download
memory/5020-207-0x0000020927FE0000-0x0000020928000000-memory.dmp

Filesize
128KB

Download
memory/5020-258-0x0000020928E40000-0x0000020928E60000-memory.dmp

Filesize
128KB

Download
memory/5020-110-0x0000020906940000-0x0000020906A40000-memory.dmp

Filesize
1024KB

Download
memory/5020-111-0x0000020906940000-0x0000020906A40000-memory.dmp

Filesize
1024KB

Download
memory/5020-141-0x0000020917500000-0x0000020917600000-memory.dmp

Filesize
1024KB

Download
memory/5020-158-0x0000020927760000-0x0000020927780000-memory.dmp

Filesize
128KB

Download
memory/5020-175-0x0000020927900000-0x0000020927A00000-memory.dmp

Filesize
1024KB

Download