xmrig | b1ac02aa3b317e3da6a33408b959847362e6c3ee1c1cd181953b43eef7fbfced

max time kernel
1127s
max time network
1129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ORIGIN BETA/Kryptex-ETC-Rigel.bat
Size

92B
MD5

634f74bb86bbee797fb3fd78bb981c69
SHA1

dacc178885db2349ad47b9e8d2fb6140dbb7ca61
SHA256

4c42750d70f4097dd4de26367a7ee25704bca438e82476c4e9481246d067b632
SHA512

07d76ed885fefa28765cfe3b6c42213fb43c6ec709a82aa7245c8896fe4e79b7d672fcf3043a658ed034e27449e9921f5120a911cb0a0ce8667d819e6d2720ef

Score

10^/10

xmrig discovery miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral1/memory/3476-2-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-321-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-341-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-421-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-504-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-598-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-614-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-622-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-633-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-651-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-663-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-675-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-764-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-834-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-916-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-947-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-956-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-999-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-1006-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig
behavioral1/memory/3476-1008-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp	xmrig

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
237	raw.githubusercontent.com
238	raw.githubusercontent.com
307	raw.githubusercontent.com
309	raw.githubusercontent.com
310	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5776	msedge.exe
5776	msedge.exe
4604	msedge.exe
4604	msedge.exe
4176	identity_helper.exe
4176	identity_helper.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3476	xmrig.exe
Token: SeLockMemoryPrivilege	3476	xmrig.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
3476	xmrig.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 3476	3876	cmd.exe	86
PID 3876 wrote to memory of 3476	3876	cmd.exe	86
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 3848 wrote to memory of 4792	3848	firefox.exe	94
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 2052	4792	firefox.exe	95
PID 4792 wrote to memory of 4912	4792	firefox.exe	96
PID 4792 wrote to memory of 4912	4792	firefox.exe	96
PID 4792 wrote to memory of 4912	4792	firefox.exe	96
PID 4792 wrote to memory of 4912	4792	firefox.exe	96
PID 4792 wrote to memory of 4912	4792	firefox.exe	96
PID 4792 wrote to memory of 4912	4792	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ORIGIN BETA\Kryptex-ETC-Rigel.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Users\Admin\AppData\Local\Temp\ORIGIN BETA\xmrig.exe
  xmrig --coin XMR --url "xmr.kryptex.network:7777" --user "[email protected]/WORKER_NAME"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15bc9cd-c92e-47e2-9a94-86395db49c9d} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" gpu
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a854738f-48fb-463d-a462-b7144768ec43} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" socket
    3⤵
    - Checks processor information in registry
    PID:4912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3080 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31fe191d-0fb7-4028-b300-4a70f9fa4c2e} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3668 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8abfba9d-a754-413c-98b4-bbe814c667a8} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4412 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 4428 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38ff04b4-5e02-45f6-bc09-1d5863cc31c7} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" utility
    3⤵
    - Checks processor information in registry
    PID:4312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5200 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8020d76d-981f-4f81-a62d-1224fb55f159} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a1ab699-0bfe-4d08-9098-4ea9ab038845} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5544 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4e8f1bb-68c4-46cd-a981-8661a70d3eec} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:3808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 6 -isForBrowser -prefsHandle 2764 -prefMapHandle 3576 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e55ceecd-c75f-41c1-a3c3-3bf0a868679a} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 7 -isForBrowser -prefsHandle 5952 -prefMapHandle 5964 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e313795-a4b8-409a-9b5d-d0781b089b85} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 8 -isForBrowser -prefsHandle 6256 -prefMapHandle 6260 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a29475c9-cfdf-4fd8-a0dd-03b8c903a070} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6432 -childID 9 -isForBrowser -prefsHandle 6328 -prefMapHandle 6428 -prefsLen 27819 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a3d311-30a1-432a-a460-f4191d315b2b} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" tab
    3⤵
    PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff82a9946f8,0x7ff82a994708,0x7ff82a994718
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4311199228421446635,15188216753104811167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
e35339c6c7ecfb6f905814a86caa7882

SHA1
2380f4be31da11f9730b20b1b209afdb42bf7f24

SHA256
3f2b391ce2229a0fd88b58ecd0e56b1113fbf27271411a28016394eac9df4984

SHA512
3cf03b85d72d40aa516d1be4315684f932437cc93fb332695fe069cd590b43c5e96c6b10208ec566c9db7875246f452b259e17ab567a4075ff484748070b8375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
1abb5fcf0a5cde337f571d01815138ea

SHA1
5b497176ce92a000121468cfb8c73607ad8faa40

SHA256
61f6285f6d41defa47b4dc12183a4c43e76e69cc4927aa55c91904b1bb8502b4

SHA512
0082bad0d20696c64b23da3d802c300a7ec661687228f1cf025d6f7a8e3178ff1144636c2c2c2da3f809afa7239ffaa948488ef8d2afbba97bcec59eecf11e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
21KB

MD5
94a66764d0bd4c1d12019dcd9b7d2385

SHA1
922ba4ccf5e626923c1821d2df022a11a12183aa

SHA256
341c78787e5c199fa3d7c423854c597fd51a0fc495b9fd8fed010e15c0442548

SHA512
f27ba03356072970452307d81632c906e4b62c56c76b56dfe5c7f0ea898ac1af6be50f91c29f394a2644040929548d186e0fbcea0106e80d9a6a74035f533412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8fdb74b5b7d0b769d0ae494e2132bf6b

SHA1
12c5d1cf66d6f9e668c8d36522466ab99a8a029b

SHA256
fae9c144b3c55098d60188adf22a23f348cdc60a9cb38197be3ce959f22deb4e

SHA512
b0e8dc7e7c2aa364f5b13c6649ed6da8a07140a489a46eefb3ad29f6b803983d6da833c8b3416dd1d7745c86280d1f39502043f1d84ea37e77108a6a5c781a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f2e212106101ac0badb6bca12c44243e

SHA1
ed8f20b44028eca1069a52d210f851dacd95cf6c

SHA256
88e9318fc001c584353105c2b93a4655628e9721e77208c50f1a539180a664fe

SHA512
6b55a900d24a7c5bbed358ef31bfc3e4222f7b63d29e8dfee22261c0e13082b2ce500dd03e15be4fad5bba49f8c58bd5ae0625dd1b9fe035ddeeb035f594fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
8bbf66ae9ec386af4152e640d99ee79f

SHA1
6eed11e2861ec6509f508ae7197d0338897fb869

SHA256
63323b56c49b79c0cc4e1d4860f2121f462a4813f256a028c777604470013209

SHA512
fa2ca0c0a7a8f8d3396001a6e23113ed50d54ae83af55b5b0f4db40fee7d04590eb316f315eadc08677fcb6a731d9b662d1bff18faea70a66f566a1136792ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
61d2dfe31bb335f9726219dcad8236da

SHA1
a234c4fb48ca5a7d1bab98626372da8c3c26f6a0

SHA256
c98d1250cf16ba4c28965be3c5d6270fe1c020194ecd06fda81ea2a0896adeac

SHA512
59c189c6be2098de4b7d27c14a9272e9ecdf53a20ca5f4d7d9ac0e3c4fc00a15aa8b6c7b48aae45adac687e468bc9584b81f3104bfd1a288bad42f8705c59162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
922cf5203d55612064ad6357f7d51556

SHA1
54fa896823bad6837a645973d1ff90697505ef4c

SHA256
1ba348915854f7fd5be5d1987c9f934c0f534cccc54462d8c28975da5c6b5581

SHA512
2a900b38b470fc4a46755aac85a173b2621a4834374a22f7ac3453000a2a0129a193a8eb0f66a36642bbf6565f5519633415fe408aa8fe57f4642ade23c883a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9d166efd7e35910c21cfb9acf9bb436

SHA1
9efa3b0bfdb5517a015b1cc61a6eb81db02f398b

SHA256
e87036144066c198c8bfb274993aa17f471ff5e4b6026bbc9db72683b7549e10

SHA512
5857d809ed870a4b4e5e43ba13ac7658d4fe390c4f9abe626df042821004cb8cbaa4ee033c4cc460b2c2c2e084832625550893bdcd0f48ddb77c8337bf88679e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c5611a0ed5bf64e7212b054bf4701a8

SHA1
ceae54ec8224aed7dc3d47c23f40dc5ec1d5018c

SHA256
37558a8c3ece4cb33f9c4f69f57f311b0fe65e0b6f87e7f6b52eb7b192549925

SHA512
c0d84b0a118dc6a7e1a59cac79f8640420bb5753373d0744257da6ea927ab78e5f025f7e608d2843621f17be47c2f79bcd691109ce23ae0341a9e8cf1899e3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f73c4fb9ea1398381ceed3a1fefdd3c5

SHA1
5b708ae408f5e0e2217e0082c3eed7b74213a1bd

SHA256
503d7a9688b34745a5611217dc91a465f88cee6b965a5fc850aaa4e9e561dbfd

SHA512
c44cc1dd2725d48bd07b1a22f6e96fccdf06ab1ab77b9e0cdfade3206c0168b6f18e7e5edc3f535d6fe601f374655f968968f216ec8c154831764cedfa6ccc38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13b61446e993ad8093751facc31d40b7

SHA1
aeaf8e55a2fbfdd584463d7e348bc2761ccce048

SHA256
8a42f9f1ab429bec1dce7ee6ffcd3dd98c66b64cc58d4c2f32ab6c6ce296289a

SHA512
b194570b0e4080d963972db09210c72c1fd1e890762229eb120a6ae7ef619d4c2288d274c3fbdba055dd1ae00b3805ce0a40d2d42f388177f176cc8741c5d970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc544ab3f48e4e31441bab6ef8d42734

SHA1
19a23eb65a54b38443af08a32fc78ce8fc87c740

SHA256
f240b12cefe08c888eac6a0d520061223fd41446d7ae4be85ed6fc37c727734a

SHA512
4385a2bfe61af4e6dc70453f10a4806c19f1b6e710dc5f314e8c0e0a0dd99ba4a3088e3a84485bc01edd437ceb3ca324473303b9fde37fc5e29c5973585729bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20dde1902a41dc5157074e75e90f9d03

SHA1
49a5023cc3fd66f4ffb5b2f11c4d14195e185e40

SHA256
c62c5511df0cd4ded90de03439a83ae7777beafc00adff65d22a0e96684f917e

SHA512
e41186783c4289ff399681a88b1a98a8df0a98eae193a06bad90b7e1ef80136b5acdc7118b9b921a1b826316381e242961ccaa4e2abcedd92e633b9f100b2e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06f193fca6e09c82887e3fd9144bdaf6

SHA1
160cef2cdf2a8f3e73c1549728a252b5e138b721

SHA256
4eba033b11c389e06cf1e4858facc7ccf2637e20e135c50c3b560741d0e593ff

SHA512
a90559e0f7451b95c360ba5e515f113b7bb831be2b1fe00ba37074c4c430734b3a9d3a1a300fa3bd87a2dde28ea24fc13e4d60cf026081530c460e509d280684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6073bc1dae35c908f0a8aebdff9922ec

SHA1
4376d2fd1ee9595b46e089bd34560ccac042c08c

SHA256
994bb93a9525505b0e4f71a829e49741517673d18b4148bc999b99b76b1ef4dc

SHA512
b0d35a7bbf7d2ba8a972444cfafeb3b3f40e4bb3b8fb5220f3099159a18b1b99068e16e136209222124c8948b4281d54a9d3b2e15ba0eea3707e614b60b5790c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97df97319dc5c32a93aab6866fc50fe9

SHA1
a1612e57889452d6335dccfc4af8e76a3045799c

SHA256
7c6b523d4bfa0514229ac7523226778639c2755bde7f12d0020930be3a30830a

SHA512
6fa2228a7b70d30be6338a5d6b55371fc36a110e91c40a7ac26051ce0c787d8a1825ee918594a60f30b96312288cb55dc1efa154c01423234cda50ba0f15db43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95e62c95e2dffd2860abbc1db60a1001

SHA1
20789aa5292537ee3dca92aa110c557aa0632e52

SHA256
37232a6ea1136e0009fa84fba3e3eac88938b5da389cb0ffb9614e57b0938766

SHA512
de403b8e6348cb7b6a74d3cc492632b4db03c25445f343f7474f5ab53c530330140c9ae483fbe7af3249a7947e4d7f7ab797cc611bb4021c884e8dbb9ac71ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5997819e8fcc283707701648cf8013cb

SHA1
8d5adec73d0db09e44a0829d56763d98465eb2f3

SHA256
a9e9ad2183df416b9730d036c07408a3440def6f30b100d92b330799e2206b23

SHA512
369d20f3f1d8c3d41ac04c866f39936e81064e4cbbb46072f1189a854db7f351efbabed59cdf26e6573bce9a3fd5bbd0d6ecb7b52e9caf3215b3e04f5de5a4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e0a60373358cc5af7805c241792f1cb5

SHA1
66a32e866ac54bb0194f8f296db8d6d4edd8fa91

SHA256
bdc7cc8851c5bbc747a7f4eebc915127fa50a85c568d5a5971776d246eee7804

SHA512
df4f29595e2ff04af323d1c2d7021884d76af210ef48b2eb762a367d2b1d9f7f67d34d7d2e8e1baf5010da7c2e84cd8ab2397bac57661cbaab2d037b9f53b307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08b713001b39920572951e8a3bd68b42

SHA1
61ccabb483263bba3afc125b09e75981b4be7b04

SHA256
18e5bc5ae73f7a4da591bbb30afc6a01972551edea2dad578c3c77cda1a8dee7

SHA512
eaefc8d2a401cbcf3ac48601ea02854dee6508d0889b942d95fd8d6c5d0921a4737f3eabc51d24c8a2cdd1b38843501a1649c505707c4e14129c35158a0dbcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d49d274543bdad2a8e42cdf49be6f26f

SHA1
78ac3a6318cfbafe7481769e0299eee690361ca8

SHA256
98056596d16a301427122105e7878a29315c3ebb56bce1a53b3547be58a65902

SHA512
a5b6c8dbcbf146962e1f9bcc93272ff819c9c080ca39c19b22b4b9d904055b4ae77c90e5e0854569cd8ce08d14ed68e255cc3e678c3ba30693ed2b225937226d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dbc17439a3ef40c404070b00cc0bc140

SHA1
7c119b0f6bdb0d0e1cbf9777ad3f1ec1fdda1864

SHA256
08f9cf91ed4ed4591cd3b293f1c304b7c7d6760b814344767955e2c5becddd9b

SHA512
4afdfa4b1a8cf08297409198efa7b340f43a4e9a715f7f5ded03d419111eff724709ae09eb4166a09ba03a889bcd975e9b6f0cdb3c2010b05f3a1c8ce872ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8efdc897e7902b15b5d08feb202e0ab3

SHA1
1ee33709407ca1ce4ef71be6942c0e96f9c68248

SHA256
64c8a76a57a6257fbb19e806d206423d8be8ccef03e12748b62d329b3fd12c79

SHA512
dab8db608a3713f05e72c75785b4bbd2ba0db397e712d825f347d714325131b72df1ca89ec211d1cf72357500fde1dbefa1bc45722155989d31c90ae67c10be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5be1c1.TMP

Filesize
371B

MD5
ca1b7461018c9b1d133bc544205733ba

SHA1
c0c9dc1a05ecb10164bccb0a3409483a863905c1

SHA256
e589e89b26f07909efcca35a016852983636fca91eeb356d7472307da47e8821

SHA512
15620c54d53c138f535bc8c139c3e5b4aa301323f98bc25f967e87e8b957a10ce17f1c4a0dcbd31307e6c39ffc118de525c05d2c748b9b2574aeca58e3283bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
092c6d2651cd8bf391b5cf9c517a47d4

SHA1
b0f006e9c9369c8ba6e622b28d1359cd9a352d76

SHA256
11ad7c8b018aa2e70b5d6b1fdb6a07f71c9b4987131d9b14561a5a14bbb87f37

SHA512
2f031f1e69ab86f1d4d0997b0a5c3e05353d5b449bce1460df4827d660dd44993dd744a8bbcf95c880252b921e8997a959cd7ec94288d7ff5e305c635e568bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae6dc081d962279f2b33a298fea4f80f

SHA1
515415d6d9a981663fc52896c833a88c582e580a

SHA256
71cbd92fc73e89bc65efcb7e849076a3d595beb1ca0756a664b34f54e54b4686

SHA512
8b461f14e56a9f30d1ea03aae1d4b210d779d244b1cf69eae926a98f9eb8588ddc152c9911e2b1832a9cc5a98aa05c46cd826035a1eb483e7791f3cba4a4f2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8358ed1231844bd1542016d73f72abc1

SHA1
d020b084f2ed1d0041716bfd7794a50319362e62

SHA256
466cc60011fd8b1d8e5b10bef1124d77998f8ae434f86b679b468b44c34593c0

SHA512
ac49a1b401fe26de668b253c33983543d7ca594a82e1b2fda32993ffc42e309f46b81245b8a7830e99eec8f7f341486434f212f57c18f628fbeb96e13b0e0c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1a87d924af20879b59c98509ccde22e9

SHA1
5d21c3996404c647667a0f8ace16f4cd30745c59

SHA256
dd16913b4ed6acd8b12752d9342f1a9c2f37cc855384fad96ec7a8f5415080b7

SHA512
a9f0bf6652d34580fad169ad4e4af27267a359a4d47d37c9529cb01b9b1b65bf86adfb92e3422d922585bd60dc2484f0f8f598b7a1f2e519fe135fb964c785cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\12A7881005195A37E2C8F6FF6CD3D85EBBA79522

Filesize
15KB

MD5
2aa41825217186aac563ed658e8b9435

SHA1
028adbd2c0cb7ec072e5fbab539623c1987d15ed

SHA256
619a8c28472400031aed2b1421f999f425b608b7d8c1f4cc4bd775ca5b3d5652

SHA512
e34d52e21e16cadf2b704b77fb1365bc5ad5b5c77d0acaab6f95cd9d9fdfddff261d1c322609e6d375f9847d290d5980c0ae3c6fef0942c2e868f0e81e6b641d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\131B0382AC0FE174C97A7E1BF09DAD518EE3C261

Filesize
61KB

MD5
083521ef6fadc4c8d3fed8f162f77e2d

SHA1
9a4914316842e539e1542113b8a42e80a90c2792

SHA256
20858e44abdf7b67be872b918ea9f3f5d877f6986f03364c0883542fdea293c7

SHA512
493b8ce31a82cec3956a779094b69638164a74291a48195441e1a6a30e9a77de609ed1cb46feeaa9e40888f548e63722023e6689e694f48c199ff127cc94f8aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\16D3E6A057A124E8E3BC96689FCEB5904949EBB5

Filesize
84KB

MD5
6aacc3d9c22d0ba6372d39f6c3b05114

SHA1
07a22d40631b12a4bad9e0ce6731b7646801a061

SHA256
280fa6b3c15e573ea398a729b117818ea68daa790d8ed723d7d1cbbbbc57b486

SHA512
ae885675fc2d609b56546cd6a031addeec7ac7e808313430597230dae790ed14315ebd6e04cc0f0b01e2125f8108a11f4955bd42dbbe4b7a6995d4aefc6c447b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
16KB

MD5
f8201c5ceeba624fcabbaa40a06d2138

SHA1
a07c7a4b8acfd68252e4df89bfe5c1b1b18915d0

SHA256
3b8a3e4766509f3eb99b92b2c4bf2770fd4738410507d1e366cd86ac721aa74d

SHA512
2082defbef34e7890717405e8a5945aa3f43eaeb87ce7d323884e8b4a47e97b2f7e7ca23beed2623011fbbd852ad4b5bdf06ab5b54fc7f17b627d7991083bf6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\3B5769283C179770F2CAA780FDC2929B4B9E5038

Filesize
71KB

MD5
d1cacac1246560b5958e06ef88e54ae3

SHA1
36ef9a5777c7d3772b27f6d95fb0f720e8e73ce5

SHA256
635c5c81b48bb35f337c09d5da4e2295e3774d9c1ea2f7276bfcf210fe24a403

SHA512
fbbbe27ab8f674d77f2d2a0620eaa9deb1ab69d0128da3de365a19148dbd7710202508b57b0313f4dee85cef560ff6791b7406871a96593a25575eada3df5764

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\3DDA16BC6DDABAD758EAAD1BB9028434BF62D323

Filesize
76KB

MD5
4dc96800f5505c19841c2a23a2d567c3

SHA1
b79feeec8832322b4de7a5b4167d6970722ea09a

SHA256
af48fd363afa89c396f0763a69cdb617c83affb26155fbce627ad8cc090ec545

SHA512
5fd23aad9cfbbb01a60594bb7815c4b2b2a9b9dbe8b971a2192655246979f3235ef6dfaad0fc22b836df1740d00e10e4a591ac595e445775934ff526dd06b4af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\4581E80964B1526EA2613707C014EA4C804C59E7

Filesize
91KB

MD5
1c420afbe69902037231b408b886b2af

SHA1
c89b3bcdd88fac18d63acb95e33aa3cad6318a7a

SHA256
397b222dc35207e7d613dc48e0b38f60280e8925b46e01c4ac41ce39747c3feb

SHA512
cf28ba95d49f386a6c3edd0a1b5b9f19ad70deede16fd8c82ef1d973553a25624ee47baa976fe2d10353e973e9fed3d673c07f0ba3d1379deb3cb7eb3a5b688e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\49317B15209D072482CC13CE94CAAE87594D3349

Filesize
32KB

MD5
b5d8f95a2107ef11df5f6b8a0f52476f

SHA1
cf535e3a51e3254c267a8923db7103dd405edf0d

SHA256
2fdf6c5196c2a04193dbeeb1c2577da9e35a06c97f5b26bd68711c02dd603869

SHA512
7cb6af7b4b4792872b52147dd683d005527b98bb359baa2a3cbefeb6b9c2df1449724cec6b7812ce1af30610cf4e709e2f4daac5c8ee412c39b4d75f4868c5e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\6B4DB52338644A6A772A175E61E5FE1628EBC513

Filesize
77KB

MD5
89dcfee06ca1e60bb49f4e16ac1044e3

SHA1
a835c3ec89d88c889f46986c932081a118476557

SHA256
091f5bbf8bdb2853fb9963ebc06332c59604944d399041dbae0e9dab3cf7ddb7

SHA512
e9958e4295698e670ddba35507645d3b8bd8e12d4089ac846476454e7974f08862c7b4361b2f3c5947b9c483d9723ebdce387ca8d25162531ea46b26a10713a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\78F46BFEACF3898E8940DFE6C8421DE8908450EE

Filesize
76KB

MD5
6332b8b2fff1ffda9a4f73744235731c

SHA1
64ba57fe5331870c984554e3d7e881762ce82c85

SHA256
e78b50e37563fdf42098d315d03cee312b81ede23dff0325b9f711e1ec698d86

SHA512
fc78e892a78d0df070153fc1a65c5342cadb525bd9b8b830cbaa3b2e4e5ac280952097e13824082185a1f431e6887c833352f7579eeaa928338e14f1965d4400

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
85590deaa3b4241f793bda0bd10f92d7

SHA1
d1d5b4ff90f12de37e683d8a43c866caee0248a5

SHA256
1084f8c40f2a104c273445543d646f2ea7a3ee52bdd3eee4392647b65596a92b

SHA512
3ce7e2cadc58b9b96e722bc05f158e3ef4cb923c3e198f78dc1dd42de3092a85a60277968c0deee3ad1cfda4f27a045cd0626a85ba2d83c94bdf8fa8dd86e756

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\AD8185C100979BEE2403BB5F3C0072BB1D314C2E

Filesize
71KB

MD5
367bd37b7e9664bdf44dab4c89142cba

SHA1
48d24e02a6b9e1b7439a8de0e8b5df2cd501cd2f

SHA256
946810215742ba9ee159d12e66f9a16d24cb07b0f844a77f35330315336d4648

SHA512
e5edde3131932c3917eb75e822db54ac31f4257ded393ab6b1b8d05dc752c36bd4f02867e2daa2147b78087ecf0a136f1c9b5a3e694f584daa2c56be20bdb7f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\BA53031A0BA9F7163BD9B09B6CC867294FA2A699

Filesize
17KB

MD5
008a8ac3bd1b097f68f81161d05789ba

SHA1
37258e96a950c97041be26c165d69469b4739278

SHA256
e3175c666aebcdcef83bba89eb1a846765ec2768a03a6e1d5ebbb119b45575da

SHA512
6b601f9b2832781e8d55443524d37d02528e43cd6d5ea0b7d16e74f5e07f43cf269dc3226697f7fce9be2c2080dd52fc133bf4faefb8536d86b9a876b6d21a52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\CB7512F77D80416E61A7D9DD3B37C5DF076B03EB

Filesize
47KB

MD5
27dde79c4aa5b0d2d2f12a9b9dbe4ee0

SHA1
9ef8557236379c0e116d43c80f15ad2c846f89aa

SHA256
8d33ec4cad032dbcdfab121c990be79f890213dbdd220bb6cc7dbc59f082f80d

SHA512
1e6d9eacf9c1cc67e5d0fd748efde43c71d021ed49feb3f729dc34a2a41eb253e4e79cfb989387f110240f9e53906ecff3ae2437f2bf6e58a94a7a4b6ebe922c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\CB7512F77D80416E61A7D9DD3B37C5DF076B03EB

Filesize
60KB

MD5
3e9964c2b52f09c899949ce39fec8f1d

SHA1
4a13d614744903e0e0771a3c06030185a151c2a4

SHA256
64fd0ae9cf01c0b5d954911ee949ec1f560c5f3b826b21d085231c287d549e0c

SHA512
e7c7c1c409c1ce5612508ba78257c6f51e295e98de53048d7f4b8567e792d4465e62db9b0c28bcd3a1a4b4748796251abbd8c72e2e4c01ab9807d5e1bbc1e965

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\E0CF0B7585914EF83EA2FA7D1D3E9B51D3A99B70

Filesize
14KB

MD5
2f3c98a024116fd032c094d8f21fb2ca

SHA1
3da563ef3ae71c4293ddd95bb5693a7d8a6b0dfc

SHA256
5e2369336a2f62bfd5aa1a030745f4e68cd81e3bea39a0067df02bab9aa73bec

SHA512
1895647d51b2459b44cd3ba242b8d761213e9d0c09750e49d78b94bbdef8fe091d769051e6c293c0adcf16e5ecbfb1b737848cc472c068a6c2e410697a44419d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\FF405EA908A0CDBF948198368567C7EC073C7A02

Filesize
123KB

MD5
accac5be0973652a09ba230519c7ce4b

SHA1
ad5e20cc1db37f3db02a0caec597d8fcd649ae66

SHA256
d85414d4cb4908420ed3289703099b77d872c6272f68b6fcd35855eced877162

SHA512
3d3aa21aa494505b4e7f33841c844b31ee90ab1dee27de3c6fd68ce7c8dcfeacca63b4dee7ce5d5ee26bcdb8fe0ba7533981522ca6921ba9ed86f2702810ea5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
298ff342cc32fab6c0858254e85e4648

SHA1
e5413429717feb26198aed7924279a13f6e522bc

SHA256
14dfbc81cbe5529e2f2dee6c7edb31444844a54cd5206eef5bf0fc86c1295f6f

SHA512
f1567299111ed4269a74aef9cdd22e526e18c6808e493f20c8eab5e787c9d7a88d1679de29959ee82f1af4362d32ae4aab333a1f4efee58bb6fb1074976c3ad2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\thumbnails\b81ffa61cb04647d43da798dba2cf05f.png

Filesize
11KB

MD5
0d3918866c269f4eaadb4d479aa6d274

SHA1
efed49d3582171b702e14acdc6a8fe2a0776e650

SHA256
b50b631312a634c7694fd19ee23b93baab0b31449135225c020caf491a111c99

SHA512
4f91a813acb56b27a381b0373e387184a2aab9a76fd02393382c334f28c5c1e47fe5a63dfdf160ec5f82bf3db70430a0bebfcc8729db2a5a1fc69418fcde2fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1K76D8BXJMEXJYRM61VW.temp

Filesize
13KB

MD5
77810d0bb64a86990b7ebcac03151a33

SHA1
86ebcc6cc38e16185a68df4892c2d0eda5cc11a6

SHA256
cbe79763e0415f6e6a88c21d3150179bc85cafb589c81a3fa950e6bb47f54061

SHA512
9ba9a0e9bd5203061f079ca1470885c30ec4575e46c8e006cc0a7e27d10f10d95efc52067f3d08c375ecd51bedc16d8a7acb10e2ed9639b1dbdfb5d89f64329a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
7KB

MD5
fd0cd883eacf2a198ea255184088b9c8

SHA1
2d8417f6d720b736adc56ae5eeb4445265f2b4a0

SHA256
5932c3bd49aff5b46589eaea6c0cef7d3d413a14131ca4dc894cdbf737e47a75

SHA512
3e4342579ff1d496fb3b1d16e9e3211291fd4d1162a58d0e7ba6183a62107159e76dfe21ce24d57942adab05900fa02fbe75cd1b9b6c8c3c5701795ab8972b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
15KB

MD5
c3524a6beef200e78b938ed132042e7c

SHA1
7f73b42825a5b49acc3cfaeac26cd33062230535

SHA256
490eddc6ab8192451e246f27ddf9cf07d1b69bbdfe0650e8fe4fb34959e4dce5

SHA512
a5758fff28e75046f402d4a74994cfd45dc730feb54e24562d060c02bb82e75629ab48c019a367b4330450027eb8d955e59e0ac1c6dddda9256e150643666ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c9b76148c79b637cc1f167137348dfc6

SHA1
b1d6af22c1afb6d10c2e6b9859aeefcaf1754ac7

SHA256
18c56e1cdd2cdf0396a930aa19d5c98b298d98c041b4d6e2ef680ede5cc46887

SHA512
cdac4e5418c14528c7475730e4fcbacfa413f934500d0808860280a2a25d12a493495c92eac5a84be38a17124423d8c7c79a966f13d51a51d5368a0e5556f41a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
82KB

MD5
e3d470fb6c473ea973a97e510b8a026d

SHA1
3dec508fbb1f899b3e67a540b3e9e11be99df56c

SHA256
effe1869f4a4f0a6135bec249bf553f2aae914fc5195f81b3ec63909f4da42fe

SHA512
3190bceb38559f47afb6c44374acb46685376e77ca00ae0832f485651b29261bc3bb5ff4aa37b0abdedddaa1f4188f9cda072139edaae327af53fb9933ee689e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
82KB

MD5
5301f758e1a93d481f8da1679f82aad0

SHA1
cedf896f67e70d5c106b73b81218d5520efc0286

SHA256
39f3bf00fe33cb3c67d3590acfd864f6d33cabf3a48b1d1ab0fb98cbf23c8c1b

SHA512
1a0b24cc26064fda6819158b80df450cf694e7dffe949d0b62574b890e5524b9f79a6b33a4db3e7196c0e0416d70b7bb18d3833057d94b22d6d5da61fc0e7d79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
9de29b8ebbd068f829ba356e1362cd71

SHA1
a1910497f065626f37a53f4d66ad26b55c8bf69f

SHA256
c1312e08c41b99d39ab1aff1ff63eb124043577b35a56d12758c8ab0d74355da

SHA512
b0fe05244e841a8171138a57d7142ba95dade6775ac6fe5675a176a3a6aba008acac39ad8b30e32417e244df9c74b9a91e860e9190c018a9d6e536ba867b6ccc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dc11a64271c34fa21f4c54ea21e59e75

SHA1
ea4ef8d9d9edef6de67b1f602447e3a29f05ac43

SHA256
51224862cea3d77c3c50dc214369c48496c81ee5ab1f4b7aee65ddbcf3b33efa

SHA512
1523632322d4fa39cb176eea241059d70eb0106014980f1937c7a5d2dff8590bdf0327573021adc134594a00c7386a4e5f3c60738e746ff19a0b8a0fe193c12a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\16c352cb-fe59-43ff-8423-3d5f725b310e

Filesize
21KB

MD5
cbe4b6674af42760b945326533a543c3

SHA1
32a510671fa722c819ebee5d39759aff36acf2be

SHA256
7ac7c72978f8c8904ebb9fe2e0368a6b03cb0da75e4772c4621d3dd19939e11a

SHA512
feb3a4ea100e1f286415c6fde2b4372bc5cd4787f6ec737ddfea3f08a441ce336a5a617b6c5e8a84f19e30964e045e356f51fd3bebbff0d39008087fe8e0ffe0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\3483fc09-8296-4799-899a-c10f490c6e31

Filesize
982B

MD5
9746478a33426d8b8b544c86396ab2cb

SHA1
9f375d3b726d889984e4997cffca7f8839e12e65

SHA256
c14475a5ce1c05e5bc4b063993f755f0fef84e1ddea9bac49f181846313ea7df

SHA512
9d1aac93a1e7dcbfd3fc2260d350706b7d88ed03c3f0bc8e027151a2e96a885ff158dd04590f5fb0529aff07c9f7d3bd92405feab9d688db355d68221ff3a981

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\c2e15372-0599-49ec-8a39-c973cf153b71

Filesize
671B

MD5
f3616aaad22894052e66eac995d79de0

SHA1
6084d67c0697c3ee706b8962b35f2d25ec137be2

SHA256
cba5ab61a2bb6345e36eff9e54c77e2b1e42a0afce90438d957f7fcfc606e08e

SHA512
b5b03b69af9f505437046ae4348a4920ad8598762a8e4cae284bcd2deea221a53a399a7dea304f25a2935ce10b725a2df6c983576a4d495d6783137841535457

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\ef308721-38d8-4eee-bf63-b1b22c3a959d

Filesize
29KB

MD5
969cae0bde83c05b49f7f37a9df30da0

SHA1
cd7b1c08f2613b9afad5d8c8b0585ba542fe5818

SHA256
1518ac5532506bc7f1b3f680116799858df521435a75678f6f54c19cf9ceaec4

SHA512
e1e8e83085cdfd6563a9a1d5bac12958906e19c0eff4a50ad347dbcaef39b5cd121c18945bc108a0faea3868bf30bf87a73017813965e4f2e68af4250b20affe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
760b9bfbf1c37d0d021ac2f0bd5a6dfe

SHA1
b910e9f65e064a4539adf8e7bf64a085205e3ed9

SHA256
f8d60c7d87b7e467a05f6c709440adb35fcaa9c522726c977ada4e7a90598a4c

SHA512
3acb0d7a541e217f8b1636a15d2b5b08689d45c49a984f5d265183968975d88218bcc9911424c969f3d5d008af2fe414e4ea72dc9e259a6f039299002f110aae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
807a1fb67c5fe715403026b42697f2b1

SHA1
41523043580eb94b10e0bbd0aa18ea95e62941b5

SHA256
91d60bd0c0be78dad2b4c64adc4acd11dc85bbbcbec2276c57335385e0e99afe

SHA512
ce1705d317053e69783a7cf90eb33eb66618ff1d1fc6d96c486a01d58da6a1537f3379fae53407bf8796fdcc185de9b2761cdf603079b72f8f019899770efdd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
7e8040cadfc64fc34954ffd3b5c688cd

SHA1
1ea8ff291f469a828a8e1bec59ed2f0d82309c3f

SHA256
3cd7544fea63f51568877112150c6ca8d858a2b78dc7bcc7173e79ae11da69ce

SHA512
ff4cee1558fead1224932664bd81599c5446fdb404737a93398550ecc6c63e0482f3502d81d381a545ec8e3fc522f2a5d6654db0d0ff14cec1ddbf36b8b6d910

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
bc3a34a4385d21f32bf7bf7809d8b7a8

SHA1
61c51c128ef78dc42175c6257029b38cdd279b9d

SHA256
7e92a019ca6040c09257cf2fced4a80659e17f27d7d97ca6edf127d85ad2b338

SHA512
8189d79eb3f19d86474044575c801fb80ad00cd34e0ebc7fa4946f67e337fc60c8b249c6de5178702a82138e35e84f0de039630fed17da0d3c9e871f322d9b29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
12KB

MD5
116a6524c34904939aac5a7acb51ccdd

SHA1
9a3f93c3453a72664ab7f3bae2ea4d1c9e39bf9f

SHA256
a702fbda8aeb8795b3a6f244805748adf0c45ed4bc92915094742d87dc448fcd

SHA512
9b73eab99c7b09705747c55a1438d93764bad8628d0feb4bdd6efe21f55144680d91e3008fd60a364ea4bedf8504b2568ae09c6401abd126a59c187ec1941eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
12KB

MD5
aecc2ac1523ec314ee79b62f5893c39b

SHA1
dae287c6ed4efd623fb950de36e401160a7c99c5

SHA256
73c3353249d7c50e3f6513a45fd5b36bccc3b37c32221f3a97e435952c65ca63

SHA512
6d1942b9d806b1c5bbafd87378bae5751146d936e16a3328c51326ac7431d2c656997a69894838a57dfc0f303b7916198e46f3f270f0cffab34021a0fbc3e490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
6fdb69abd412f4f3edd038738886fe7f

SHA1
db91e497a3ab3a44e19befbabaebf36fb15b8c28

SHA256
1005ac1930e8c8df4b72646599c44787f344113029d7dcf5f61c4d6f824de0a5

SHA512
f473bd8bd1540495604960da01b159fa826ce270a6bc4aa37300d93c57daa74b4ab902e339f5448de619bf4ff51b36d45b03e62df79dd3a0112812b4378dd43e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
e978e6fde2e7b59a6388070e7476c81f

SHA1
0e9a581dccb877593fb1e6acd4ee2d48a899f053

SHA256
65752274a5313d90040223b4456dff3e3c2493b1c8423b018f266eb83594ead1

SHA512
cbb3b4c676f8d432948504a4ab2473aaab63f16955ffcc0771f30a449c6abc7f46bb7fd46d7ffac61ec8fd0a00a5dfd3a28bebcddc65b971e1429299852652e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
303961a2870d793817684f4723a991d7

SHA1
311c3a1eb735c113296763915301ee1232da825b

SHA256
b66fd03028c8963265809c210feb6a2e485021c728d3964e6d0eaf7111343d9c

SHA512
6583f87eb773aed965669da80f9a91684f8d3f0f5ba88bcbd7c5b6b7c63c7a10ef1e7d49f9221c3b461b688a90f34c33fe5c923b7c37d006eeb4763ad2c8edad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c0b1a2ade04b669fdd32044f834ac244

SHA1
27a3b0596ab8b8698e0afea1db6b05f41ca15b8b

SHA256
7d78771bb66847580c52736f006ad75eafd157e6c11feaecc1635d705abe9484

SHA512
a8fafc398987c2c53944eab164423203b14168af83544777490defc9315973dcf2b159b2b970422be9793c46a0ae2aa7ef93babcf94ecb97574b700a56b56d5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
92d5fc4d4e93224e904b0651aa657ab3

SHA1
73e41acaf8da1b85b85df0c7861e6ee6b90f627c

SHA256
0ebcbf114a4e85c672ff416f967db7baeeca6fda761f4049a5a566223ae4fc05

SHA512
5b404c39890f44f9fc07026f638e23a351de7e6a59d17aa69eca60f58928e8304230e54316c6631fbea5afb904507104f7d12db6aef7cdaaa7bccafd3a71f1fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
5a1fae2696f087f5b61857162d1a6edc

SHA1
2a76be91bab13e46b803db0e47ac76e2d218f555

SHA256
b8c54be7d3a8229a9f4d4dac0f292b5ba78fc7b890f0b366df3a22d1dc242012

SHA512
d283a079c37a2599a924647944bc7657723c54ead1f6a850afd46a3a6e7b58bfe574028062733aedd25a025cf7d02dbdec93cb7c4241ec655e4ecd4d943f9399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
fabbbceb651fea50ae46672b8908582e

SHA1
a473c969c0f66ff0258ed7cf97fdb8840e64bd09

SHA256
a52ba1d5340a431cd5f9bfe8b549404b60fe9a64199456d1b1aedea8cd22bfac

SHA512
58caf89bfcc72ccb90a55a7c0346f8963b166353955c0133faaaaaf8881a1fc9b95e3a5484b9d2e92d89402cf7e4f2d1fbbd64fafa6d3e43a137bfa7b5b43efb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
87b07372a24df8fcd3475b97441f07f1

SHA1
d24ec1cc965b325b441d2aea883548cf3286d7e0

SHA256
d6db2bf7f37033c596d86393982f7deab44024ce8d9f2d67e4fb631ebc4fcea5

SHA512
65890fbcaf51f4eec1d0d3d83671374169fae794f1965cf9e52fe7f19cd4c17f68295b8144d087ecce169c02136affb42474216010c2c27b7bec1d2b96cb7d54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
d5e49c35b9da3f35e8db6e71dd5f1697

SHA1
cd81d678bb764b0db5bb4c9c654e605cb93dab87

SHA256
521b40dd54c9bf04dc18e2fbdabe9dbe8147b8762fc984c9d7678f51a244e3db

SHA512
87ae71347bc155148a6238dd350019f6680e6a8314e4f301fe591c55d5044b5bdcbf4e500def7b7f545853fa187f763ef62ed064acb090d2afe08243ea8d64df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
f4e02b2863a40a91866e58e135cf418d

SHA1
81883bb98a451939bff48e1316fd220668d78925

SHA256
e255ea128525d3ec7d5aaad9c7defb31806a5ccd94bf9e00d12701cb8e292969

SHA512
8d5e0502deb1e40b54dd5f618561781854d817717897c223fb5d42612ce4e4991a0bb0891f4e6c45baf73d4e69dc3b0e92f4b05c974455a64e8a082a24851b22

Download Submit
memory/3476-651-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-598-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-916-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-956-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-834-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-764-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-675-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-999-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-663-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-1006-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-633-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-622-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-614-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-947-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-0-0x000001A240D70000-0x000001A240D90000-memory.dmp

Filesize
128KB

Download
memory/3476-504-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-421-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-1008-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-354-0x000001A2427F0000-0x000001A242810000-memory.dmp

Filesize
128KB

Download
memory/3476-355-0x000001A2427D0000-0x000001A2427F0000-memory.dmp

Filesize
128KB

Download
memory/3476-341-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-334-0x000001A2427F0000-0x000001A242810000-memory.dmp

Filesize
128KB

Download
memory/3476-335-0x000001A2427D0000-0x000001A2427F0000-memory.dmp

Filesize
128KB

Download
memory/3476-321-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-2-0x00007FF6D7180000-0x00007FF6D7DB2000-memory.dmp

Filesize
12.2MB

Download
memory/3476-1-0x000001A2427B0000-0x000001A2427D0000-memory.dmp

Filesize
128KB

Download