hxxp://discord[.]com

Analysis

max time kernel
1049s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/09/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
1	discord.com
86	discord.com
102	discord.com
113	discord.com
100	discord.com
3	discord.com
12	discord.com
45	discord.com
67	discord.com
98	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 48 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\crdownload_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1 = 8c003100000000002959390c110050524f4752417e310000740009000400efbec55259612959390c2e0000003f0000000000010000000000000000004a00000000009d497800500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\d敲eỪ묠됀耀绝򗢷ኙ򺇏䎥䏒ꏰ证ꀁ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Ứ묾딀耀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\crdownload_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{74BC6280-1AEE-4A13-A921-427C175DDB54}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\MRUListEx = ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Ử묢대耀D3D10Ref	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\d敲eỪ묠됀耀绝򗢷ኙ򺇏䎥䏒ꏰ证ꀁ\ = "crdownload_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Ứ묾딀耀\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\crdownload_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\crdownload_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\.crdownload	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\NodeSlot = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\crdownload_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\.crdownload\ = "crdownload_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Ử묢대耀D3D10Ref\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 0100000000000000ffffffff	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 13643.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
4648	msedge.exe
4648	msedge.exe
1924	msedge.exe
1924	msedge.exe
3600	msedge.exe
3600	msedge.exe
1344	identity_helper.exe
1344	identity_helper.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4496	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: 33	2912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2912	AUDIODG.EXE
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
4760	MiniSearchHost.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 4808	4648	msedge.exe	78
PID 4648 wrote to memory of 4808	4648	msedge.exe	78
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 2480	4648	msedge.exe	79
PID 4648 wrote to memory of 892	4648	msedge.exe	80
PID 4648 wrote to memory of 892	4648	msedge.exe	80
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81
PID 4648 wrote to memory of 792	4648	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8ea13cb8,0x7fff8ea13cc8,0x7fff8ea13cd8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8100568828876921466,11453580849465709910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4496
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 13643.crdownload"
  2⤵
  PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 13643.crdownload"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c6da678-3dba-4460-a603-23a8c126c18a} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" gpu
      4⤵
      PID:2732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4c98be1-0a13-4c5d-95bf-0d77840c12a6} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" socket
      4⤵
      PID:5048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3328 -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 24674 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d40c5f9-8b69-4a5a-86aa-6d57c5e7bf01} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:2380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 2 -isForBrowser -prefsHandle 2992 -prefMapHandle 3060 -prefsLen 29023 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526f90a3-f190-4392-9744-c5da2589aa2d} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:3924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4256 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f92c4c13-d5a6-4d69-9fea-0fa4e205f5c8} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" utility
      4⤵
      Checks processor information in registry
      PID:1860
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 2992 -prefMapHandle 5388 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0172f8-198f-42d8-bddf-4d661bdfde41} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:5676
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c9a8e60-3aab-4d5a-9422-1238fa6b2d68} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:5700
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d9789be-7b93-4a5d-9a90-c40ec4ada429} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:5712
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -childID 6 -isForBrowser -prefsHandle 2852 -prefMapHandle 3668 -prefsLen 30106 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b40eddc-fd49-434b-9206-ab4b6ed9b225} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:5612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4200 -childID 7 -isForBrowser -prefsHandle 7820 -prefMapHandle 5752 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30641f26-3755-4d13-bbfe-5596ff4d0927} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" tab
      4⤵
      PID:5312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 13643(1).crdownload"
1⤵
PID:804
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 13643(1).crdownload"
  2⤵
  - Checks processor information in registry
  PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
bd895d0d5fb1fd442332c97dc51c8fe5

SHA1
1db94b723bdc4e0339cbb9650a2059f819d44b74

SHA256
1c5ffd9984eb9f24d42bce2a44586bba07253098a9bc666c5c82131b7931b4bd

SHA512
70681ed325dc29277a132afd8071f5710960bf4ab0d2b81126230dfaf375272ab0c7f511c9cd939be6c562dca0612b59f6674f8ad172cf6be9341ab4a968f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e7a56aa58bd33bac5c9d8e0d930afcf8

SHA1
412ed5f23a26efd94867a12d6ecaf08f9a1328f1

SHA256
b3a35abd8d494f95d58463df22dd705d2856caff4c0e79c5657af48a12f6963f

SHA512
727437118189ab15d4cd91cb21d1de651e17033dad9473900273270fb3a238e69c49a4410b97695c2fb7e80ae32edd08c5515724a90fd8d3359c136156409da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16752ae1f4bc02970a156a1ff92dad91

SHA1
6831c3f8e3da3e65ed8ced5ee8faf0d2eeb4a8be

SHA256
29628b914a11c677dac3db4dfa94e2c0ddeea77717eefdb2f18871437390a553

SHA512
8c395714663afdd75f83afe7b164c78fabdfb57096dd6cd32ebf9313783156356c86330ced0cee81e545bf58ced88b6662639684608fe0cd35bcff91a89e086e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eef6403b5284133db460b25475f830da

SHA1
18eceae03a28d039586556982013cc944ee3aaf4

SHA256
4d17cfe6f1e1ee7e593ad28016477778964bdf60967da5a43273ced0a3cabc32

SHA512
33c2f9ce3dba32b2f7473b0cafdcb27a005acc421d70d4f508b936a2cd4bcd412be6e7b586644d3658b437e526ef55f12c0eeefd536ff3f3f8060b7b40b2d249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c574cb3b4c6cbab51dcffa58cdcbb77f

SHA1
f299a55ac84303f7c9c528dfc8e5421d4a10d7f7

SHA256
9b2c44f64e7838747dfeebde87bdb466b799aa6217b4c335b3b8a38ef3dc3149

SHA512
6495688d2f0cd093747f0dca60932b031641ebf4fea0fd8aa042a46c42deee8916f9d9bd4e6018fd5215fda2fefff39bf51f445ad10a0b207c351604feec5881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5a6eb283175f25e5f94508a7478578c3

SHA1
728978f1214020bac4aa8c0e4ab2da565f318c95

SHA256
14e99d61ca2986e54e26db0fa4f41422c47aa19fa72b3a2b9855930715a41fee

SHA512
e70226ceb37f4f9099be4356116437cb9c7af52f8bb08df1f542dc884f2977655f69608ce71737ebdd2671b58ff75a430fe8afdd00799727a9cb40226a6f47d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d904a7220511f5632deac0eb5dd49d19

SHA1
4fcb009c7a4b426d90bc1f95db6c3089873fde80

SHA256
5404561842bf028120139d7b57980c6db5689ac34bf71cbfd6b2c6838a8c07c6

SHA512
74c5bd22a48f3d16b8a9fa3c3e8249026cc8855a65463d4a5e4fe78b8d66b5a74d2604b730ffcb06b4d7e61c1351f4834df2b6bdab50d6528d01a242031c29b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
957520243470099c85332bf359ced3f1

SHA1
e927fbe2f87311565440383e2477bb92e24820cf

SHA256
8795f13e529ad2ce577c349cacd3b4a8e1268fe3235ac3f964dc1b6afce8cfa4

SHA512
e5dda36bed4decb62c1e82b3b3475e053877612408b3d4205853d07160fc7896f73f05c6c976da14950fd28385ac1a42465c7e186f81840fd21dbbe6764372ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
339a4263f5fbe3ef0238e4216a3b0529

SHA1
81ff5b651e83402720929d2534ce30d2a9bb9de3

SHA256
509676f7906b379e873e35fa2ccde3c610857e287d999fe5aed92f996636a93c

SHA512
8b8a1dd4ea191634a2a142fb805174fb36013a774f53b315bb08f7a30640e9380525ea1a711c2fd34786d09584a070fc2d7bee5d6dae933c0eed28d789cc9222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
570e8a1b15ce7828a274fea2540322de

SHA1
7cd529d443966aa4988615274a59856cb6d8bcc6

SHA256
100d1aa8d6a84b8080281209b58795614b33a82c1f81bb961a00f58f48bef197

SHA512
57e50b60e4dbb6f6fc8678591a5a4a254620fafe2c168b642ebf98b1bb8b70bb2e5372824e69ab9d722b27d1e98de4ddbeb034c27d18f9b085a91633aad51707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4550a611f8ff2232a2a2a941b5f6d13

SHA1
4ed1823df1bf7226353825a28e68fbe131b875a8

SHA256
699d24b96ffef1c7e41a03e8ac0dd81f2459ff57368f3d67c990ffdc16835248

SHA512
ad9b6f864ae670a96f148f7ef337d0c5eb0335028552ed1281e68a889d3b704a96e5d0b3d5913244dc75f7974627d6f8c01424d407d022cd6bfa01dcb05b307b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8d02d835da51c96bb038e58c6cb470ab

SHA1
4d977352173f3a701b55d3a85991e6a9ee9bf303

SHA256
98ebf862af525ca2bcf87ae397602621a95927448eecdc2b06498e0c7de92743

SHA512
a5888b9760ebfeb634120c75ec13f36782cd601a53b96dcfe4975404f36adf9420b3c2061128adfc2d24153e5602db41afd8c32395a9a8999f12548d6d68b47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f8c3a717a5e87024ea5e122e356d1e2d

SHA1
722d73d2e863756d20d90f36ad47e14416fea23f

SHA256
ede33649f31b0935614159bf417c562df39b20fbb7eff032b13b58f36c10f100

SHA512
18a72f1b065d310a5232363e96a849f94ff22cb5c6789ac80d7531fd318fd0716ce8c5a8c0f36cfef2fe3dce6c3a3f18d6b8ebda593821611d1b4e6123981bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ada6a0d3f9183b8a3df9c16869d29f32

SHA1
b614e723660981ba317fb9bcec5bb46bee178ec6

SHA256
5ae7d812585e2952a8366c3e0cfe813b766814dc3dc4530bb69effdc6e670add

SHA512
6f7f74cc5b238197510e0673522848c70960844dc02ec00150a3482716b05773ba0890a6e3e19fe268c55862a308a7fbcf3b8ea4e37455423896e8294cde4349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c1b6f9fc6bd61aeba175e47dd174aaa1

SHA1
6e6649ba8e4441a90632397e4baff5c453a69e78

SHA256
c35fd18376df7cdb0c1c21cd2a22928e282c93cf7903397dd38520897f629069

SHA512
47084802a9411419ba646f450f61e929c06f6cc995aa83bbc1da79ef6a6dcde733daacd0e307b713dfafebc131f1888a35af5ab50061448907ac7d1957cbf330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30bd47be073f733f87bf9fa7f2d95681

SHA1
013b8645e01c68deb7dbc81759cc2b12fd34f6f3

SHA256
6747d745fc1525761e35f32015eff7eed1435894c8c746032ba53b0e81df24af

SHA512
b8d701860f9298d2b3436902aed89f661cf995e344e19fcceb4b6d217570d0b174874b11821d3b1543c2123d6e67129656a0f76232a2de7729c2c8e4f0574557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f3006d1d7e8d193abc23efa4be71ab52

SHA1
2e274b230c8ff1c4b6fe062d4f6f6524201a4e14

SHA256
184a91c4ece128182b2fdf4c78c03ff789e429d58da95d550f28d531208d8a6b

SHA512
da1d622cb10d79c93fd8a5b486dd3d82e9e358ce73ec12914df8382054a8c8dd57df904e644daf599d176e29926050f43e389ec688dd7dce20c8ab7c7047fb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cbefa666351f94d69d665904ba4e731c

SHA1
68983b04158eb77a845712dbfbf5b9697cf5877a

SHA256
30fc36d67b3a1a9f501931e374161dc2c680b05ea314b4ca7e63add46cab211f

SHA512
b6bc5067a42c678f8938b93fd3daa01b9350500fb97dd6203c03502610c010a35c9face05383c3d231417978c4ef5998abcc35d127291a972548494662297f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
648136340f91efb831dbdcf82b9142c5

SHA1
0e37b92cafc83e41d55880675006a088d476a652

SHA256
a29040ace6db30f31147caae2281b928455be807f1107a5efc3ffad52cad40b8

SHA512
720442db45598aaacbfe4a8fd58189c4a9c68f59267d09ab8e3d000c5a701df1c65cb44fd7121f94c592a37765d948eb09f7f71820769a87c19b5067c615ef69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7789aad329e2450a4987c362ac0a24fc

SHA1
8a73fa608a959ede3b1f8137b0bb76a7b957acd5

SHA256
e10bdc7d63005a0f58087cbe3aefe28ed053c6437bc49a117c04ee78cec456ae

SHA512
6ef75b73cc17fe719d1af3a10584824719d0da505f294ad274e29e67838cb7d407fdae2b5e956fb53525a61f3fd85cbe0d5010adebba8f5946a935670c6fd366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11c4a24c4ca38b70a104b6d1b676b02d

SHA1
00d151a0978a4bc911f95d317b95430c465b7861

SHA256
1631ed540058fee6749913f157e15f0760550c48d78eb99cd94f47a5700095bd

SHA512
e6b790cb25930b3f86e49737a82250b56442f899e9dd30e3304c66ba3c639e0fe619812cc4de880b4da494513b3a24eff5d1301fd27f1cc2190a33502099687e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70d0ebf78ca58504eb8723ae5270e525

SHA1
460e3b108553fa8ba19f2624faa5087556d4ed3d

SHA256
02de63082816924f57d38bda913b6ec2f405fc784cb20ea71a484d205c37a075

SHA512
c722f3f28444b6a7c05285b1bd9fb46583e40cf64ed5995932225b784ecf81176f9da04749a4b95ecdd4659dfbef276161939511b7a094cf841411857f0c0b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0e48b249fe969b8203018bf4c015e34

SHA1
747036bc49de2a22418fb3b9fba48d6bde34b1eb

SHA256
607b58d8b9c2fffccdaf80ea0665c8c8cc152a4d006de0f3a706884fee1db4f0

SHA512
208fc83a1f84230face8f333907d2b20ccdd0845aac1b1bc32718e6106dd80408afdf8c252cd6eba603cfee1aac64364837baadb60d375cf3a7b507bba38d046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
172bebd0f7793554105f8a3954642a91

SHA1
c27e14328aac776856f1204ba8e0714c0911a713

SHA256
991e210fe9b600ec60f7e2712a8737e6a55a5c6497e77504f3dd045bb280eff8

SHA512
cff86359592fa4709c85b7fe8adfa7b88edddc764c7c18dc39cb42f4ee9355c06728281b94ddfd3358a6ba2ab52aa3b0302770e9f3c19469fb15b305d30943be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1605b9b59c2d491db5192c5bdda71efb

SHA1
8fcc9adc3e53fa929fd860835f8c3370efb3db40

SHA256
23bcf0cd518fae2ce2b73035947faa0665e896c0431a8640da8eec3e50f8b92f

SHA512
a5692df5ec804ebf66b168d4714a3ded0e504062c8282ed3fe21159ffa42edbbcfb0b2a3707f47ae378e34317d7761556ca4372edcde737c1a51092f237b3ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac1d3f787d713221b37d2d0cc0fd0f49

SHA1
360053e54774a5396192883543210ee8d2e54789

SHA256
52c20396980df5daf63d9ec522c821f954984790b1e14eb1233a13133c82f3c5

SHA512
b3e7aa78626071982fe9beaf985a507418c9de5bdec129cab844403e49e1ab6c59f16ee14c9beabc2047f0d08003d46268618f0fd0613b2f50de715ca86432f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
971eacb15a594c37bdf7fa08589c14bc

SHA1
caa38a3e8171aa4929232b743210a2eb02840493

SHA256
4d96fd5a8718cf5bccf15cd73d3bc7a96711de1fa4c6daa4af782e5f07642eec

SHA512
42bb0ee07deda10796edac24fc343e98ae82f4e4d59bf3d8d3a16e0789457ac30fbf715c096c4f32891856b5282189882280eb21e96a95ed9c638d46e722f891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d44262364c3ea6240f29649198d4ec0

SHA1
76273c5406a581941ed7e019abec7c0fdf207aa2

SHA256
633a7927fd7948ae8042d180999e04adfd4a5074ff402308cbecb4dbcb7df121

SHA512
ae5fcf271cbee75c746ddc8a7ffb0dc228fc7551f0af704d35ab97c923ea3089f7b36a04880be036d2c25300cfc87d611295ea401bbc26e967ca9d01c2f86a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de481c475d520055b0a143987e375cd4

SHA1
034e10d5c3e792e3c311dab187b629951f9c3aea

SHA256
2a152649d71dbc1dd1891cfc20651252947f4f666e0a4019c561c00971397d0e

SHA512
46196bb75008d086336092a751677d39ee8a91899d82597fcfb4809c55d078893182cc8f61704e0b4c895e7acc74df56fb33e3739b068a9d797a2c0e701e6eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8cdd6619dc00a4799337ec3f1b8f0baf

SHA1
5e28b784ab7043375a2aa43abff79b0184878f4f

SHA256
448ddf8feccb5724db257ef2105339f3c95ab3380b23efff192c5830a0765638

SHA512
805672acc9d583f2bb4bfec956ecd98294eedbe9b5bd84be7d96325868652b84dbf4097ff882b17285ff1d95ae1043c76ae607a3b714867aaf0a43dc0cbcc6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa2763ebda07b8d020ddb4388664fc87

SHA1
23adf7fc0685a693eb445c634afd7f1aba95be0d

SHA256
b3cbf3bd6b519e3113cdc894ce0eea73570399e6870068cb742fd25712f23fd8

SHA512
6a0792a1036a6381f83554962eb959659c345a008c4f1faf303da31a00352f42eaf2edeef045f075aa26b430b88345f5250754b0fd6b1e6d05dc2b2cf46944e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11942e3b7a5d050a1877a2f233b3b545

SHA1
ccb12aa49514b65b46c6ddd098ff330713119bcf

SHA256
e1bfc4ae4972ae6fb34099206af47e28b9da311a87a73d4a9f013e52b5a0b349

SHA512
8deb552db70a59888125555d95724ea63f984613d3117a052a7e108cbd76097388b19329c7334987f449f130ebdc53050bef58c94758b5c58b92567839d1f1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59c44834e553232b4f76dffc70cb369b

SHA1
828fc6e1395468042d1ca882677587a95d2d05fb

SHA256
c700ac6f9e48a8a0a306250ae204c2d18e9bfebf1c0281a89538c0e12b9ea539

SHA512
ec8669190a342d5a0f1d314e42bea5707bcaa9c7d12255271590dade18b525944e51b2b54b00d3dc735a68a402b4671b25efadda50a4e5a19a96940884a30bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
704bcd266aae9949dee3d53ec0565129

SHA1
dec729dd53966b56806e14b229022ec5dab0d3ea

SHA256
dff0c5b7dfa0719e5fc2201ad338b93ac345bea4e668818b96d35f506744537e

SHA512
6c09ef6f106772ce97fa623294cfa97fc9aa6a65bc72b2acc48dda8e02e686e66b612daa6eb3b7fe7ea3cfc8f7b586b668579956fc33574aba55f2accc33c530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33e9da59a9a1ba33c22e3516c1bed9e0

SHA1
1231afd8931fb951ec4d636dbc5329e5e982e41c

SHA256
059491d81bd8c60cf251a14a286e9afc7a94319aa67fb2a2dd50bdb76c97b84a

SHA512
ad60547d9f6ed827c69a439e30be53b8823cb81d6456be8842754941b7c4a477d2fd206a583a70b13cd9a7265d8d060dac96d71d75581a1d852f557602980543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17e574032b48577496aa5b39a9ccadd1

SHA1
766a9aee8fbec31047e27e323d28a4fefa039f34

SHA256
3faf7d6c03a9fbb4601239131e9971c1379601f5b201b20cf48f7151307803ad

SHA512
40369d8a8d05312383fc887bf16647a82ba734237fd5958ab06e4195776b1980c35d06c30b4d95e81b8515338953ac6d249b702d973fe54e72e479ec64aeda2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
06627b4eba301ba7268d068c9f57a972

SHA1
e2404a8dc85c0dbb395368be7ab2ee6de66beab4

SHA256
f08fd7182165dc3c5873bdcfdb3340bfb6487e90df51df1113e38c1f55e7a476

SHA512
0ce10089679cefecc1b185a97cbfe22d97f09283b6c21a3fb82dd9f9dcf00d2c110b5d46189ef93c49049ed6b38d5f30bae91cdcfdec4c4e49b123eafd7c8c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28cf4d87440f55c80a0d0758c0cfb9cf

SHA1
e843a32b7a881a668b68aad13efa8da3220b652a

SHA256
bb5a0eb7d8345a70a683f7204622bb32dd184c3fe66276db21395128ed5b55f3

SHA512
28762952b81bf629798145f78b53744759fbbed10ad27bd4bd261d641881340bced43456bdb83701002a8a823f4ced5567ced15483aefb2dd24fd18b4f0878c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bc7f0e51ac2502784d38a8fb504b068

SHA1
adab2234f00ea70355b3f0678d51a6172f321a8d

SHA256
6d866bf44bbb15ca2a9e1daba6f3d17af3828d6364c7ffcca2b0e90a48b86ca9

SHA512
0bef2e1d7309bd7f0565cad7ff407308159c6e4c89d8381ca43d86031afb5e8af0b1f5b6eb256775fd1ae84fbfec821a00681dab304f25360cc35b659851c505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e176f036a8074fc02ab05d7854df3de2

SHA1
5bdf6fdb33f6e0e7189b4874bf70f767dabdd64b

SHA256
ffca1c9d0e605a88af717e05c85cce47bca1f9bc39e56fe08781a0c9198e91b0

SHA512
989a0d77794697e3f7757869ed1602c195a1c91df2bc753d2f4f106aeb1fc7440546a3b809c4584c088919a3de96a96f04e4f907d843cc5c680aae201ed4976c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c46874b5264f46e7ace980c78a57eaca

SHA1
48a06f2694568a9d436b9faf13ad5a51ca01993d

SHA256
b93bdcdd98e4f7929c6559433179cc752d7ba06f9a60a4e5315856da55f1a259

SHA512
1ca0c33b1d8ac4568556803f079cb52ca206115359d011c98813ce7df0043feca01e19e79472215c409eb6eb2e83500c18dfbb486ab83a910ec2fe7eec80860b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6631833a4db33833afdb6614fd592264

SHA1
2d73167a59ef6b29c3e4100698e90068fbd98621

SHA256
04821c997a58486164590d6ec94502aeabadfd9ee68e413f1142a992a70d3c65

SHA512
3cf0dac0357c2791dc5f3b66425cab8469971180f55a4cbf0ff98d27486344b659c886f8d33d3b827f4e8f8030bfc78e95623c3c499728cdb929bf1d2d755818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0970710aabb6d90584d3daa59f720848

SHA1
6297ab9c52945d09461fe382aebdcfa7776d2b26

SHA256
9f98b621122ba583a257b420add73caa14415f169aa906edad5d3655d9bce24f

SHA512
55c299406d9a3c8b04c634493e9fa7e1ee12d3eff9132587ffac7128cc07f5c3bf0df9ad08aea818ef144f58f8b3f8f8b20192b7ef71f0827f8aa706147d5394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5adb4dc2bc140fb5721487515f067076

SHA1
5a66e43a8252cd047a0352d8466e83c935db84ad

SHA256
0419057f2ef3ec253fc8bf924ac8f74f006e1d3ba0c16bb2ec458f15081e6f65

SHA512
e7ef97bf228e86774769acaced245458729d8eb70e2f2ff9ee578ab375f05639ccea5177e2cff554b1a32cc380d3e2e06f89412a098a9168cd523b663d2e033b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f0c89fe954a26895422a62e17663cb3

SHA1
77a1c3054e6eb7aa65293e9ca0be856c993e8beb

SHA256
df5d90c795dab5448e9ae4387e63d3bda01c55a52639a29631d597eed8306b2d

SHA512
16bec49fedc424c0cad2616266da557892d241a3552f23fe1ec54131c47424d63c433993878f501497be34ea27b3a4610936a5a324f4febb036f0c7cc5d8af90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bca028088558d8d71ca8e91064319ce3

SHA1
1b7015ce522f40eb1c62e57f6ee64798ad2bf02f

SHA256
cb2680868ec7c15e944fa28442d3af4d37710dfbc2df24f63276fca2c2005bee

SHA512
37daceff7c883318463c6d25fc88b4adfd9d9ccd0382dad8addc319ef2bfbcd9ebcf917bbe6cb3e210f691c1454749807c3501781ad9a138b767e2aefd16c97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95107b598aa48725f0d719b0e7d61d84

SHA1
4a365ca5aee16369e0f49c526d3717beb8535049

SHA256
a8eaab62535b5a0dd84be529f7809a9ec5e9e18f43b6484a26454959dd21345d

SHA512
4b982f4448032757a93357b248b545b13683f65425f3846ece7ea2e69340360f28a0d3dd9b6f2f3a757d04028a62d9b447303812a59643740bbfdcbf837f7124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bcac2f14101579e954ac9da090056a8

SHA1
cbeb28efa03a798eeb5c4a0276ec49c948836b76

SHA256
972fc7fa82944de8484f7279d51d78878b90cd197cacd64be10576ce6c971196

SHA512
b99cb373052b34e2c9926dc172a5597b566b37cfee3983188c18c222da350570c5afa6815943642e6f65fc55fb66054a6b25475c9b06d20be8f947c9f0eaee6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f80ef8da5463005aaced4f7d7d5adf45

SHA1
cb44571a31a85f0bf7e4f2b48dd519de8d02c469

SHA256
66d4c8946bd76635b39c24e8eb9fbcee7d2339edee4372b22c180d13c31cc706

SHA512
8cd72ba18e0f2fa56237dc4dc71d81ca09dfdea2858b7358fc9f74d27e52deb658767b07acdaf2ac67e99893fd4ae429a2f5709985109625ae6a0d57d288a7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23ebd8dfeed0f164ada068d86f531c16

SHA1
21ffe8dbc5dc9eada547b9e15304e17100e2affe

SHA256
7bb9ca058fc7154356491fca7e4c6d1067564f8ca6b094b4e14089bf8d178630

SHA512
05d819e443da3d9b239f8a444363b9f1b34e09b32fea7adccdf9dc271e4b57d7ded0825d96798569a65787657af1e9c577d53bb9867effb1568e741e16c67f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b78e17d36e87e0b1289ab6dc4167bdd8

SHA1
d9afedff334d9b7797573264cb6cb8c730b52e06

SHA256
29b83aa078248f7ad40809c86ac42c83db1952810998b7607004554699cb66d0

SHA512
617936ace066e9ca5777b56716e58f009c532da931463a6a8e0f12e6e44a62ee05b803e3ab78b60899182731049e4ddc801f3e65404ebfe3ad32caee27ca4dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
392f8ce73ca54fa5ceae6db592f39ac0

SHA1
b7da8c9daa3a52d5c48bab592a2abac5e8b8b996

SHA256
e4aada4016273136d05c76ed71090587889e4fdaf47bc56b904670c6fda371ae

SHA512
0b90cda72d0016af934bfbdbaff3080129c15c47099dce9dd78faac8be8205bf79c0afbbf46677421735e3db11dac4c12a302ed79dfffdb26adbd02d49c959c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c013d420c52c04f18bf4c7b9c37ea455

SHA1
288e039f346525430239475c98131adf608347fe

SHA256
cd718a44a7e88446b438ec1855e4a16d77d1ff03be01a6f02ea07dfbc4c0746b

SHA512
1ef95855ad773a71338917e0fe204fa055b72256e777f5dfcd871cd2e276f45fbe057b13d92d1e42f939160beb51a360d683e521acd4bca39fb454d0d6051796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13b81fffb1944e7578d4a71842b137d0

SHA1
86e5140a1b2b849e5e375e2e618d3f228c019538

SHA256
394be3a40fb71a7b47753c28e99b571b38e78cc13872400a624b10ece7c40023

SHA512
b42f1d1115c5b9128a11dd3be465166cf5ceb34cd9aaebac50429798ebd854acb955250c21138b3abcdd10392c10ee8456443f9a19578a16199b107b7649426f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592a23.TMP

Filesize
704B

MD5
76b41a827af3d8ecb0adc0fd4cafaec4

SHA1
62c24870bf897eee69a4045682fc28a94bb0c0b3

SHA256
312977dd2077ab8aa5ae9036f5d400f48f81c887d3741c47763d8ab66ad3e740

SHA512
4297cff05c32dcd743d79469e274c4f95f3b624643b4a323dfe2ead9bae1af36018616df703429682d662a200a6d3ee2a75ac2d3f7ee5134fe44b28c37b9a82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9354fa791654195493a728848d677a08

SHA1
fcf997fe787351078e87bae0b0742abf9a85f1d7

SHA256
1eb41952dbf44deaafc7cf1e7b6d5dde67d0a2e85991aaec295125b0e6a14a24

SHA512
8c5877598a04492c6f0b76c45055e6b988bf43d4de27e4d6918fc49d1a4bac494a5ee9f322a4429245aed1244e5c78eeb5e8740be23524a90eb5409a6f7b25e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4b8ae1487f7f185a20a06e3167f0112

SHA1
237a4bd42eb310b2ab976bfda7a3a856c510ebf3

SHA256
1a5b9cb5bdadd43da5bc322417397c68cf5f2b78f33660a21d472c0f2a2eec94

SHA512
2ec9a46e537e3b054c4413b4fd2f12b5d1f822d72da8b3ef29a71208530bf3f41a8b5f28a2741cdeee72a17c259282925e179eb7146a2da60b71ff29c3b9d03d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
e5f6a916f378fa49da0ae6bcc913ee39

SHA1
968a0c7f64d5f10cd2c7ffda7e3a8f67d9fcabd3

SHA256
a11dec12c4c84d5b0bc1432277f0778d7be01e997fea60d62c2954f7f6cd649f

SHA512
67e8f6b0538143f5696b3b281469c55c8b61518b9bbe811a798dcf1bdbbd2bc06b70583544846cddc609af773de0e50c8cb8d22fd6be2f4a8e817d77bdbe1b58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
8KB

MD5
802a62c6cdf12e8c81a2c4cb9913fa1c

SHA1
930452eb39caa73f1f04d5588ce0a89e91f19320

SHA256
7d9099186f9a33cb87e37f07ba7a4b981e9e46d5bc63dffd3d439e1f36e75a53

SHA512
89ad337c799acf0028778c7e4affe073bb50b7604b25da9e1be224e20668d6c2dd7b5ef1a83681ed526a69f5e5bec40050acc442d60709934816048d5725ba19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
f185a096db7421ad0e0790f8eac7f815

SHA1
ddb5f66d6ed2162c7f5b85b0d1d50d77988b3691

SHA256
f07d2b35b3eb1f0f4078f3199efdf27d1ee63bf3d51a882f806c42da5c9834d5

SHA512
8585a26ae670dcb4666ff753f9fea69990e4e681ae5e6ba4dab1d8a8de67b6acdfe491ea89b2bbbabfe284bbd200d6ffb953db3ec0dd0e07ad5719cd6e7daa7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
0812052aeba9e9d852435361631ad323

SHA1
eb4cafb028250d8e5ba2cd3c2707b67c9287ce89

SHA256
2e8da3f522212e327138d3378094b7304735b98d8d0ec5db9fc67c532902adab

SHA512
6fa53766f09e9dc9d6766ac2b254ffac2d86cccca76e30a0dd5f346ce5cd50987f2419c7e80549d5805d5a05feebdf799274335926d2e08824f4836309a66ee6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
c2457ace83803d6d198220cc7b565145

SHA1
d643cedf2e67f561ad886f864da03359e8347ac3

SHA256
561828979c841fe2108a45ce7ffc8f1772fe67462a1aa967a2672c8ea423134e

SHA512
53d474898f72f94fb2f1103fe41b402b37f4c5a25edd4b69902d8d2cc9e09ff82e2506f1f4cb672bdb4a92ab499bffb8079c6fb674c62a6429a86988e2e6fabe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\a1d41edd-026f-4b39-b7e5-39eeeae350c9

Filesize
982B

MD5
9a0f898cb1af5446eb64b01df20232a7

SHA1
ad738b3fa0f06662c7054326f1106bd358182a3f

SHA256
abf8541bc32dd305d7189bdce61694be26276c97167fe7f311f2a35396c33535

SHA512
5cdb1e65776295523fb34f0c62ed6311e5ca41ae530aa4d8149d0f8a38fe70e59082fb1b8a9bbd6fc1b729006b15cc9ea378e0ec378010b8e82d1e297837dd24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\c88bcfa2-6224-4976-b95d-74389d7ff4e0

Filesize
659B

MD5
8b7eefe92d4df4fd20830bd8181b097b

SHA1
bd374fa39881143cd9e5b69d98bcac171c5b4638

SHA256
55793ba04583e2a5a711084475a6e3d089b3fe4b2e5ee73c538ec46abb8a9e45

SHA512
711e3e64976d8e94f5909929f39d0d0a5b9fecb1cba5a0d61754de86a8f04d9d69a4ed9aa31f331cfccf10c5fa84141682e89007573fc8ea8efc4bc8a6ed9a56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
11KB

MD5
215642d08b1dab5d4455b12979afcb7d

SHA1
3a5f5c2b5331b715c4e0a87153dc9b67f9a58179

SHA256
1e8d93a0b34ac6e2810f898faf3cf556df7d2882c7b214361a545e8bd5e2cc1c

SHA512
3f290c0e10eaf841f4105173ce267df163871bf308d9f42af297973723c86dc2b95638c047b0c447aad7abaa47c308c07dd77bf68c8ddad00618ca8d8dc4e644

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
3b71d71f6b8f25c98880d376b588f9cf

SHA1
57e68b2819b583a9ea5cff7af28ff0a6188a0b31

SHA256
5efc5eb675b20a6b5822bd4ff69fa37c42df7aa2f0be3516c24f52e54f176a66

SHA512
d877aed4344bbae45430580447c1dffd0dbfaaaaded03805849e99445ae186ad3f08bb1483776d9bc69fde032027bffb8d252c1dc6e761c4cea6f34b2de92d05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
7a8f944acf1dffeed621590a93bf3ef5

SHA1
6996479fe7215c30b92cb527c157aa2616592a89

SHA256
da2bef7221f5184c61d9e24a16932f9e709f7b3245390bcd0b8a5755b0d43f81

SHA512
d09829016d813bb3f866a1126684cd21bcecd6bfe25854fbbbc33915f627953f39e01219b5613bbe3af3164e3fded5e0a88690de174ba7dd1cd1426a1bcbb193

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
326167e4dede532ffbe11e0ecf49468e

SHA1
ebca8c43d1a6fb74ffd9f486e51989784bffb3c1

SHA256
74ad54a9a7b88e2f8a188adc3be4d3487b53f24c4764bafdc7ea3e00b292efb0

SHA512
b301a750647133086458ef162cb2d6a46f62cd47b2d674f146ef0f85097e5f61cc935589088987150043065ed43b1ee55af0599940e399e556305f079a7df865

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
80dc04ef0ea2938a8dfb5b85b48f865c

SHA1
462439d8ee323fbb21b88e0a58a27e5bc24b6cdf

SHA256
237aafab3e94b3c064b097b2c523899334efe06e985c15860ecbce1c33df00e3

SHA512
959e08165edfe8a334cb6e83da43f8c235668c449472947c2c83ee05461f2ff0d4457671f11a193fe55da6c8f5ee9e5b285724f74a173b097418cdc7a13c0266

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3354f7bbcbb4d1e7734a38069742688f

SHA1
5aa521c98bb92104058d02c9676453dfdb328940

SHA256
1695c17f1910b556bfbaa810143bf354a3b295f80cf8eb6cf67ea8bd4078db27

SHA512
7b71c1ef9a22216cc426029bf858bab98cefab92b2705b2273b85b462427035403d9fd9cf7fceb09f7d40e6b5805e93ef0eb3b1d810d331c504c235565bd7ad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
1b80df979f304b37db97bdfa06bf148d

SHA1
912a3a111a2ef0f8ed2c7cdeae5b8f34c3bed794

SHA256
8e15f519ee1826fd226ef3a843b412c7d23902b4c194ca55c56af47eebb694af

SHA512
cf773706dd39f7f3e383206998caa204609023159c015004db58c922bb78ee6c19248c330058de019dbbf9407a31b0136e57c576a838f8b01912148e749d2b54

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 13643.crdownload

Filesize
7.0MB

MD5
3c577a8fd944cafd1ea7f75b6aaae805

SHA1
0c18de285a1fcff3d9f614ccb558c40a6cfa18d7

SHA256
58d4d1657c142f6b0a9614e25e3adc99093f9b60e768c90cd3a27047b8ddb85a

SHA512
e89ffa8926ce2f437dae73af1a3e3a1cb57cbab8505e1d16da4fea5e54bdf3fba6d5a001bfc6043f53f45a4aa0c554a11a74f02e196e23f2199b27e2a462c7b9

Download Submit