hxxps://download[.]overwolf[.]com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=

Resubmissions

19-10-2024 00:35

241019-axkpjaycmr 7

19-10-2024 00:24

19-10-2024 00:06

18-10-2024 23:48

18-10-2024 23:42

Analysis

max time kernel
239s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.overwolf.com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	wscript.exe

Executes dropped EXE 11 IoCs

pid	Process
1836	bytebeat1.exe
4232	rgb.exe
2944	sinewaves.exe
5264	Lines.exe
2896	txtout.exe
4624	patblt.exe
5576	txtout2.exe
6884	invmelter.exe
5140	cubes.exe
5544	rgb.exe
6400	txtout.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
148	raw.githubusercontent.com
149	raw.githubusercontent.com

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3164-1539-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/3164-1621-0x0000000000400000-0x000000000049A000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bytebeat1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rgb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	txtout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	patblt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	txtout2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinRGBClean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sinewaves.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lines.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	invmelter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cubes.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 7 IoCs

evasion

pid	Process
4532	taskkill.exe
1736	taskkill.exe
6784	taskkill.exe
6824	taskkill.exe
1260	taskkill.exe
464	taskkill.exe
4484	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 60068.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3264	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
4604	msedge.exe
4604	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
4008	msedge.exe
4008	msedge.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: 33	1460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1460	AUDIODG.EXE
Token: SeDebugPrivilege	5760	taskmgr.exe
Token: SeSystemProfilePrivilege	5760	taskmgr.exe
Token: SeCreateGlobalPrivilege	5760	taskmgr.exe
Token: SeDebugPrivilege	464	taskkill.exe
Token: SeDebugPrivilege	4484	taskkill.exe
Token: SeDebugPrivilege	4532	taskkill.exe
Token: SeDebugPrivilege	1736	taskkill.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	6824	taskkill.exe
Token: SeDebugPrivilege	6784	taskkill.exe
Token: SeDebugPrivilege	1260	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe
5760	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4068	4604	msedge.exe	84
PID 4604 wrote to memory of 4068	4604	msedge.exe	84
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 696	4604	msedge.exe	85
PID 4604 wrote to memory of 5028	4604	msedge.exe	86
PID 4604 wrote to memory of 5028	4604	msedge.exe	86
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87
PID 4604 wrote to memory of 940	4604	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.overwolf.com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff829c546f8,0x7ff829c54708,0x7ff829c54718
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17124556512876366444,15177138024028412763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:6748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2672

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WinRGBClean.zip\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3264

C:\Users\Admin\AppData\Local\Temp\Temp1_WinRGBClean.zip\WinRGBClean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_WinRGBClean.zip\WinRGBClean.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3164
- C:\Windows\system32\wscript.exe
  "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\9D30.tmp\9D31.tmp\9D32.vbs //Nologo
  2⤵
  - Checks computer location settings
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\bytebeat1.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\bytebeat1.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1836
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\rgb.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\rgb.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4232
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\sinewaves.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\sinewaves.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\Lines.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\Lines.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5264
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im Lines.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:464
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im sinewaves.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4484
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2896
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im txtout.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4532
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im RGB.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\patblt.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\patblt.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout2.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout2.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5576
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im patblt.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6784
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im txtout2.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6824
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\invmelter.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\invmelter.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6884
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im invmelter.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1260
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\cubes.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\cubes.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5140
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\rgb.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\rgb.exe"
    3⤵
    - Executes dropped EXE
    PID:5544
- - C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout.exe
    "C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout.exe"
    3⤵
    - Executes dropped EXE
    PID:6400

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5760

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:4276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4296
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2052 -parentBuildID 20240401114208 -prefsHandle 1968 -prefMapHandle 1960 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70a530d-36c5-4cc4-94e6-7f0f85c63e31} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" gpu
    3⤵
    PID:2700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2352 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff73b5c-43a9-4ec7-86d4-bdea3d08cdbb} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" socket
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 3376 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9b6056-b0ab-4cca-b876-2aed7da58174} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:1684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 4160 -prefMapHandle 4052 -prefsLen 29144 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3fc3f0d-2923-4836-b353-3f714c525d75} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4536 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4452 -prefMapHandle 4664 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdf8ce9-588d-43f6-b787-8e05149d856b} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" utility
    3⤵
    - Checks processor information in registry
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4516 -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecba020c-720f-46ec-ad2e-8942aa3a1ab6} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -childID 4 -isForBrowser -prefsHandle 4332 -prefMapHandle 4720 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d987c09-68e9-43ea-ae85-d5fcca493e86} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -childID 5 -isForBrowser -prefsHandle 4736 -prefMapHandle 4724 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa33113a-9e49-49d3-a02f-a44f391d7765} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
ce4e5c25b47a3a5ec81c297c76e59154

SHA1
d59e5da0591aa79a923e2e13bd1417e55f15b147

SHA256
c07bd274d99f591651cf26d5db863a40a8112d8d32bce11709052c43006ebf09

SHA512
648e772634d6c592a6b2ad80e9c0e804868c19f08188d2f9da3c44df18def645a6a59c413c813b59d2a6c6bc12f779667b52742a23607980611da0fe065286bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
27KB

MD5
d8ad625c3b6ebf71c6081a85f887e6bb

SHA1
379f10b8da67d19ab8ad932639a7afd4975c964b

SHA256
aff84929e57c1898ad3441f3fc7f850d903641cff756ac5a86baaefb33145db3

SHA512
41c690dffac3a8dd4cb07e61947fc8a0d966d46c6f1993c6cc3156dc89f34dcd0b1378e6afd60ec57859c27dd01149655cecd642becfb2bc986f351f7998a271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
2fc909d72b9efe85b9edee40caf9acdb

SHA1
e49a82568d68cc0df49a9018918e8d9799be5c45

SHA256
4dded3fa8a503272c8d1500d6e0667a1ef57c61ba5332c48e3219bb6f8e1c030

SHA512
f5a1aecbbc881e2059d30203da5a5f68dac2c1128926e8d33be79e1e3c70fd3aaae350090530c9d190ad89ded6539200821d6acf5a3d122313c7bd7e84f30bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
37KB

MD5
7fe4c7e5160e07920449b17f3b7c2940

SHA1
4efeb29ad3a180976839c958709a321da3c2f2dd

SHA256
9fd3b41781ffa2ca9b86df84c8f4ffbe0edb82b154ce03024659f7fe1814ec68

SHA512
421361c4f519b3f3b5e0be9d47cb22252d6dc865cc8d82389b632206b789d4ca4d274873e411c563f75152c2a3a33c83d4599e685c45a0c017870a43dbaaa079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
7eab02c9122098646914e18bd7324a42

SHA1
5e2044e849182f1d3c8bcf7aa91d413b970fc52f

SHA256
d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42

SHA512
dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
0574f47de6f1121ae28fa42fc0d3118c

SHA1
6c0d31c44638f1190a6541f251c3e8adae6ce0e1

SHA256
a14ce3a9f80ed2fbce9fe611f5055e7dd2f933643de5b4ed4bf76c6733d61041

SHA512
0f6aa0571aa4d5fd9bab421d1d2af8c6529ab6512c29c8fd68637a3a34de66946403f5a78a1b5d84903adb36ea60a8c3ea361a822eff116f6617a52664c59038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
59KB

MD5
6284a51b81fc2bfd56868d95b3e60f76

SHA1
a794f42d9dc3d819f28fd645cb5aeca69a8fdd7f

SHA256
39f38531513eb2d6379f23052ffff6442446eefaeb16ca1aad33787334bb3c11

SHA512
ab69a8edb8930dcc9b7155201635be9e9e74628eddbee106459b63f3f38167387420d75433ad1d9acf856d236e948859e343fa99028bc56301603e1a5931982a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
38KB

MD5
a14e84d87d0b93d71ec0b85d57144dfc

SHA1
1abb95e6d066c3c21eb96c0d87d36019b2d5c920

SHA256
15951b261ae3172cea93d7b64d3f7c31e8e7652e63d3e5d221ae34b91285e8cf

SHA512
a5b95f6ca6b7f16950b35716843f0fc51278cf4124e5b01c1210ab0bb4c3e049fe8888dbe0d771f1ba3ba5e26ec1a18f5fdd5a3e4e52903b036f341a6ca4ae41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
17KB

MD5
6ad95e97ea7616b91e0ec9fa1430812b

SHA1
5e726f7b82481387030c3119887ea7fc0cec1e8e

SHA256
155bfa8f8443091ca84bd726cd6f09c0fcc42c8049281222cb3dc13e182c0d74

SHA512
188c56e52b1302b2ddf9cc0302c77c7644006330e99569bdb6e2a9085b72e1957b1c39cb75a56a0cf00fb8dc0e70f599d8e46b2fbe6c7f8e825408b6a12059b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
99KB

MD5
2940076ef5b451648e126653123622ea

SHA1
46adb402ebad36dc277bc281d15b4b9643c4cb6e

SHA256
2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664

SHA512
f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
19KB

MD5
5631d14803bfeef2b891791f0c8c456a

SHA1
f6cded7f79ea091f23f0b8cdbd1f97d0a412d721

SHA256
a0a76e5cb026f6bb2621896a5d5b0730f9db44d979de5d65f0541ec8a57d65b2

SHA512
ef30bc67ad6e3041cf0e77b5ac6c46fff59e3cd53231df711ad946e1b68c158e60878ed954e4d2018adb4b0695a23313df1f652c70cb018ef5a58cf1d4ed39d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a44ad51d1ad22c6_0

Filesize
3KB

MD5
46a9ee63ed321fb7f3c142feae917397

SHA1
506b0842b31a9983c4aa2ba176e27d92163d490e

SHA256
e1c9f7d5e401009e9ac24d72fff6570ea5ce6294e0836d3e9c3563c7edcae722

SHA512
a4aae0d03ed72c4a5b4ee1b5850ce85383f6dafb02763f7a76cdef394827a77aab170856a087915c0154efc31e7cf1f407e8319521987ad5ad1cfe865a411aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bb8100f1ad96561_0

Filesize
175KB

MD5
f31bd7f191b4c22d45a760a32b611730

SHA1
5ec77af0b420f66e4e88fef072e799bd1055bf4b

SHA256
a89b5d0917040b653568f4ac6f72e7b2c2c118dae9638271ab82bbcfec6d1095

SHA512
1b48abbe5da728d6c3b2ae97044faa341624915822f0df22aa9571151ff2776bb0d8d2c6c13d23ee3617d0f6e803899beb066df4d8eb7763bc6f852eaf435be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
4KB

MD5
199b1e624d2e791ef6441788442ec734

SHA1
58a421de559a0643b8f7ac0fd6f44e05ba43262d

SHA256
e83965a088cad9b2a0627cc5f21626e9daf414a1bbd1ff8b2c66fcba8fe5d454

SHA512
40505e489589cdaa365065e89a5c37eb89f958fd7555848c62ed5b16e9e6f2a080450ea12c451a06721b7573528496f5fa489b1f562a37da4b2b9731d6848bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
0976ff6d34c2d5ca21f489f06e0df1f3

SHA1
d2930a9c5aad244674fb67267eddb44231529ab9

SHA256
de323822e7f8874fc293328f7fac42796141e0417cefef6c392b42108cd5ca50

SHA512
59058426cd53103c718ff576296a8e5a7f52e2f296c6ae5774f4cb650ab06b6cf6441aef111cfb2754cf32773ffa4fe876c14196854d023ab5673258a92462e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15c3a711b65cd219_0

Filesize
294B

MD5
49a7eac1f02874c60e83ad4c9712c4f5

SHA1
15322fa874e449d2a62d5110635aaacdafec58f5

SHA256
d2eacfa403a831c00d58dd53e6fda4c235c3a19ecfb4393f7fb9b3b07c0121a8

SHA512
c2d2dadfe2b5dd2d81ab87c29dd94fc7955fec4a2521644c50c9af8a20a1d8fc17d6c5e9e77fe7638baad201f50b8c1f345f01d9778268db694b292f0a18de7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
3KB

MD5
ccb21f21d95e9866b062fc993c0d39a2

SHA1
7cddb415c8781da84772aa5dd450cc9b91491a50

SHA256
b36674c0ff9aa77ece92d965bd4785027a4a0f9b193fb53b7458f49c28149596

SHA512
3040418b0d455d68c3f1b3edd87e56a04a4f45b59d207ee30fa94d74bbe4a04bcad8cff1ee336a3d5d5609ef4e7154303430b35e5137c8c811686426841f2dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
3f2ad234039f0f97b0566c378750dbce

SHA1
4008d4f1a7ca30aec3c769bbf16bf9e306fbb9d5

SHA256
7809d121a1370851b0645de9294e57e55b7bd46174b22a8a69a54671173df458

SHA512
b5593866d3d4c1d471ab12d92a569e96a7547e873281d10248780f8d53d28ccdd223da268ca3c908cfc87647ce4d7943bc124f0e63d51b12cd6ad52e2b0b0f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\273820857948f45a_0

Filesize
262B

MD5
6c891884b3e30f42b9ded33de560e584

SHA1
3b97efaa8c3f596f7df782681c12fa1cb41e2a59

SHA256
6fd5186951e16d0461ff271920a350ffda6d7caba0e04c9ef6fbbac92d756f4b

SHA512
f4ae2ac91e0f368dce6a64934b19a7368e3d36b259f1e4758d10e7a0de5ff9b6b7f47c3b53d590a6dc4608da97d2a69abf1ea972330144ed38f28dd998cd38f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
b7d2b71c468dd5c0569c72f33d8ed7b9

SHA1
c82469fa93ec1d18d60484d8cabd8d9005aac413

SHA256
4183bdc39244eae98cbe55bb50cc7749e459a9ea3874d5f65f32d511ee445315

SHA512
1e17117d6bd58a730542704548f08c314a72bd4f843cbe01c9b1c1bbc56c18ff34fbaea3ceced7fae19d4fb300b65a6f3e14d7b8e35da7b8d40835d873185737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
360bbc5d8262cdfbcba554c41063134d

SHA1
9eb3f808076fdd1442b9b9c31d32b9b0b93e4d1d

SHA256
9a5217163de8b3bbd3fce942d69a052eb59e6a5f77207c1982dc5670dfc42c79

SHA512
67629c5e66a733b6f9f17965af08c3c34e72914ce14fb59fc09e48c0db27c5a550e7bceb968a4bde0f13fa623c04fbf253e5e929134c94ff0a0b2f6116284af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c70e8d154012bd_0

Filesize
38KB

MD5
4c361076d67d7e7b8d735b93e3cff249

SHA1
c0f3e08d270907624882c87e2cae9c791d5afcfa

SHA256
d08104fca28b87776a0ef714ce4454fce86bac9289aaf3a41d1d26db852bc523

SHA512
7e3e4e72c5ebfa61a42df2c28861d12c5217690d7dd722d39eb228710af8846fd0f876367e1c76b820cf87e7cf9c609c2e2cfa1f9696e8db7f9ef2bb841e03d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
14KB

MD5
fc32fc6db8b3fe77bfa8ab91ee35b5e8

SHA1
98e564a0ca45e27edc009814ef753e77b42f010b

SHA256
c4e53b7637b374d98aa013860e4961c4b130df50bb93ef4787e889486ed8dce3

SHA512
5432741bb5b2a14cd4c54666885f58a592a3b71f07e71c7447186227e2d1edceef3366655a1dc42d2719aafa231dd5c92be4c0133e50b44665b63695efc6cb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

Filesize
3KB

MD5
f936992114a29293e658b8a732f2cf27

SHA1
32a9d5f431c551f3456ec6ddf6f85ac3ceb09f2a

SHA256
f9387288fc1ccf676940ed32c551243533c2532bc59dbf41b4c3633f9f096861

SHA512
ac45907cacbf740dbfb82e5e90c43c5319d55538c307786ada313cb511190ac5508b316fe51b751325fb3c020f734490ff3826774b4d3f5dbc62aa79562c4ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
adc3452e9865d4baaa2d4e01f91ddd7e

SHA1
4b5ca8f42b00dddc7e9b6aa297ee17284b0ee1b3

SHA256
ac2ffa49748eeaecc32d25587ae4ad73166c97ae4d0ab66aa6fb24a921e28e6d

SHA512
8d23530eb265b315d594fe03c46ddbc7c08d53c90600e689c6978ac8996af8eadbcda32e33b46ff6da401d49a12f7574c6712f493f329703fe414bdb4e9470d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62630ccb9735e330_0

Filesize
2KB

MD5
25b5c6578f601e8b76cd394a64eebdb7

SHA1
819d6e24913d29c7f8b13a3b28b570a145d6a90a

SHA256
bd8d8707f5081432d9d43be21a955774c0ced23cd67fa3f64569adaf082184b3

SHA512
0956678f3c38430d07a41fc4c29b1668c3dca9bdfbd7a4867fa91a41cc4eb437a925f46289a50f8a970d2cfeb0a54e6c25a749a218392e0b3a40b149bf002e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
423a13661beb9d99ab09cada5f097312

SHA1
c1115ff2350806ffa385380145941e81bd641e2a

SHA256
ded4f4305d729eb4cf4d153efd22f9022412fb09a784a0e9734477d74e8f0bb4

SHA512
494ec61c0f766cda35da57149011eb1ec7a67d3302e81ffa4d6ee1bfc7b3771a158b8dbc4c56b15542d008c903f6870e7c6e0e79517d780a7ad1a4960fe6dbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
520ecda0a48025f1d8288b3331188596

SHA1
ca1cc3a18d86d2cd16e2458a3b0da3e571d789e8

SHA256
c476625ffadd6704e104af0c4d6672de40b92426fb58f7d403b21dc508c2d060

SHA512
4e0a224755793b97a0c97beaed9f70b6191187119b209d9bfdc9d629cf0d0100f36038698c126039a9292e918fe699d3eefa07133795323bca490dd4c17d5934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\755bed9c9e6dc836_0

Filesize
77KB

MD5
932a26a510317fd8bf5f9420c90d3a58

SHA1
9ac241b1a32fbb7270f887131c9a63d3221f1fb7

SHA256
0fe6b466ddc46195fe08de267d9de277eeb8b1f1f80919dd35d98a6f04d0ccd7

SHA512
7df7610e59abc05523b9903f212535ab4bf8f0c184336b35e3658ba555301ace36f2d4706badeb496a9cb7e04dbb0e7096889dcf1a52366c234e1f5cb2868c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
12KB

MD5
6f67c5487359652e845045e9f93c03bf

SHA1
65084d8fb31cd0d546c26a154ec5d79ff2ac6947

SHA256
78fbf9722e8589a19cbd3ed267dd4d35359730904750dada3217031442540806

SHA512
7888d5cd8a2ae51f942e64469c119c16dd0e9f3c6bec9df39253f61e5432af7a20364aefcafa4d35ea24fbaf09373f5093efc2db9c8e612757aa576766658cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
6KB

MD5
3794dc989b06d338b6286f811caa1053

SHA1
280e8f0e8b5b240ae58b2276e60c10500cf8ef52

SHA256
f9f150c640c084144df73f83988c247c50568b52f5cf58c5569d28673c7d938a

SHA512
1b659e4103040381291033626129fd2b900ffaf53c4aa2a61fd15e98f03dc54f21b5f331185c9c3b9d0bdcbf5a3decc9880dee05680ec09ec005cf963322d52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
20KB

MD5
7e8db25988bd95b09a837e99616f9749

SHA1
d40d05e6bd5a06cbef1d4353e6c807e4d25dc4c7

SHA256
3f47564664be77db32c0ed60f1cd0141a0a46c9f8b747441fe03fa98c89a7bf7

SHA512
3dce63f0d4e76c38b0ae5e299bf0d4b288ce8f7a17d006886baea7f66b5389d3294b0b0d03393bf90b37d453903ea0fc0296b23c6eb90feac4555cb1ffc9a4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
81076c79396c96450d2acf5cc6033210

SHA1
77de330af3d837fa0cefa4d89dd1c8f57c9ddaac

SHA256
9490c5ed7f4ad2df84cd49cf04f7cd444c9d1ee23553555ca795d5f780fedcf8

SHA512
8ad0dfd4d299dd8b4c9ce2b33f9ef28bf3f515bb7ccadcab1b87fd848cbf758c0bf84008064fb136a2f540015e1348d28e705bacc69672b88066646f5f79c713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\993b7c5b6c17951e_0

Filesize
198KB

MD5
c62cfbc2604023f667acd6d4ed6825ed

SHA1
c21af11097c1c25c3d3558bfd9e97cae5ca72a02

SHA256
883a713b135e890efb2d2a0a54361b0ae4d793a75b58306a0ddc2e9be691aee4

SHA512
19db49be00e5fe67f278962c00da715a0dbb22f6da59651d37a740e9c296b11c06c80e54f0717c4e4992e6be07b3add25dd04cfc7f8249b1f2ea6f81a40407be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
3KB

MD5
957c63d97cc7971ec609206727c02836

SHA1
c387e4886fef5213c92ca4b1a1f3ee66565ee2e8

SHA256
a62614c92ca48624b327e7340cb1d19d29e2c93031832dde758238616233b012

SHA512
f4bff0b94ded7ec0a048fe0af75779f403fa914eb6102abe591e783e6d436eac8a517685ba25af24d659b0c54121f13b1a796ead4cba404914facc7234f423ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
0cbd3251bff180a2d5d165a68cfd1f2a

SHA1
74d7b5b9510f3465f43650b18ec34742aa030d34

SHA256
7fd7b29d9c6f1c664d40d7959d49d43485c2b8b0a9b9659d015a20cc1f8b0e1f

SHA512
8bd874388641e14e16cc81899b6988a5eb06fbea0daf1d629ed963a2a15185c4cd625e9a3080ca31cffe634509f1a51b2ce4955f1abc455ee730b401ef341f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
13KB

MD5
117ac244a9068100ce439e8e9651f9f6

SHA1
0293fb30375bf475e86dfa1b66b6d0d96a5ba6cf

SHA256
011af5af73f5393f76df2ec82ede7846e22c8fa6499ee8d1e5290442973b43e8

SHA512
88e2c74c0cb48d13b63a6cfd300b20b654ab0673fbda1709f3c3c60f0b3615ccee9919176c84e5eb8d8b2932738504c3f8e2139217cdce0609363e0411bbbf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2bee1f3b78bd157_0

Filesize
21KB

MD5
b4a88c728147a0ab53856d7ce7804628

SHA1
2c58b9567ac723628fe6e49a5e1ec14e3a2e678a

SHA256
0cebd1d645a2d64ce40379c66c47bc38e508d9ee50acecf293447a7f249ed1a6

SHA512
6e99331126d31987be9d518820e9aee435c4acbbade9722dfc518ceb779e08cf1369875a9d74904a23f380552cdb229d4b1ac45bc42923e96e2a6818345fb919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
b71884c5e407927ccd8a81050cc299cc

SHA1
6d912c5b7b73ae70fcaac03972afa99d6435051c

SHA256
5b3be7237652edd77c6eb488404a30fe49fcbc9629e8edecc0d9007ad7d27d1f

SHA512
a1f28867281bb2e72d29440d8f1dad8cec99c702579764aa6706ff4faea0606414eb08dfb252c8bdd61cd9fb4fb0598e506c9f38eb4b8207659b9577c4d23f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
53bfab5519e6000364d2eefe6393ea4d

SHA1
fe2c6d0fec75a56edfb5979369c061cd5ee43e57

SHA256
af072b68ef7d23cf8ec2802ab2d432294b7df0284362f2d4b64b823d94bc1961

SHA512
cc898e956bc219651db92ece0faf5c594d051825f4ec9314d922455c50df78e4bdc68da8bb9910d3213cd08cf3f5e4d69dc2713cd439de9332c2ede8507fd28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d523d77d3e8b8b7b_0

Filesize
289KB

MD5
18424e8d52b4e6bac513882410c4b4c8

SHA1
67ff1f0f7640bcd31455dde19337ae13632c8715

SHA256
b7837fede68d6d959a39ed911e77838198a31773a60aca17fc03c9decf04c07c

SHA512
240bc4db3ad70eed5034901e3157071d931d0d9e38fced003f6d5cd4c5efbf79f46fc6956265e5fd6be7a91e659073c2dfc8fe741b2adbab3107799427909db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
40c5a82ab05f419a4e832ebe17e90598

SHA1
d9363eeaf3d1addd407559a3f9f83502c2ffd8a6

SHA256
19183569bc21d3782bacb2456684315d3efef26fba8d642cfb25a3e756c8239e

SHA512
25f3555654de6e605417107d70c03db746814c1174a0f81d2adcd5f2d21c2eac3bda6d33a75eb5f5aa1e5470bdb9367c066e462d86f79433f79659a4a6c86f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
0ba747e632aa3ad14116e02b1e4a915d

SHA1
eed1a5b980276d865aed4efaf1bb1952a08755b9

SHA256
ff5ff39a3a572f5f6e85ceaa8a5134a66e574b2bfe6609d3b6435c16dc7fef10

SHA512
b93c102876f4e32167fb7f944fdeee2070e5a5de200ec97f8eb37b8d78bd01b540ef37b8908c0f9415f1ffecb36114dacc424065b4c1770a16e2047520a43713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

Filesize
9KB

MD5
1c93ceea2dcc3b947f1074f15d4f409e

SHA1
2810e8a8655cc559b188322cbdb07fe7bff63e24

SHA256
78ca5aa232a145d6cd981724416ebc8ed40dac978e9c46ac70048ade1a0a3289

SHA512
422694db309fce42e1c5dea3dcd1809e34a6f2b4362138d25b84527845414823c6fce2e9ed0805a8ed958c63e4c38ea62dafda39a0b50308d36322d2fd053fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
ff8435084ecbc7c0cdff2bebb4a80c4a

SHA1
f45f849f5ac9a390e6111dd11671ad3000718ee9

SHA256
a394886d9e72953908130e615db4a56867a1167ce861a654337c1d2d31794c48

SHA512
a8ddb24adaefa1b1630ee7e9cd11daf8a4c108a8e65100a649c95d3b207221af08e739ae32059a4e80111c565da795e13fb6aa06ec6080bdafbc606440b47781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeea6a59c461170c_0

Filesize
6KB

MD5
4f3bf06e40504e2dd375fa4cae0f60b6

SHA1
814888fe86b7d046b304f0af27180528818d68ca

SHA256
23f7c5fa82a91e5a7876d37594e89ab2b128ebcf58bf7bfd06a95bf8855ee389

SHA512
ec022ebab5684c3adf7073d2d01f0e48e4610ffd8ce1a97e421331de76ea797c5e96d3ee1e9fe4e6769971833c54453656f023352140bf4d792a7df5e7152b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
bf675ba690b91dd797fa81f632d7c21d

SHA1
a19b9d5ce0788db90fad55fb0cc377585769a365

SHA256
be80d663d5a369e0a8790d70d4251b86274c42be00e9db7c2477754fbc3785d1

SHA512
28c8fdaf802dda1917da3c2c1161474b5b052e1bdc42b40425324b04afc87c5b463f5cc071c63307f2c8819b5e8a478205d1c0ab058fd0680c42dd3d40118920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4de85f6a7256047935da4215fe0869d3

SHA1
323ff6dfd12d6d1471a19d0cf2fe307962b9469a

SHA256
f9635efefa85ee07535d65504cd2262c9b9fd6ad1684ba2fc42418946a91e2bd

SHA512
c6bacfb3b59625664032d05e85b0e7b47b39ab83ef331fde3bfa7c1fe60d4b2092af192ee59c388f6dfe4040bd17de67f8375db66feafa290b0e043579ce8e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9cf653e4e59bc6114a2cddfc08f95caa

SHA1
8e06e48f32e55605d4742f5f235681c810140c44

SHA256
5d5abdd93938cb0b906ffa8e3f394a02ea095883c3ea04822911cb8fd4fd377d

SHA512
f4cdba1a76d2a0401137513982160ae10bf9b8d4146456a73faabd947fadb502f04505032a397b5ed6a0c1830c6098db4a2e0cf8c9772578a02512465f21b016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
551B

MD5
894d744b7a582e3e908cbc0404176180

SHA1
730ff8ff449e23cf4c1a61b76847a88653189d49

SHA256
c5dee621931008a379a25bbb76eb4f7c7ced670269ef3fb93369a7741b8bc22e

SHA512
e12aaf9976623582091e4c8cca82c6732b39e9aa1b4c635df22edfeafab512a38d3fd9a9da9786331b15f0f357cc98e9e964c06865cdad4a6c2735b51eab0967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
525753370998787a5b7e8f7c005a85b8

SHA1
aa973478b543247df2447043d79e1c03b177b320

SHA256
8cb85aca4d7695fc2cd7c66a5a0e63d920ccce11dd281cdbb0f5d349d712b374

SHA512
67683a3698f4fa506a33092bdcaf719c49ec5fc919c8d9d67013cc182f5998fe94c6f5654bca1600e956addc8a19134976223f57ef1745714fe3cb769d4f4778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3956cfc0c8e404d42040030c58471cf

SHA1
815e9174806044190627c4689a2a154abdde92d7

SHA256
7410b97f95d6c94fcd14d7582e24b6a86faa0284e2cdb1866a40af3c07ef1890

SHA512
82bc00b29eec6b69cabc9147cc18ba1b3f7e0a22bebbe8bb1e79899a2c161bfad4173b7831dea81b317b619b23b2b98c64b5937c981c4c448a15067a2568bc8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f1afdf9b88e325d6ad1363186d7497e

SHA1
6c16608791c1441db8fe6d55b7b4e0c4efb72f7a

SHA256
54d8c2b75c9f9c0991fc6c24ea7292c23dce1437538f24ebe25fb44b29f23bec

SHA512
28a24f0bd802ebae84635944fe54a7828f4241c97bf29d990f4366f8852de2e3088fb09721c374e88b9bb5b21a41372fe62107c5ca70593681e64b0588f98059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d46de74613d2859fd96138c85f58e163

SHA1
68339b32bb399191520cf3f8b31ee82bb3819652

SHA256
10f8d534fa189fd41ef73585211b28178c9f7d486e67c2c12944fa2a0df60d2e

SHA512
619d703dc09596b05cb9d0c797c0450f94a7bd794573ebe90137b653fe9eda49637d578b389c625368aef8b37e1c7b8c8d0d33a573d2797146f28edeeb2b90aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ae007dc06d2dcf7d29027db0b4763bd

SHA1
098ed4e6b92846a534905677734523720fa58e5f

SHA256
5c99c80166eb4c0b4ac4227fec46edb60948c92e3ccc63f6268f09d3a1a5bec6

SHA512
db78e372a4dd581388e052708e60cad2c3c97e7c1e2b538afec9a31bed5fe78165f183c174c74a250b85329c0aea4cad09c62c0db590cfb85a148b832c2ec98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae1c891d94b06f22785ea649dff9a7b8

SHA1
ce3090ac39de3cc0c22b4fc37b38b738bf8e699f

SHA256
d0756f68faac13947757295db5a8686ca0f28e7189cd3fe8dd2cedc6cbf450f6

SHA512
a73ef750575284bc2fa16fd4d9eda29fe75fb9e1c4b93b56e2bf5e69d6ad0cfcd8859d1f53cafdea2b414ccec863b62d6c8e0c617e56a5da1fdc73f35eb80520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2a6c25ec665393417199e17f6930c72

SHA1
5530cb33391237fb87cffc0714a8a1b0392aee97

SHA256
0a26f9331211966b9bfdf92674989f98bbf118c67bb87b81870015ed41420021

SHA512
78db393e9a9d71aa4391ca3f6ebdd73ee644c904201d734de2ef398724fb0ecba2cb6b2c115b6b9a300d1bb9abf363b0b06428ddfd9be450b95cc0119f3b9868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6df99943abfa82353a9e461d305ffac7

SHA1
f2b81fe73075ba8147a3fd8b7a799f127effb483

SHA256
7d3d6c9d7bfff89edec38a5d20ef2c3d7ef7d46200cf37e9e0fee7b716299a41

SHA512
7f71e8fb638c6aae50f7adc60d561beeb55a69ff365fbaa4dbce4900f15ae49c215ba38c8059e73dfb6cd7dce7373b79207ccc9ec3a9ce6dcb9756eee7614402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11b6134a3e1c9b65c6604ba6b2ad529d

SHA1
001a5d13d59530950ae5b9d5094b8d54c57f56cd

SHA256
4bffcde1e757a3604e452b111e10386a764c855a87e3a3d61d2f6b26455d759b

SHA512
218cc0d514cdf52c597df19f94637f1206a8b33b4dc4891faa36f6aaae4b6e79671ee1c91ebcb4c227a2e60e3bcb682242a34405f6ae23fa48f8e6b016c5b918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d292a06f09757c2ecf15a1cac1b565f

SHA1
ea4b1c7a7a47b0ea18e91806b8eee61f90819f3e

SHA256
7309aa3c742c91af9a96e515e0721bee33fe6958b09376ebe4447583247f50f9

SHA512
69a06a5010d60a1dcd5135cda0f2298a14c42a5d08381fba0be8a53c02935f235a4b918fe42d2b4701c0f641a2ee838006ac672af77995a94bb4a4b35ff66f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4b0b3478ec7fd09b2e082d5f336072f

SHA1
9449e2e08c0b52e391fa66d6b6683de2d53cac69

SHA256
0a98255b2c6919090a446c09e6f3a43f390a34621cafd70a7a43f7a30bb71041

SHA512
ba44cbd6154adbe279128485d328c86dc5ad8506dc73ad19280abef59828ccfd4e3bfb4ef7446c9d94bb9b8b71f5c9d0155221e3ffc2ede0c7e07235f081b2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
76890704b685cd8ffa85d68116555641

SHA1
8c61bc2bb5b8612c447327afb85c5b10727b22f1

SHA256
575b401283caae1e52db810f124f7602094dcd5d403d6b01ce329899f52ed4eb

SHA512
f509fc999c48b063d587eed5eb0df9cc2f8754e236ad7d2f453c0d7712a592f1c64d0a584aca225d2afc6cf7206f779a16461b4b914fa7ff3c2f166d96638c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a1714d71d9c7378787246bb54856c4be

SHA1
6348b737d5ac161b914645e8143a86a3ee215e14

SHA256
b5c46db1fcf22ea5d5a2736a3433d8ba232dc77556fc788f5359d30917f3bc43

SHA512
67c9d7b755eba1d193e4e5c6a67e55350b7ad7769981527ebd543137ca200e96624da884ae89a1ca27c47d66517e1446ecaa5274e7699eaee5d77dabc555434b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
186ae0651a64883a4e8be90cf837c9b9

SHA1
fa3ab9391e97fd13046f1f4155acbf85ca6ce26d

SHA256
d484cea962b25a20b1cb685411fad7850268a10607be2ae52e7eab3d3c2137fb

SHA512
487cd2572a67c0fe3852cf6d86e1c9998f30cbe0fd9140567e076343d4fba8ed964b974a8893b2db875441be9f81d26bfc29024953da8d79f4d7aeb5a257ec45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d10e9c63a6bb41f5a0c54b992610ec22

SHA1
b7e08e414de596e0af218a8cda89b361defbac00

SHA256
3c73c640c9a6e44206dfd26a407e0549df73e6da5b5651e1c5e7a409a5b319eb

SHA512
4df6a21296081a24c7cc5d0b185b9310a23ea4e91370c3aa323e3a3f84455ef56ac7eaaec0f2b7f86ab752aea9a33c5e469b25d4ed91368f41d8cd70fae0a38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13910dec6da64c6da88ae38e3e42a59b

SHA1
247c9c00b152ad7902525d8b3a512b4363977e3d

SHA256
f0a7dbea4fb34e5f787a79eab891fc1b00a47f1edec9aa1c85536185f6dbbce2

SHA512
e2e5d2bf690a15d20fcac36125f0ab8d51f04c94835d3158436b3d1dfacb6aefaa96a67019ebc87f31751797402a7c44f6f6063c806a0696ce40e1a137fa86b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e810ad4ff77d384d1b85e7f7210f2ca

SHA1
d30134da46447d5783c9f391957dbf51e02a10cb

SHA256
826f6f857b4eae5792da2caa69318b04c1156e7c90a91d7584de323e928889e8

SHA512
33bfed586fe86bc27563fd72e10af30db739530a9ca2f62b31bd1f073dc0dd52f3af93ee39e02b3c3fb25130066fe7d0300b1e305d3aacc020335e1a51814446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37f361f75f16b0ae33849fe722a6487f

SHA1
5bcf332ea23a294b5a6a9e3c2b8969527a498b09

SHA256
d8e568fdfa198257155d41526815ce3471076a79baf37f88924736caf51d006a

SHA512
a66fce94a4f6d537dba2a71a906945a47f94ab09e0f13764d7a340235db5bcf5a414c93da4b50b29ed715d234c4e0baa16c2be4a54fd412d24eb2008ce30fda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bdd.TMP

Filesize
536B

MD5
006a455d6cde7ad14bb3aa806ec22ebc

SHA1
2b5042b25347b55c929e043cc6e83aa4178421fc

SHA256
ec4c57b5918960320859c1c4bc486926c25c48397c7973682d96714dc5ece4e3

SHA512
f02b54e52b9be9d6ac9d96d502cf5f28a19da93f8baca87f69bcb0ffa1a29418d8399a64a2ea4d3023d15e36522e22dae82c6cfc591766da1ea34ac41358a4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aace432c08c88a1d5096c2a5511a86d1

SHA1
ec237f2b75664b99c1efd6d79cd2f49b9d84e69d

SHA256
8eddef44954fe4c2191fb431f689004cfd7d9c01193b0591fed3086ff200e2d6

SHA512
435e3e2cf5b013a11c3dca7d97970f5f78efa103e78724a1b7bc43bcb4362316fb82ac23ed8d93d41c1bc947c945abb04dee2f9ef8e1006b9c5e817c66d62e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b8da43401f183a9f9495ed3b32c055e

SHA1
46a960f34ba9a666c30db74b9daad4ce2d346fcc

SHA256
0af9b3a6fc34c1e43300635c7ec866bf11dff2f5b9b2508f9d0f6ac0043566ad

SHA512
e7cdfb090214c42356782c85fd1ebf97ae182c133ea0aa7194b96c2af77dac5a3010e302ffdc47ba37e8c9ec7d29656f1771fd6fdc310b7470a13e9b28e328af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
952517c2e6f60605c8f0dd53645bc3be

SHA1
fcb273c9df05b54e5ab2d61e2409a0d843cd838f

SHA256
bf5c91de472457937fdd4bd31937445c038526265418fa0e3ef469dc6af0a411

SHA512
c60f4679b25fef20ea2a0d61fe4177950e96c8fb17b25652e88cfdcf63f30062ac4dfdadc21d3c97290852ccb5ecb2d80e6c94f0f3415cc9477470c15679764a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4206bf4cd631f9703bc8556178a4a7e

SHA1
bb81d66e3c5a4ef459f13f0a5f29f519b2a07d7f

SHA256
0fdc5165f132829b923a2d371fa4748a33d029aeeb731bdf725e6bb09f53ff94

SHA512
385a06ebaaaee146670d8255a00422e33f05774d95e36579cebef9ffa266e82c2e38f110a3c6b9f034e7b8667dc013df718a95e945291a3b8da87977a63da2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92a761703f1c8df86020d2d45a2c8c2e

SHA1
1d7098bcd7826b924d2afe98b3117c7c5af390c3

SHA256
52df7440e02717a63c10df6277cc8f519536d1a09b8cc479638389b88fb5d38a

SHA512
ac5d2c177b2377ac3305f63ec680dd15e8ae30e42b94d9ab513cf2bb87855634f514307220750ae6b4b9719965dfe9f70b8bf22e59589ed5a470e9cdaacae710

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
cfa625187233e506be1cbbc8424093c6

SHA1
cce84fdbabb1e9705875d20a2e0a346f4a0cf15b

SHA256
07965eecd290146b5f9a4733b028d7766490288435251ff14a59f9ca7da1d7ce

SHA512
1494ab4edcdeddeb18006b15a8aa4a907145c9f1e90fe79c10015160d729f0da9481121aeca9c1bf7431036472aa17856134ce252fc75f4cd0beeec5849fbc99

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\9D31.tmp\9D32.vbs

Filesize
3KB

MD5
c2fb837b63810883832a3bf675ada00f

SHA1
bc9541ff8deec61e0211473bf33336d527c4ee42

SHA256
249c8567b26a2f26d00245476cbf07f065a4d3dbe590b4aaaf57df4558d8a076

SHA512
3d95bd62e4b0ec64b03b7a52c2c185eae69fed97c84f0a0b5ad3cdf4194105ec134551ef313b0946a13ebbd92e60ed8f96156a0b5eb06067dfee8c2fdff14c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\Lines.exe

Filesize
103KB

MD5
6381e3e4b02204e1353218ee6ec45c2a

SHA1
a350d4432d2a1a8c7a34d5ea7214326ffc02c270

SHA256
df3cc9a807a80697cd8b72f8f17a365849146cb4e41b4340e42f78d1bc1722e1

SHA512
ac7f21c539667a77236b78006740c634b7d4c0a55dcb776872bb339501112c62e1990bbb73b8f3c4e5b065167b8102fe35aa4633248b19dca602606b68b15015

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\bytebeat1.exe

Filesize
102KB

MD5
6b673ece600bcc8a665ebf251d7d926e

SHA1
64ef7c73a713bf3c55fb4ac4e5366a7a425f1b4e

SHA256
41ac58d922f32134e75e87898d2c179d478c81edaae0d9bc28e7ce7d6f422f8b

SHA512
feb18a1aa72de47fd67919e196abd200afdf22ad5a7e5dac20593252d8b2ca86982bb07c2fed3681ef06c9933c6d197590c1df65aa5df93cb6abafca5e53e9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\bytebeat1.wav

Filesize
1.3MB

MD5
09d2094f56d2d38aa64eac1d90c5a554

SHA1
c6268759b1eee9fdfafa0d605d62bbbf85defbca

SHA256
4599f6f06c7f491a50e3c4012a83cce9f3ee13ae209189cb8964f0b6ba14614c

SHA512
4ca756a06612c281ec03dd9f064b9ddaf6756b00a5d54dee62728f5cdd7ad3d928559b9857ed2f733b8b3e842b396fed94b212ef2a384265ac623433d67010f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\cubes.exe

Filesize
103KB

MD5
ed695dac2b14ccad335e75f5ddd44139

SHA1
35f4fae272c9b8dc84ffdae9b4dbfa4ed32936eb

SHA256
2d3e7cdbf244704934afa447552c049a891a9ccbd6d4ab42ca2504ad0a99e803

SHA512
a028c258cc65e208303f458279035d430f8447c6ca950d2de9c345aa7c2a13cff3a36fefdeb9305f8caaffc7da91fff91e05ef8e52b9d3672f7a71b49bbf47d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\invmelter.exe

Filesize
103KB

MD5
0928425141c06ebb894e50a54c2aa1f0

SHA1
5f27cdf914df73946a0d2e35bfa38ade93a16bd2

SHA256
229f07414798adb8f850697cb0ad12a1911443c8b31c0484c1b96a16efee9a02

SHA512
bb734885ce1e6a8ec2bf32bc0bdaf89298a419b25d6ac73362b850742f5bc11f4e6bf3cf03cc6d1bd025487140a778859211f70cbd2798fed1ea8fa57c957371

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\patblt.exe

Filesize
104KB

MD5
02a349c19fa0cef84bc88abf65f8bc2c

SHA1
65a1215867c12109150c10f3f831e997e411e131

SHA256
ad088fa2c014bb718c005149138f284b183c494dec633ccb88c6c14ef1935199

SHA512
33a1517cd1ef56429dc387fcec7e1b6f90438c5608deefb408d310239520a8e5b6c977b13b419d5795f7ba68c7ef03e951ff61534fd53fe6d36912a6fa93d06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\rgb.exe

Filesize
105KB

MD5
bfc9e8ab494313d6efb67fc8942f5ee9

SHA1
1b42cc97803221538e020cb90517cb808cf19381

SHA256
33cbdb6e00f3f42f58502af8a9150604a44bb9b26825c909aa0edb5c744a1f13

SHA512
2d01f92397b65eade1f6140f80e2cb626b3e53b112c7e77e84ea7f6092b07c05eacb9e5e9bcb4676c8bdd10fcfba4fe297f2a01eedffffa594af87839baae030

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\sinewaves.exe

Filesize
108KB

MD5
e9534d452e7b06b5591e0509553f8d86

SHA1
2be1075e3ffe29c95fb0fcbed4dcf9fc54788a58

SHA256
edce21b4ec9b68e4e8a5232c1432d5de0865f1fded27fc69965a2d3d568de909

SHA512
21c40c98f9351676f9a105a733472b4b9145a2a2fe13a82b681fec1c73d893bd2be472938e2b84b70836875ed18d0e615a003b4af0f99d5d463f2031500b57c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout.exe

Filesize
12KB

MD5
1914c6ba37c1a38bf0ff70e6158656f0

SHA1
0a060af531d8a149c5d8cb0e6ddd2d436a63172d

SHA256
89d6b417fad69302f1f3c50e672e90dc97560b1b769b5a9bd5d0afed40aed26d

SHA512
98e64fbe9603ba546664b8b942dc708450651b2d553d630b84284c755fec371033ae629e77d8a85410e2a31c20a57941fbda16b53611e67f819575f2743a1b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D30.tmp\txtout2.exe

Filesize
105KB

MD5
21d90b4350b6c69d01174240997806c3

SHA1
ca6cdfe5f7f0a15ca177eabf7596d64bc284215c

SHA256
ecadb0f872cf2c112620e0bfdb9f657dd5ac25188c762b2ed7261f9612163757

SHA512
1e8089c7c6f1660652b29ab5a5ccac7a51dfa5fa2e28144df5a196b232b4ac489d5eee7e873144365004b76995ce8315d29f7af5ffc90130b61c38a06f1966a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
8KB

MD5
8f2ac4c52ae7764fa878a19c838a25e8

SHA1
e061b3bcbfcb9715e39ba1c730d596375b3c5ab6

SHA256
4cc4d219bc2ff220c37b00bc6071c6f602f1cc29336a46e673a0d79e348fe0cc

SHA512
4a974c2441df5fa569d1f67e44ef7210557382d81cd63bcc54f92fdadcb04741279324fca2ac2921661131ed02d95dd06631bcf280d7cad7a0ffd34ded433a10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
18KB

MD5
f231ad083ba0057490a494bdb123bb93

SHA1
e31b6eca5d370504c584c699fbd26f7818e1d773

SHA256
a66f422900e1fb1286ae6d0bb86e6b65b144854cfec3ef18d2673873bcad812d

SHA512
432e2554c4344f6f099d894b47b613686c7c4d81b0b0079577da4a00b47ae212520891b1b7b98d988920a6db62cf204bac54c15fa5e9ae76e2083622d5e340f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
e1fbfbe1bd4761884a71739fdb5e6156

SHA1
ee91d121ad7bb002643c8cb83db32f8901cc6087

SHA256
ba83852cb9a527e94c7673bc19b16e1e578575845a2622da44b1a7404f1fbb6d

SHA512
9bd16db975628c1cec7a1ee7b4134670691cd89a337c582dfe5323e7145c8e7db84d1e29b403603ec5b9ecbcfe7b456b775f189d8626b43e5ec6a00a7a57483c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
be971c84f1dee80193f53c149b4ee64c

SHA1
2964dd315d9c830d24e0efee9de2b0dccc12f8fd

SHA256
0e709b03fe30e0f3f8b809bcb831964f2eceed98e0447845438f8974ffdae075

SHA512
46d916daaec16b167cb27f14b1b3ab59c2b185485781075029810845467ee5daf447a2cf0bc4aa1dd0e08f1e34a044d4640f72efaa66d76e84b470ca72e03319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\52692080-9448-47ee-be51-69801b1b75cd

Filesize
659B

MD5
b8e534b6dfa2352bb356e24414a528b3

SHA1
818f49ce1a5de703ff38683caaad40e51319e121

SHA256
c0688c7cbe1830b2ea338457e24f6f707c0606f49020351e9bce624e8977bbd1

SHA512
522767b70b9d78bac2c6cd91c20a23db141429bddeea2d56ad31e96f26a9ca0753d0309d768271df0462e9b0eac7427f59b283b028caa91306c57f3956d2a4cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\ab8aa59f-3212-4e06-92bb-7c53e541f0ae

Filesize
982B

MD5
11971e6d27b9cfaa46773c45540dd188

SHA1
510bb09323ec4b5efda9b48a71f641173f7a5bfd

SHA256
ad88416c6db542a3e2a9c78fd8d3146295f80aa5b17cfb2e14c10b7fa99f0f60

SHA512
0bcfc7e7a00a21bdbbe820eea3c3528bce339aff8951b41ebb2b4e9328f9f316b8ff4829c8553fe6586b173d1a9a2b3ddf72cc9cf6bfd4d8706b284edf89f840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
11KB

MD5
ff91b685a9bb48dcfa9d585f1d054fd0

SHA1
5e52e87edcef75d35bb0e99ed1323daae39ad47e

SHA256
a68e73dbc744e10b0a4c615ab8805b05b93494b629250a732ba60aebdb3b6894

SHA512
baf14e43956f3896ab1c81da1b70fe0029026f308498b3052dcf3e2c02683d32b1a98ab8f10be9076b24d3f147d448ce0f8a0129234ab0c836ecb8d49130878c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
11KB

MD5
7372a623be0a37e9b0eddd822cfdbabf

SHA1
5868acdd25e415687f04ba851ea56115baf8abd7

SHA256
79b441589513cb619c8c76b0f79d8dc8813ccee7a4ef2c736415393ab99b951a

SHA512
9243cf8162f7ed585567e5d8023a663174caa3ddf59ecdf9ee88a76f9ecb7f1b075cdade42d7d2b3aef8fe6d3c510ec467785c7a2308b690520151770f4b26f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
11KB

MD5
fd96a0cd754e683084adc56737d25971

SHA1
b17b4eb404295ccfde669fd199f892977f20d7df

SHA256
64f226a7a042c35324d126792556d08d685efdf12613737a7f26c1dfdad560ee

SHA512
b36bb670502fa40ad8f0fd03bbc165536185491251afdfba129bfc9aa549bbe99ec279c44515a4abe9abec119384527ddf7493e3a4ad0d0d937e516956f48c91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
11KB

MD5
a8d968ccd27e88cf011519dc5244d3b9

SHA1
1ca2d1f9c8ea38ca6f278853ac79d4d8646e7373

SHA256
72b857299cb5c47c81012dab7934f1c1719b30240c49f375921104784d34814a

SHA512
58dc0a1bc71d2d14fb0331861451e9742cf0e7f93be2daf78ce27743b4afcb5f0c2f018b1ea7705877737df67217a01d0434225a648db213323ef689a7bc8b96

Download Submit
C:\Users\Admin\Downloads\WinRGBClean.zip

Filesize
6.2MB

MD5
7c129d423a9a7764939fa772f1c2da7b

SHA1
b7191fbbcde82a5f069bbecc0fa836f09631b99a

SHA256
bb2a8e8d8db1b59b377ddcc39c473af08744b305a3b2f9190fbcafc6b53e637a

SHA512
0740ac6743c56a178c3f4869ec7bab7d7fc9a6a4c2db9628b339bb6da4e3030f00fabe36b2e5426383d8703faf3e104ab0bea2a3e498aa42a54c1a715470016e

Download Submit
memory/1836-1622-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2896-1658-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2944-1626-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3164-1539-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3164-1621-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4232-1623-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4624-1688-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5140-2102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5264-1631-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5544-2103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5576-1689-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5760-1645-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1637-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1636-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1635-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1647-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1646-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1644-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1643-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1642-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/5760-1641-0x0000021375420000-0x0000021375421000-memory.dmp

Filesize
4KB

Download
memory/6400-2337-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/6884-2010-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download