6f71b47fc4ab0d7d627e385452ee03dc7b536482d9cf635ccf081097c9561896

Resubmissions

22-11-2024 06:30

241122-g9gxqswjew 8

22-11-2024 06:27

241122-g77els1qgm 4

22-11-2024 06:17

241122-g2gl1a1qcn 4

Analysis

max time kernel
62s
max time network
64s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-11-2024 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

meta 3s.webp
Size

251KB
MD5

12c8ccc6d8eca6e2d83f6744b6476161
SHA1

c13a05fc7765e486b592335c11992bea87373e20
SHA256

6f71b47fc4ab0d7d627e385452ee03dc7b536482d9cf635ccf081097c9561896
SHA512

e35909eeda892f7df3fb6f3ecba17f47cf1059a07a72929242727bbb67cb1f571f97163fc607f8f231055fdf9230905c98faaa8f59b66559955ffc4ddf4b8807
SSDEEP

6144:RIaW7YeRs7nsGwN8A6NnjDi8p7ZkUHEcNWWUufN1ugOxHO:RpWnUsFNX6pnFpVkUHEWWWUuVH2O

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1ea535de-043f-4a58-a504-f07a26104522.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241122062853.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	Process
2184	msedge.exe
2184	msedge.exe
5084	msedge.exe
5084	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
3720	msedge.exe
3720	msedge.exe
2200	msedge.exe
2200	msedge.exe
2096	identity_helper.exe
2096	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description	pid	Process
Token: SeDebugPrivilege	4744	firefox.exe
Token: SeDebugPrivilege	4744	firefox.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exemsedge.exefirefox.exe

pid	Process
5084	msedge.exe
5084	msedge.exe
2200	msedge.exe
2200	msedge.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

firefox.exe

pid	Process
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe
4744	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
4744	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exemsedge.exe

description	pid	Process	procid_target
PID 2520 wrote to memory of 5084	2520	cmd.exe	84
PID 2520 wrote to memory of 5084	2520	cmd.exe	84
PID 5084 wrote to memory of 3228	5084	msedge.exe	86
PID 5084 wrote to memory of 3228	5084	msedge.exe	86
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 1788	5084	msedge.exe	87
PID 5084 wrote to memory of 2184	5084	msedge.exe	88
PID 5084 wrote to memory of 2184	5084	msedge.exe	88
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89
PID 5084 wrote to memory of 4120	5084	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\meta 3s.webp"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\meta 3s.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x100,0x104,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:1788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:3592
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x7ff759e35460,0x7ff759e35470,0x7ff759e35480
      4⤵
      PID:548
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16326406813959213773,3705163611973249506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\OutSuspend.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x104,0x140,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5004900168185146142,12442549587669161915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1896 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a694c2ac-316f-401f-a029-5f241de5a792} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" gpu
    3⤵
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9017d17b-2ac7-4b8c-b19b-a06a93c80c7b} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" socket
    3⤵
    - Checks processor information in registry
    PID:700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3048 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba2020b1-922d-40ce-9bf0-4ec6a7c8cb90} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 2668 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50206bbf-e0cf-4d50-83f2-8f6bcab0f492} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4864 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4872 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a859dbbf-b672-4956-8204-2ca81f82e7d2} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" utility
    3⤵
    - Checks processor information in registry
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5444 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {134dbb6e-9800-4dc8-b3c0-a106617ab5d5} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5616 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {445fcf5a-d6d9-442b-a122-d2b4f21d2474} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {792789bb-b575-456f-8738-aad2ef807537} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6208 -prefMapHandle 6204 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c75922a-6263-4515-8872-5804c5caf693} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" tab
    3⤵
    PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28a972e24eef6f7e3924ba37204f9fd

SHA1
56df67c07d6d851756dd408ccb01857ccdfbe414

SHA256
26ba40d2122798635b637009c7d041f149eabdf1d0b075a87a5e65ea203f2821

SHA512
8d3f8e3297dccda92a5222f4007dea5adc04531703c47ab0e626231cdd71ef9dd7fe30566aa989a5e60da4e6427da7af100298d8d64cc848df1a981ee18a3f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4d4fecc4f79af09ee9058013a5d0933

SHA1
8c15752d73da3f130079028e435f2daf50f698e3

SHA256
d4bd83a9074665acc707d2572ccaa251aec3af919a325a4914fcf74315b7325d

SHA512
449b0c0203eb1b37f922db5af0a34582a69a500e09daa86cd0a794d717e63588153aabda336401f47690aa3b416c0b69fcaf9ffdc715d61d59357a79cf620e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ed0080d0688152fa97fd37402d4e359b

SHA1
eedc181b41d54fda6583eb9937a2b7e8cf34a8c1

SHA256
b07c5e0f308c288559c278a2b5c0672909af4771728476be57751c25db976ae2

SHA512
2d970f45d195a819bcd38ef793ba26243ed82c81024c8967da178512fc929a86c193dfe4070aa88892f2a52bfc4c86dbc867059d38149465e688128c8bad146e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
e3f59efef87239ba9059b16186e87985

SHA1
893f44bb00885674fe13c0cd0e6498eaacceeec9

SHA256
97001edfaeedc7cce2f0e47cb0cdb12e3c7935e02fbeb1435179cec1768ad2d6

SHA512
f526944d5e37ea8e46b0977e7c34df26779a5890e56886f01c3d101e00e700586cf9649967d590e3de6ff6a006a502269d48fcadb54f930ad76f5b81828284b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
5aa96a3dc0380601be85dcc81962f9ae

SHA1
863843d3f5988665a9e6e54476e10c98ccd1ab44

SHA256
43b169d2cb9dbe4508447342cc23691e0eade4f0928ce2d9ef78893cf77844c1

SHA512
96d42a47b53b80378f9076c4e39f8cae61260f8bbc590cde58043aa384ac5aaaaf820206c9f527c5b7d03a55b5a76203fb6e877b55ab1f3a45411fb7301e80cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1cedfc8ebe3acfb0abfb0c0ec092a428

SHA1
dbbb7343a988c6a1e7d77ec694680e11b6d10ea0

SHA256
495cad1760b5412a8cb676e6c63a36a4b1b9b4b4a04093dd7c1d11e525669a7c

SHA512
512a397f1e753c091a4fe6cb32a4bce1302ec0b387e2e63f1181dba2094fe3b6aeaa7780e85642067fe64ef35f40df9f59ad76f61ff76c354fd0f484faee5339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
707B

MD5
041447adb2233642c0fee00ebdc16c44

SHA1
2bd1135e6ad59fbb47f7f50475d0c34793738d02

SHA256
119e7bccc5b6b331885714ece0114f09dc1969543002c43d72d738bcba16dd31

SHA512
2812083fccfb8eb861d2c0b3e1c151af19e2490ad0b9d8f9fd0305046b96b4e5ea0306776f8505e7370b84c694a395091a14cac8078bf3bd95488b38f89869c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
c4250ece32041708a2f453a0260aaf53

SHA1
f22993ddf7f1c4d36c53319e56a3d92938fdc80a

SHA256
9df171f7d75bd409e8f08519c4b8949c47d999a9cc4f1c797b3976b9284a929e

SHA512
f5214af5051a4bf30594c9b7e71f5abc99482dcbb71c1c966ea0d8fedea473b640da0ee1ae1d974f0b0fd81792fb26965b6cf87dcc77210a3092e35df973ede2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
3eaffc5bccb12a7c9312ab44b28485d6

SHA1
e20a1d05c50196fd4308d80931734a1a606f9f02

SHA256
c19470a2469fc78ef77ba6ad6a07879d5c3d3c1594da47c84837f8ddbfb28597

SHA512
f4d3ac1ed33258e03ede7385dc1fd9f785aaa5af9e01a6e94fdd469d278f2dc7330f8b9c465234d08cc1bd596ab7bdf8b8641de6eeacf3e3bec88094a9b7ec42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57ee48.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f164929c4c07e31fb11080f1a0193ce9

SHA1
569c34450305ef79c9539c0b422aa61c715086bb

SHA256
6570df43af34b95e07982251918f6c69076c1fa156e531ee9ded22effd11f927

SHA512
50b62c2dfa76a36e0ad7f5e256bd0c78a9f3d20b0a4dc90f2abcc03e39d2fe7faf47b2f0e9683eb5eff4e82c74539829548d95fa04e7f337f0d1a17aebd2b22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe41cfe87c6e9807b63b3ecac8675fc1

SHA1
ec4ad8993ca338ad3139efea5f8637d446850df4

SHA256
8101db597647d0a9a93ab14e6d33376ac0687a39469ef74f352bb63bd64c7b4f

SHA512
e99a7b7bd950b271fc0ccd63d030623a248798c2c3f232759f05202b70d1729b77d8a243474ee9f36cccab228602029496f431ad7eac6ed606f8a92e6d4d4ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08728a770a7c3abb41eaaeab6ff19f0f

SHA1
48a017ce65c711b575bf567edc535b46786b972e

SHA256
b497fb9cdf133deb51d161033d617a0c7eed594b7aab598a5da24b4207975c82

SHA512
c939ed7bd387b86b6ddf4969dc95c6088ef44037075dd04848c7d508224bb29d1bf5ec6c669f74290f372855b78bda08174be5ab69947da441f0178c8f37364a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84a8f46fcf0411609aa56d6f4f5d477e

SHA1
2639ba849af3d8399b5c7ebdbc0c198c493029d4

SHA256
7a8502b8d3c54837b532d65f47c85a9844528cfae51b38a86363ec3bdd83192b

SHA512
a05c28e58431f55ab3234e295236eb91649653f05d65f28ff56f625364d491cbb7e24086e372220913dc3c710264789a0b729371387c16cd06c6394c796f4d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
685bda5e49d622fb6b616e2e4efa8c9a

SHA1
d6a5e3da1979fdf77bd12bf4f9ab11bd44f1a594

SHA256
520c4a0bab05b66bc934f139c565ad142f820375452e2d2ff6751df298bcbef3

SHA512
07f8d52eb86cc9a835938eab3d617245ceac65c30c2ff5c14caa65ab6d7faebd27680c2deb4d2d4088e17e1539e7327bc4670a34c2edd2c046ef969d312e5b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
0408f75264900a258f4fbfffa3acec2e

SHA1
b6861e67fc45a8fb05bbccc5cab613969a4b83b4

SHA256
10af375ed3357c8113a8b5f0431f2b1820f6b8bc2243885b1debc32823db98e7

SHA512
31a32654d9a2d87ea70a7a28302a3eb2bd7b17e7357ade5d347ef2f5a240ad8adc0921859a442a79ec3845ce79977d17607d3e57cb47f04b4515fdc02a53fb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376730555388237

Filesize
957B

MD5
8ec625db2567f5067391a7487d7fb4d2

SHA1
2caf36daf6c349d3fef7868d0e9a364caf758710

SHA256
bbac0423678e7b2c91680c884978fa33cff204d2c938f9452cfc2acc105a4bf9

SHA512
c17ae0b3e61559f1441d8eaa049729fe4c9a63aaffb7b40da4c865c7962ccc61b14bbe70889c48f873eb571c2b4970c599e05ab1f14de993940c03fd0c9f6e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b4f935f7adda7d076430312240249f69

SHA1
901c612004bda452e86d40ac1234da5eded5bc00

SHA256
32441c95534d5dfccb7d1b02e65bd5a6af8c8b3a9f78e763ae8207b1fbcf4cb2

SHA512
de5c8a8804bb3614185c1a4d6d5db91d3065e5a3100af7406795abdcfc49da71c6095e58c56a158d2fc277958e85a1208872a10b03b9376688b8b9d137b4fe83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e9a442b3483e250eb1a02f6d9f1f8b55

SHA1
b4af0d9e172afa931314fe10f569bf6870b95d25

SHA256
e6713efac37040a5e3d32e33cf0e1b2444b2ac8f06861fa60b252d89a8fd1449

SHA512
251e9612101db515acb180665e1f0c1a48a6bba7b7ba30810866d696ce1589eb55049a3e8bba3d8dc2246bdbecdc383fe873a0f79b32f3e41fe55968e83d22f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7f65c01a5de4fe24aaca6e1fe6f61b63

SHA1
b1dd0e6198e1c6a4ab90e98735046f30c370280b

SHA256
445dac0bb36eb6b39b3f2ade984a9f9571a2a73b65e2f8eabe0e9dd2742cea31

SHA512
ade81a93e54351bf70933ed0404a4c5fc088a7b03734cdaef6b7127b2150d50d109326f474c7d9d264679b525a44ba12ecce7291c1c69cb677debd9846e1b859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0fd13a0-a85a-4b5a-96ab-137c44a7382f.tmp

Filesize
4KB

MD5
bf0c2bcdef8a620762eb5561a3503da8

SHA1
9ae9d2acec1778946af9b1c8fbd8978754c3a18f

SHA256
376aa31accf345f3d0d6a410870cc95c71c1ceb6ae1ff3337229b5e81b6f06e3

SHA512
e9c57b538aae5ae81cac813c048836f0668ad69a99f3f8083ad0de9734c681893c33c19dc58ff8a6d13c44c49de3b2fb79989ebcfe27ef24f49b0c37681156a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0256736bdf979dff29dc7e126dfb79fa

SHA1
5f28ae3f0dbfd73281a5aae48fa1398260b9380c

SHA256
50cbf1a9280e1a38207b520c010eebbb5426686777b75142b564f4006d928b3a

SHA512
550122d053bb2c332e3bd09523c72988f7c4482af7c826eda9cfeb6700e0983ed8f8d36e7801e1a7e2a15bf5efa54574c046c08cb201f6a537cb95ab92859fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
156B

MD5
e159189877434e754d14b6b74ef2ec19

SHA1
13e802141e89bd2d719cbbcb327d64886a345ec4

SHA256
15fd826534d8f986ccc202ce18ca94f34ec9a023ff056614c7a7e1165891dffe

SHA512
7eec618eb8356f9ad98ca57a5a6592d963a783443b1de0f88588903bde241228bfbd837c93b3352a85ab76b1eb30c378523ef54bc414b58dc561499423663070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
281B

MD5
82c41ba2a6595623f635683c71a3b193

SHA1
344aa9e872643a99fe55b8c168579f39b89d4568

SHA256
bbe4a492a5e8d98c65f1aaa47bf9b197356cf5f05c9c6cafc0862a3a23cbb388

SHA512
81e3d369547bef09a8126beb3c355f114a5f846306253e26530dd0d980586b6b21aeb2210962abae09304b45fe2444fe401105298c90e5f971a150b7b3b53a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
560B

MD5
3b74d4f5687ea19cce7efafa90d2778e

SHA1
012ed7b8d94de2d66c8f5048344b9663f6711a89

SHA256
df071dbf50e9a11be16d6f21afd5a70ed1fff3ca02896817a686d670e5978aec

SHA512
d64916b64ff77b0d6d8ad7cb30da9743d17ae598a5ef9c0b2bbf0f0ec0397fbb2443008120cf685903e1088989a60673a2bef818fb1daf81946d3958bbca0197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
299B

MD5
231a7a974965b1d57ba97f12d3804f16

SHA1
6816382dcbb94217e0d3fd8684de5a5a3a12f688

SHA256
51b38184b9fd1a88dbe499315a1c3c0d60cf2f1f55d6267e7eb4c2dcf01cdcd2

SHA512
1db9f50be03361fc3b00c09c64eddfe9acbcd46bceee67fea2b3ae89dc192a9fa95e350b5d6f1d5c0f0b655fd1ee1cac0f42ddc147ebede75ea1175cae08a13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
543cf755e57b445d9c7556af816c08e5

SHA1
95dbd1ee4503f29de6389ace5fdda9aeba993f76

SHA256
c42c7ca2af05632ecd6426b35882d7d8bd09f0c05c6bb165f53c9a9b7f286ee2

SHA512
0ce0177ce5779c54684b8d2f67f3cde45ad4437c3d9bf6df80d6ca2c0c65eb0935ef52b71118e627885d283384f5f7d43cc79f6cf10a18b06abb940b29a5e3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6a81ac7bdd9e7e323af45eadaa76c1e5

SHA1
adf4f1ac57e063341c79f28822685334fd1ac427

SHA256
ec74e9b5ad33af3f9430a83c6593d35b858e0e360e65c32690b4dba25cce106e

SHA512
8c5331e83715349a96b8b5e8efde7cb00d72fc0d169b44d29c6c1512711e08f1db2f4da38f7b124b794d0bf6e8c0a15e0c8acb469db205f8654c81dca4c70c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a095f59bc0f84c8d413d13f83a5a9aaf

SHA1
a227fcef8cc1bb031edff034dda0387d31ee67d5

SHA256
5df6d2ad96e7cb02591b840c716cec75f6d25d7c44c3e172212dc98bbf656ce6

SHA512
79e59dd5b289ebca9c94eccc47537c46f25c955686e7421c2f7f78ad94e54e5303ac61b696dca5ac2c167abf51dcb1e253b0c1fd8b315068ebeeb9aaf31bbe38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f3dcf3abb1b71556c624c0e527f7803

SHA1
f3a1d538ece6e93581d6f2150e05f4b0112b0880

SHA256
e16903a3db07af563cd990f127ab15b604f3759cde74cd7551106680c43e2e2c

SHA512
ee24ea8a3c4987a50c48aefd4e2f08e4227e939e7f945d6ecebf41d3a4a301aee8bbe419b87c3dd98dc908019f4cad689870afde684924910682e21806684ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89b229e8db6077dabe0bd5b75fc925cc

SHA1
22a4cad37da3af1a8e38ddd519750bdce7441c8e

SHA256
7c34aca0217f2ae6449bf064844a3b605f9f4c3c9cdfa735e24a5571fa06b464

SHA512
25c3476af077c814017d41f6294ca9191ca38c6c2ecac2f858402cb9126c2552749360befe1994d0fa79bbbaeeb1924c584f0020268ee913a4391ee085332ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
5ec37541c00cc6ead0463277ae05268e

SHA1
a0e9d8bcbd4bb5b189876133aa1442089d60dd2c

SHA256
5133751cf1bd46b71e0b93508cd5521f3ff7c348ef6f4089b8948f8f331ab09d

SHA512
5703230808a0efaacd80d040c1d011cb92dd968587ca96379dd98931d55887bca30afc81d070a7ea22c7ec9e0e6d6d524c1ba0320cd12b9b0b1562bfe119b300

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
23668d92418cccb0a6964181a79d6413

SHA1
c1f76164045c6f24ddfbd9a08993bf7b46d4ff39

SHA256
5cc1ffd27358156ab3600f420186bb90b40ab779f5736070d8c1a744117fdd90

SHA512
c1e89aa693c4b2940a30938172354f5071d25e7c68079cffc21811f872b7855f33870c16e1406069a11e16a347d93a04e0d2dd468094853151a1225cec3989b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
bf885115dd81d61f4adfbf395c0a5c03

SHA1
fd6de6a933def43acd7fd937742c8449c4978c8f

SHA256
22062b55dec66a4f2923e51b35390b4994d5d94e4960f72ec221db1e0dfacc2e

SHA512
7d3eb39641f2714848572f610727e60dd5fb0c5aa43ee27080d555faa2d98ef59b4398fab6dd8f50387babd21cb4549786d3786e044cc4f325cda9a9d1d90c37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c1dd7ed7319e9a63a3701e55f303adc3

SHA1
8eb5a04eaf168dff544485d7772281d943a406de

SHA256
c2a492b07fabe3f51d7a782585f71287482de5dacc9f7b06a129b10eb33f244e

SHA512
1a96f41b7346f932554c328ee67efe05c085aa27208d421b9631c3a4d9d0b1a1b306ddaeadd678c23d7de57a8ae894dfb6e8226bf6513ad5c4df94fff87cbc7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\AlternateServices.bin

Filesize
8KB

MD5
b08e85c8b581f263fbbbd8f8b5c1f2e7

SHA1
3eb36daf76c480776f3ad2917480b3bd1faa51a3

SHA256
60a3b3121105f766b36c9732a24e773e4545c7b2ef37c014fbb52d920fce0cb6

SHA512
bc1be397f1fdab055e40751f2465261fde12d9bce29b9f44d0ff2019f717413f8d44635649a3c188b4bc9af2de7630921e1ee9489cb656c09674df2640ee1135

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2c3fb17223f867281ed9177b072def82

SHA1
1e8f0b91215a70153c7ae727044795731f2d9512

SHA256
d5edfd3fac3338a71e5a945fe4dd54372a2d8133c980333466c619417fbc375e

SHA512
d765220da25bafc8a23c2034c6d22d4d137ba6f972cf7a7ba5656f9af5de5802a7a5adf87a97f783341750a386146f461dd59809bc232035937df72f043584c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b71be67694abf79df651f772b3e0f47d

SHA1
400e92e497fc535394e025d0a06bc1575e5f05d2

SHA256
a2251a9f48026a7b222d26a1147e5db9932d012fc577f957dd8703a07e46856b

SHA512
c79065d6d0ed695aea0baaab2f4919d9edeb2387c342e3df949d25ac2d78594493cffb2e7326e5c26c00e6f8b99cf7f6c7bb2155c0db5d59c278e87f817c3d91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
18310148d2ec90b0f7fc5c902a86a40e

SHA1
0ad602cdeb5de6a46f3d9b52a232581458f4eac2

SHA256
9ff91f62bc0d82d7a586e98b88304f258ac86aa5d3d6083e6629993137f114ca

SHA512
4f511e4ba1bca590cb041cf4f80c1a99d785e3216bf46243eb6c501e3d2d0ac992281a3f79d442f0e1ad47f28471c77bbc10a14b91729bbdd0e6b4e623929870

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\263877f6-8d9c-465f-9d40-71292c7f3c72

Filesize
982B

MD5
e7049d693529b90580fb1780a5572aed

SHA1
79d46e68ee1e937b8c74fb99b2d090b8073b223a

SHA256
c8f9b7ff35e3f5aa190b352377db937872bb6e3626e1ed459f03ca31c2b58b5b

SHA512
8f00d74b8d64c2b7eb3975870a5bce3a6b7c502a9339a67c7a102980522a07a4ccb73556cd3a4161353618cc4821dc67026c7eab5e3eb0fea2ed3188a859c2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\3d383435-bc59-41e9-aa1d-226b95778350

Filesize
4KB

MD5
d438236a0af95e191634a28feebe9930

SHA1
4fe6f12b3af60cf533d46673d96150fb2d14e336

SHA256
d7047d975fdfe1ad63a1a1e6b761d33193a291a59be60ce2fe4859d4145aa56c

SHA512
acb27165b3ade483684a8f2f681dfd53224c937a85a5a08a15105c2c2a074599ad7dabe1047a8b0fea6dcc42084845f66ae98529ecb5fefe6322629020e511f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\722dd5b3-b982-4515-808d-2f9e35cbecda

Filesize
25KB

MD5
ac3a2d882fd1358766905301ef5212ea

SHA1
55b67e0829daf1dcab4dbe235eaf085d3064eb09

SHA256
cd5e2516f7635008d5f466e6d097113ff0abf9fed664bdcb8f496d3137260ce3

SHA512
d36955b85ecc696d3b0a64fbac3ab55bfa7c68c82aeb80186024028b2e54f23a4b0b7f267d2ccbe41a3a235ed49102e432db2d02a03ab94506884e4b63f66198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\7e7f8930-6d68-4fb7-8197-5b96777cdf54

Filesize
671B

MD5
32c600ff9f6abe74e9a96e6d2c17c63b

SHA1
6885b34efbed3aff6fa035f18c5d804680773339

SHA256
d47562e8ebd2d19474b48c90caa586040c9dbca9bf6b0146b9f89878c6484d86

SHA512
31fef56b841f22c54a500d7554b48716676d0a3946924e9a035c32716bfcf7dfcbe3a53c962a74a48f15f8a93bb119bb35957dd6857a3ae2f6aaf63db79e5a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js

Filesize
10KB

MD5
4bab1f5cceb78517a0bb7ce42a8fcc53

SHA1
5ea3e0634de01ca2b7fd235abaeb519346757247

SHA256
1639405718e159d72f586e859fff6d34b3a7f6d5374d2fc9645f99d3fe3737f4

SHA512
81cc3caf6771e743ab75a1bff6c295bc3cd1a8a8eb5a5c199ac78d6d32ee6ad163bc97791540ee9401ee649a6e71a93174ab161c76b6001d8c24a95f2a956933

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js

Filesize
10KB

MD5
9ad0cb9ae0715795d68c831b3d70d322

SHA1
5916df7a2f70edebefc631256a0cf1f6b66c5d74

SHA256
3e24c4a85cb02dfa90d6659c9c5a8776da0272914ba7b589a64da38eb7ceeee8

SHA512
fd7e0b23f48754b4f2c750699b13723aeb682b35654b61e39409db10001f515d3b887e5141251373dc1569ac4604a585a5760758a53abb75b7a4683b1b86a7a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
ac8ebf7938f9b9f77e7e466a2f1a3562

SHA1
bd7d0b59722ef6040d2e58a3421f46ca589143bb

SHA256
e1f021a4da711d784127138290de20a63e7648455fb635aac87d1965a6194760

SHA512
27d17ef39e107966a52a1e4fd2fa5efa85723d1f03f05a8fd47e5c657eb5d67ebd26ae1ab8b4793a1a0bdb12a3c1d9d58373c263e2d7c2a2fa13da5038f48dbd

Download Submit
\??\pipe\LOCAL\crashpad_5084_DEDCKVTACFGTYWOM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit