hxxps://toxicspins[.]com

Resubmissions

26-12-2024 16:00

241226-tftewszkgv 3

26-12-2024 15:59

241226-tfbvvazkfs 3

26-12-2024 15:43

241226-s5xm6syrgl 5

26-12-2024 15:26

241226-svcj9aypdl 5

Analysis

max time kernel
895s
max time network
895s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://toxicspins.com

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133797007026270799"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
2180	msedge.exe
2180	msedge.exe
404	identity_helper.exe
404	identity_helper.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
1552	chrome.exe
1552	chrome.exe
3936	msedge.exe
3936	msedge.exe
4468	msedge.exe
4468	msedge.exe
5048	identity_helper.exe
5048	identity_helper.exe
836	msedge.exe
836	msedge.exe
5496	msedge.exe
5496	msedge.exe
5528	identity_helper.exe
5528	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeDebugPrivilege	4760	firefox.exe
Token: SeDebugPrivilege	4760	firefox.exe
Token: SeDebugPrivilege	4760	firefox.exe
Token: SeDebugPrivilege	4760	firefox.exe
Token: SeDebugPrivilege	4760	firefox.exe
Token: SeDebugPrivilege	4760	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe
4760	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1164	2180	msedge.exe	83
PID 2180 wrote to memory of 1164	2180	msedge.exe	83
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 628	2180	msedge.exe	85
PID 2180 wrote to memory of 3516	2180	msedge.exe	86
PID 2180 wrote to memory of 3516	2180	msedge.exe	86
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87
PID 2180 wrote to memory of 1304	2180	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://toxicspins.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14dd46f8,0x7ffa14dd4708,0x7ffa14dd4718
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1184 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13189026177986764055,15078741557639720824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa1481cc40,0x7ffa1481cc4c,0x7ffa1481cc58
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,3103674636767996861,6445454389590993085,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:412

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa14dd46f8,0x7ffa14dd4708,0x7ffa14dd4718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,579552111517737394,9642441113901882455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c08aaff-30a1-4575-b7b5-14d0e42b2afd} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" gpu
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6b60263-cbbe-4301-bdd4-0cc36382104f} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" socket
    3⤵
    - Checks processor information in registry
    PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3060 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a90cbad-87fb-4c3b-98b4-887201c4c0dd} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4176 -prefMapHandle 4172 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {756f2cf0-d82b-45f7-b77f-022845dd442d} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4800 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a4659a9-f851-4800-b80c-464097ba8184} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" utility
    3⤵
    - Checks processor information in registry
    PID:916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5164 -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5052 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c315992a-f18a-4e62-aa15-36f8ea0f95d0} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:5640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5196 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9184556-bccf-4698-959d-51bbf686fe41} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b04be6-c22f-4012-b35e-5a62499d2c30} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4544 -childID 6 -isForBrowser -prefsHandle 4756 -prefMapHandle 2308 -prefsLen 28497 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ea1b18c-215b-4aa8-b492-050732dcb906} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
    3⤵
    PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14dd46f8,0x7ffa14dd4708,0x7ffa14dd4718
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1254771664462494523,16902055099294222649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f3fae99284604791f930e7ebdc2b067d

SHA1
263378ee229a42d596aa010297d52104dfd88484

SHA256
801ce50392bef25e526ac6fa7db48800a1123d4b25c91de6d86f986208b4e4ec

SHA512
6efb273deb5c24dcf50eac5d69c9067ff4f086c6f3281d43f93c0a62b77b0ba14c0733b386f986370685fdf00bf476d00789dfd507991126faf2a296e4f8011e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ae45614ee13c191dc94518bdaf4c099

SHA1
65d57cd347b40ce41b2cd36c53536d70672b336b

SHA256
57322f097e2a28b70841460b6ccb5d1c0f35c18fe372eeb73c5e102977546ecc

SHA512
5983bec8664760336bc304356803b1cc1b1ad796ebd237f963fc0f2eeced73ffe706f04c072d9f787cff281338073be892382a7643a598c7262b1a74c7a41c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
f62d34f4ece25c2e2370ad3306571013

SHA1
8ebe5c32611eaddc1f1e518d1472eca15bcd0601

SHA256
5a322573cd83e7b48039ee2518105cfcb3fe8da2db30ee75e224c28a8d4b2969

SHA512
41a46e061f626052c20f64f763a9bc17c14f19b4631e68b76a8641f577add4e568a58bfb144d8312960915491abd658706dca98ed0aef25e2a4c850d32e69a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
90d216a8e37f9cfd91f4a369891a2603

SHA1
f00fc39f0322a45ff75b4b09cd5f5be1470a2163

SHA256
c79a7ba5768b1c927b6c34e10a53bdd364638ea6d2c2278eac60de806f59d9c4

SHA512
64acea2aaa67d878cda7e5b98f1ea00c33df18f3d2b88735d72f3ab14b2e577b3abf7a9788393e5bc6c0e87a818a2522e1e1fe6e51decf086a4a6b0aced762ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
26d8c9c22900ea8d676507be8f0dccb6

SHA1
77c8062ddfcadf4bc5c888ce3202ef3afe2c0ae6

SHA256
4ad4f7363f95df7d5338c6ea404d27c9c92e67facad5df531c33c6cd09001649

SHA512
9b6b3655fd2f67ae04c9acd13068e55101be6cb20a5c51bf31848dac4b1240b986fb5f6f1dd967afee002b07c1f7117fd5911fd244bdfc94ed8676e252c9a341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
68d8641329b166b867e8366e0090effe

SHA1
5b1d4f9c1367afe5815a214ce387a0d162f53308

SHA256
9b8924a8e02f53c018d5ec13e1b5c6ea3dc3ec91ab9bbcc50aecf8100ac1f34a

SHA512
fe56816cc816ae2816866ca77820b08414ee3d15887638d6e66a3ea76541efb7e365093bb997c20c791e9b54e533f18e63a8df9381fb10e7a0e46d636d1cb1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e389a2348f4d2ba0068643c813622e8a

SHA1
f87baca8d1414342a8edf8a0f7837f67c5f446e2

SHA256
a85a233c9acfa5a68cdf5b02f17c9e5f3f83ff449f8e8f283be8d6ed6c20b98e

SHA512
6aaecd3141b4a0b307394e4ef208d88a6971884295d1cb39cd0a4af5e69dcd609656d48529ee14ef058104ef36a637e68968763bc5df4bf53ef9cc3e2ab42c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a67f33cc2a7d8c57f9392c2536798076

SHA1
861e263c10af37bd1ffa563b3086f00bccd658f7

SHA256
61a545ab611ee7f0e57e9d95cea4f5f742299101a8f5e8d84e650b28bf8536d6

SHA512
5cad21228068a85cab6acca188e8b8505635ad1dda02f3ea9f2c117eabd2ed2f4b18aa8950093ae4034b0daccc6120b3c5b84beb1bd7a048885e8f0ad4800a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e887d921f65f80e1904499733b5779e

SHA1
47169d68b3c5bc6eb0dc0b694153d395148f626a

SHA256
a4a5079280ea3e5f43d0177f6bb975acac175311d0eaf62f615d2daffe039d7a

SHA512
700f68d214a5343f52821ba456d44ac8783fecb451fa652dfe0556089984b20fa02b2c146c3bc31ac457d48628e7d2b394712f912a3f9e6bfd29a27eb3e209f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
134eab66a7158e918385d8cda69416dc

SHA1
6b27b0c05217fef0ebdb59231fc40d4db9601df6

SHA256
148c38cca5cd42920f37c378ed06d292348da69b57877d1fd2cddb7c95d5f7ef

SHA512
dee0f1a6950e174f20a0bd93decdba9bd4f6ab410898e80f3192d723c5eb554d8ca98ed7b5cf121316e34194c915f89dffa8e950c80f54a6eefb9b0dd365bf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
aefb7a81d501e6313cc9ce4064c29bbf

SHA1
d17a2e1d2da8f69064593894e5f5b86cbb0142b4

SHA256
c0a72a1e1e384050c80858521fc5600cf8d9461a854f587464979dccedd92bdf

SHA512
85e792ee4b463be9bd982d61d8b69d54680799a909e9c3fe06c027ab3582901479fec117f74aea47f1e5c94603c66ef8d9f046c487fd29ab8ae6631cb2677fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
10e57df4330ebc833ec06922b77aa777

SHA1
6a2571fd6b14b307cf6880f7f0306d1bb982e3f9

SHA256
691554e377af0ee60cb9686200d043f897641935068be911107f6b150b399967

SHA512
cd9f536328d0488a9dd2c5bbcc343fca5329e82eb632ab7b97083d5dad2415e01ea7a7c04685364a041a79eb3065a52880d230da6798294c010af61bd8187a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a745d42349c18eb44959f27f13a13fdf

SHA1
221852eefd0c9d4a0a8450169d340c1014294a69

SHA256
4a33c4dad5e1b69f9164150aa11910f9313962936349479b29d2925b4831d28e

SHA512
671fa58f656ba603033e2c9b10aafad543a77af049528493c98d80a45a327527ed3cdd6a74e1df0dcc52da28b2b3100a26c642d284860d0c22895b71d3959c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
cd9b92e89a4a87d05d28afbc9d320369

SHA1
1552e82b8fcaff0dea7d9c4fcafc46dcf87b08e7

SHA256
b4e37ed96f6e209bcbcbc664e4cc6f9edcea6c20ed6152c7537fcc4825d80bf8

SHA512
f0edbc433e254910712ba1bca32cf403caff67ea0091c714c41089973c207b59383b2cd67067addc1b3c814c0992ff40c2200a1d8b83791607c9d5125ca61971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d78a23e5b3bf9b2ef63a3d21c20e74d4

SHA1
c63ef957d31c8c4ced83135169ec923a7c91b854

SHA256
b48860c2870a6be65a309c09dde0b65e05dbb4546c46f23b0b525c51dc554b0d

SHA512
cae3fd4ee4b382ef198b76582ff49c782405509e46cb30d6c587482f68ef97f99845a785dc8b917e7668fb399eadf7411c2621fa9db5f2c240d0d0d443a28413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
1ed02f9da3e4e1f069e33524588aac85

SHA1
bd7c45ab2d4c65bdf674bd8ceede419d91d09d04

SHA256
a34bcf6877de0118c404148c3dbd68ab7451d781712010ced66dbc0d2751bac4

SHA512
21a35f198b8ddc71cae704ac2f905bb9fa936aaa055dbe715bb6084c9a230624b54437c91f67d2f8d656d8dfb8209fbf464e2b359d748c3ddd6f15a35033066d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e729b42001bc5b559801640dd4de3156

SHA1
b618e3d82677ffec308a0955d166eb6c54fdd8aa

SHA256
87b754fab3a3809f105928a28b4e782567591326ec96f9b6211ef0fb9b3cf607

SHA512
84728e10dad4f702d2196e31bd7df57fed9d0f5f4d58a9a38249a7a1fe1947295b2e9b2b7c22d4ae405b04dcfebc57c53c2e5390dd66bd651dc1ae6360074f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
53ae5b3cb30e09accd1b03af6ea304e4

SHA1
21b89597a1b7d9b2585be5b050f579da719bc376

SHA256
de59d29c03536da06e0ea72ce2f5ccc0fc9c0ac18828387b58fe573c40d2e3a4

SHA512
7ce7c919e2f8d33876b338938afe1f776672a33b8cf682cd8d711bd3810da0e7d448f987008d9e07506b34503be6979baf697f7a5748d763781b89c605166001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
475B

MD5
8b8ecc298f6defe6559607b85fb6c411

SHA1
be0055a13d7e160a69ebe6ce8686e9d46b5313cb

SHA256
db9ab555aaec7fc8c20f2e289d33ad4899c72d2a7463d021e5eb7b06db23c80c

SHA512
8c7ecf63edb312c6d523c91bc89003c0838d727ef8ee1b8d85e122c332c7fa81f8e7a828bd1ab61fbae3b574c4a0301118cdd8c637d718c9296c099d867e0368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
846B

MD5
9b92ddd5257fe308bbc7541b7ec3bac0

SHA1
470a6da18ce022c58433ea99c98658cb0628ff50

SHA256
78994b7de58f3c05ea6b96e5c3866fd2b463646718dfec1866a0ac79c5818001

SHA512
431e9fc33cd56dd6c6ccae679403ee21e9a13c834bf4d3e22685a64f029676b62f2dcaafbe404dde5684fca0e29bc809a5301ba1a8d54fbbc41487253a78aa09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
34a09457a0f75eabb53c5f54aff33e39

SHA1
99825ba50a6ae83c32b11a4226b344c1b9b5d5ae

SHA256
f9d07e48efb532f34f2cda3cc5990ae53079822c85bb23f4a8cbb0742aa937b0

SHA512
4ace74e024b011d5406c0f3f04fd672ee279553d09c9ce1e51708b14243874aa85d038e99abf1301eaaec69070564b2cdf03f7f04c7b107945985036d5c91fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4f155333f17b309ce9d0a61d019a68f6

SHA1
45b2ab0abae838a8ea8f953bedf4bd5bed9b7658

SHA256
cbf6d288a4231ede3fb44186437af524a7a1b65ff353fe6ff78943c68998e6c7

SHA512
7293cb6704aa7c2229d0626ef2ce45f5d71dc705d937ff1f0234546f8315765ec71897cc4a69b82051f9763fc079b6c2375a8faaf9a175ae5d8a93161f36e65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
66d05ecb202fb0b027b4ab429f533f96

SHA1
9508f4a1a5d79241bbe9fcbb1fb6d5da5698faea

SHA256
de390b6d32f169a630bd6342a8ebd7d14c5d0e200773adccedc59af00b7d9b2d

SHA512
3146c001e60e52a9a383f54385d810cf9a2a3c803c31f99b44a14e464fb6d10cf328b7072fdad39cc2d57235b3e0396f60c9e2afd15d92d81228e9ff3e88e41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5e238acbf56218f2ee5c559fb62a13ad

SHA1
259127a2b46fa366ff9a743556e6b27e615489b8

SHA256
c080d8eb03be0e733495ac254234e46a465e7c4a104ef64ba06ebd5441ace604

SHA512
ca9dabe04a36d70c10c558e391fbcb85fe7c63359f2987227e31ef12351da53cdeb09146283f337a9ddbfc8ba1da866131ee3b3a20d822f907f50aa229842885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
332429cb7dd213d6b1907d44adb639e8

SHA1
446778e55b4c8da4c2f8683bbe669b7a5d09ecc4

SHA256
cdcae586520dd6ff1cd40fc7d262bd94ac8e4ab3b34844c3313961a2d7647826

SHA512
b31e2519840c58dcac376fcc37252a245096fe58c9a43ee3a2507cedbf832311d9ac20b539e83a3eaea71fd09bbb10ee37a63ed662c0a65de9d91719c63444ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0d4e894de09113a3bb8b4fc3e54f1334

SHA1
6b5c212170b3962f5ada4267610c0f1501d1d41b

SHA256
2a3f776f1a46a0b8380eb0f14c4b4fcbdfc0537fafbd5e40cb60ba787d2197e5

SHA512
155a722bc8cf5f155ac588170b85aa6fb31f23c4d22e620a5f60391938d5c9af92ad70775c84373b11dafd64b94a84fcb1a86b8460385924c5b535202a15af7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85089e04d42ae0ba61d558d2a25f9d82

SHA1
ca7d28642fe829ab373eefb6acf03dcbdac3044e

SHA256
d24bc4bef42cf8f51db837944b2475e28ab8e27c7ed91ddd3804e9e882c8bd64

SHA512
b040ce1dd3fd37d2cb1d62ceaccf6155b157c3fee8b73cbef148934827e59f8f9bb186155abba632d92303cabfe051c67301f125c35f8cc2c29fb064deb54f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5cf01673594e005312b73341dcb6b9c9

SHA1
04f524c2af3310d419b3510273bf6e9a44308633

SHA256
1ea09ca90e3be20735fc4bbe0f154183bed3c5c302b47ee540c6f5d5764d4c3c

SHA512
93de6b7c549c00990e0036a3b21cc089a8e8ffcd71d44badd47f423a8aa2fbec7f523a0e7cc6323d46b1c4c976ed538af06ed214c0315326e1e6e5288416a2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7ea4ebbd2296f8e4919e2a1c95334d72

SHA1
5a74bd3079073918b94418de185ec3d65c57ef28

SHA256
3e9b1e023c559c0f008871313466a90ecb3731d6228c5d5d61d3e52ac02cf205

SHA512
d3f072ccf92e4ee51d4cb601bba324a35ea7ad6b291d9fbb5ecb57c9caf83133ef205ea5326b0a5850a458d5a0c53035df6667dae8fe66f22ead91da7be8aff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
90182ce5f19bbaffab8cd0f194f06b6f

SHA1
f101592672335b6c8a1370a8389ff0063624908c

SHA256
59502c6e4570c6b875622964a7fde3379ff29567c35b28b5462f038a0ff56c2f

SHA512
4d703bd68da85aa85e148f01641a626e6bea80c6f082faeeee53ef4e0518d99634ccb42f44bfa2a2a7d2334345b1129101fdbd077c18a5ab2aa11ddd23eaae1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1fbc3e815346fd2736bf23039dbe7686

SHA1
b2697b1f548e4ca7d6c2a300ba2cb93eab48bce4

SHA256
a8433a001c78a11e5c4e5164cc64adb17cb3dbb0d94d3bf785f3b2dd564c8d75

SHA512
592793867753fa4e482a012242e4a28cda02df188dfd821059371a91bfe565db2936f357de772035b4e1d737bb783cbdcd54c942533204742609ff1e1f299a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b2b7904cc4a0dd5a10288d302ceb282

SHA1
34df66eecc124c6c90b932805d3d41526212bdc6

SHA256
1aa9fb1c504237e2012995934689f2e6908d480d8ac233b03dde5c04b7178f7e

SHA512
3f5115f8f0ef179da3ff9898f3d4978ca0839e1ecac13a0d87140aff814791e09baa4cdef850b7f7f751c4fecef27bd15915c11e3500829dc8d445c7f5d4a492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4b2481fe524c74b101519cb01377cd2

SHA1
0d51e23bb1932f48834653609754c7dc8427205d

SHA256
f45385d935604e108936f3f7def9cd62c0d60f901c6246d3ac45b98537903ae8

SHA512
c7b7e67de723815a7fe1c11da25ff519b94b87dbcbae63c074eead1971439fba536380de7d4183614ea1380d0a05a7b614221a4e73fd992da1a853f05e106682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f761fa65d1c0d875fd7a8ed7d65c1bc9

SHA1
161b227da6b66e120b5d92ae2a0b724ef5f29fbb

SHA256
3b24d2a8f63ad52e13f6fee110f1af9bb4255e48a83e898d2d058948d860a83b

SHA512
595941f5b6fe30184c950702ada73afca679f990d9e7f2ab1b715dc8a3e4fcf1cb4a79a0d3654b5291f18c27f1164adf0ebd2396487c546ad6d28be48e0efc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
71d7a61bc7490bc2374ba6ad49a78454

SHA1
b9181547632cccdf19cfadd5adc53ba207412e94

SHA256
ff44d93675e67f5cf3d6119334deb06fec914670d9cc781a4486f2df3dab8b64

SHA512
ee72b9345ac2a2bd27f7a07e4f8a1080ecb99e3a06fdfb1ff18883955760fc8c2adf86c61055937159e6ef507cffb48cfdd818c576a1298cbef123b477bbbf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d98c34030687999c88aba960ff914c25

SHA1
d53bef1cb1c03a0f7f61fae86d3190e2f3421ae2

SHA256
0d32aa0a6d5b3be36f57474a76dff7ab234c14a3cd1ca423a2e95298ec234290

SHA512
48be42cc33959264370f1c73c12b2d063e3408d1e481bad7df9123492a8813246068ed9e26ff4886b2f3f58c594592fb7d2674eacec9e03028b94025790097d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd9f79320a331e69f19f813ef8831f87

SHA1
442cc9f4b909c3139fcf830f83a731757b55cfc2

SHA256
f5f50300b1913a04a6c8bb503713398fd1e0c418c8ee6275036a8da958a4b804

SHA512
da2df8444ce4d8a579ae6d8565c383eddd2a2804c802ce623fee2fcd33106ea5c99e7b617454def1c764c3ca6e90428511de90c0e700e3d66db51e5c165379e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e17081605d9e8b86916ab3515165a077

SHA1
dcf7f38c77fa85bbe5870bec5b55f5ce7347e627

SHA256
83d1a32c184c9885da3718db0ed86b562fa9eb8916394f32f606e91bb78f8c26

SHA512
19006bba870ee94d014be76d400ad185be30975ea04e2705eadc3b4fa06cd0c9cd91516f6efebe01e9d466861f53dee31940687dd08b4363dd09d2ba28d30be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
924799e515b849bf38af40f982dec71a

SHA1
1f82de185fbb861e564bda59692e34743012af40

SHA256
cebfcc611a552d7727bc9bde126810ae3562bcf0e2c11b0ff240bcf895153d9b

SHA512
cb19c555968a0383a655ed90f93b9111db2ecb28cd0b1abf725dec50018ef1a16250fa1279a4cd7728a6670ae4e633046336e16cf2ac732c84556bb33b69f81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
614B

MD5
0464c9c991f394c1b8b12eb17b608c8b

SHA1
4add12c786775ad69587f8d51b35a11bac88b251

SHA256
237bf60638ed9071d29788a98f2fa850f6589af1d03b79c9bc98a55c7afb9626

SHA512
2f94ed68fd92972c306de22a99ce90878dde4daf8c2498520c357327d1fb53f7d0ce87c0fa78cf00b9d00a64d1c5c6eea0192716a10ccb4b57b6f90586648ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
0c0d2d99f083194103f651a2f9bc3371

SHA1
56a8449277652a16dac9b939b9d2b1d84ffca6e6

SHA256
f2a6ce4fc10b50d46b76b63e5a6450528614bc38248f2ca839ff0c9ec96849de

SHA512
ddcdd5cc68cf9e77a3b0a708b2f8a17bf1c7ab5de1f4afb502c2a2d98a4757052bcf661097146de8808054e88dedfd5e2e2503cc5a828c7dedd19e8c190a2a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379700450375826

Filesize
5KB

MD5
eaae671fadafb888ad5be9e558f5226f

SHA1
b5ab23774cbbea1f66a4e91612383bb7292d2a2c

SHA256
9eab2a936b7531d58f38581b8d4c2fd517adefe3a31a0569298884605f09879b

SHA512
a473b7fbe884d3ff59d3f165473ec905a4b0d35fe14f3d9a874b26332910a7f75e9438f4cfba78be7a922c5f416b739c402bdf97571a1efc5a3928c43a611bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
569376c012f73a34c08255a55e3c321b

SHA1
e19d7e54bf5e6cdcab579f6c96ccab1db92a7cc5

SHA256
b35ee7580fb209587e34dd636db81f1d7662654e7594e54b10f722c84d7542df

SHA512
10930a7d4ea710d62e6d278f2e5fe7447818c404144494f24ddf4b52eaccc7eb761bc96621e442238f4c65825eea5da9c45e8be42e30b49e1cc44633e6330e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3857820056a0f56c9c47e593f12293db

SHA1
8c06e7ab78934aef10ca18fe7dcd3e6a30caae02

SHA256
b1b2ffb74c85ee59a6568ac1ce538682d1e9ad93a2d83ef8938e0ef6b500e51c

SHA512
ea15af9fdf93b52dbce7ac925290997a8c8511a4eea8f3d3599f40abcc69f7c5fd2468ae910b0c00f6b82e8a672078a7d3a14408e9068b50e200eb424b875e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2311b3c584abed0ff6631d072db54dd5

SHA1
65fc92546c6db2312bbe1f22917e20f70a3f4cf8

SHA256
e7d8240f1ba5fb20764b0284ca083b6313268d883738f17865c49d066c00f5ce

SHA512
90e670cd73666ac56a803fbe9522156cf2eefdf69997bf090d44cf12221973382c3bb8a28d975e3a44a86cc1acf85787ade5b190c24b961cdb6057edacd7f7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
529a998a04bc81c01d69058d20968381

SHA1
ec7090a89ad319d3716fc14a005a66e494e0e865

SHA256
c61e8570737d0468d7e212dabb132fc465998746ffeb42fa6e0d166ee18544dc

SHA512
126ca21391378a47a794d9d0b63837b1f3911b14480aabbe88123580eaeb38711d54af576e61f50ac09e3fa0db3032efa5943c789b994e43c92d865412894f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed1df019082e3047b6e35f0afea44628

SHA1
9914604aaf4db27f470b2d5ddebb8f4af8565d1d

SHA256
c7bd79f4db36cbdda147f6a424040d01e762f24913e42e19a2389312a365aabc

SHA512
936908d36a818ff764614cdae8c2dcd04dfb74ffad93987c16be39a5b4d4db30c5b87a4731fa41320cb13fc0c150f1f558330968a027b283144e76cf01df2da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
201e7c7bfcc123fa62465dde13bdbe98

SHA1
e9e6ecfbc3b0eb816dbef32361bcf23268903dae

SHA256
273b5362a261c8361b52081e97970833d552649b429f56eaadf94fa8976c8f2c

SHA512
fa1f97b4bb23dac0d719778857b43d6b81e723983c751f3549befad3865a03c69c279b2b4a66203a63fdf0390725de21d80c123b6690cb604a0ee7773c9efdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f62b4e99e1a44d9153994dd95a6908a

SHA1
ae74a63d7adc348e6f5fc24abb054ee11ce4ba9c

SHA256
632978d0c183d7d0817ca5cc96f1f070a5ed5109935d50984f1a45d843420c2c

SHA512
dc8dd7df3cded61b70770d596a18fd0f4f9deac466d95c2c262de1db9783d15eaa6a722a782309de3648c8be0b961eb5d660ea54f4170d79b5cb8a366f3e9d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e68f0b0283d0a656ad2582da22549cfb

SHA1
8d882dd0729b665fa4b208430fe800e37e672872

SHA256
901afc54fee5eebe76b61b35cd788ca71c549a9cc007fd39ea4054e92f518f05

SHA512
3a19e6501e0d07dc6383937fe7198f06509e084e45a804d70f654ffc4499102ae328631a3d8085554574884a026d3fd1dee9ebdd53f32984baf40d7607aaf748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
fa3bb8b382a1f7a16e8c10eaa13cabb5

SHA1
fdcd8349a7faeaa7f18cd02381162b64caf7ffe8

SHA256
2292ebb47ceea680d291efb402f713085f4ea2c7ba92ba7e9581482f74e6bb1f

SHA512
f39b5828afb8184b2f535df0c1d0c3f8b32b142d8a3ccb98d201735ef9b886de81abd461d9cbe67f0ccc9a114f67b9496c13bfa43aa466534b0c80ae5d9d1cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
244B

MD5
1e1ca928cec937c645bf752dee5bbb43

SHA1
7df45241af48785da670771c7b4c87c9cb1c5884

SHA256
ad8e277419833a41f25e9d44fc800ff087083750386d20281f5a283659a6825e

SHA512
27ab7647b5e4136f7cd2c227d482b4ecf522f4f982fed51626663d94289f0c6923772e181f315d1b2d262290c9cf652f8e79ef2684e6bf9323559816d96f8ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d77906ece17a47f625546d9608e8443f

SHA1
80eda72648107b4131a94cc95aaf3969c04f1fa7

SHA256
93283bf94beb85b11a596b9e7b63f418dae55a84a40e4b7a1de4f23e5054937e

SHA512
809124be74a5402dc4da843d3c781024049d84d54ac544600eec3ec1e3edf165719e0d31e6ce04eb61ac3a8bc3a216e61da38ba5064e42b2bf26904b7e17cdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b77ec71c14c0075ddba1abb0f067183f

SHA1
289344e88364b158f1db9d6ccfca373667e159cb

SHA256
1d2551fdd90a2011ecf6824c9fe660b792df1a61977c2f1cc4cf3014777faeeb

SHA512
d134c326d12b937189cff76c74fb71163b5d4e25fb7b4890778724846c5283748bcfc97bda8919b5399f35e2c74b1b1f013dbd3919c22a191a82db56b6875ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c1c436d2790a5f7de6d3f392afb0735d

SHA1
ba9afb154d2ecd7228560478a7d2f1af11f5f285

SHA256
56be90b5fffe76120aa075c5a2079bf095c68484bc5bc2149dc461f63d3b133c

SHA512
5a580644e2ef64b077836698df7348ec0c929a8022aea6d51f0177b478440be6030a416596c55b8c5bc9ecf7ed19423e07ef4dd6325ae979c218262d896ea4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ea436c38dace6606b2f3a84dd24765e2

SHA1
7218baa78699b3a173f4571da3e8deb673ee61fa

SHA256
445d477a72915e3cb59d369c87306bb88417d61b76ccc44d6a930d00996412f4

SHA512
4bbe9ee8804fe4ed85d00248576b058d7237adcad645bb47ea1d561309a33a9f0951232a3eb008149e52d4f85c4d699b98c0d835bfd46da965fe6f6a0880fe27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83ff261fea5d34ae7a6cef9c50728256

SHA1
bafbd6544a99401db235aa0e587b6f27de05d163

SHA256
179d78d14bf2483b6162f87b3896cec3942141b2580ee2c6ba368d2d078a5bc4

SHA512
fbfb583abd24e8d4dca38c807a8439f6abf8735f76d8db407e2ddaa376484f54feb801dcb63e1dc506e109eb87ae2bbc34fdd58988a2fedc7deeadc5f23df62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7abc8929e796e0f1b3e069cce5d59ae

SHA1
679217f928d165f2b5f59bf57d1e09cdd0b5b7dc

SHA256
6b3f1c52d7ae8e379b2bcfc4862ca971683b62cbe879e9ad2fe70b8cd64d109d

SHA512
9d39f234dabb217e9d13f5f5338c86b905f6ced17704a0324155f02acd75fed558d3d9bd27e385f37216069424b58250a9a594eabc856177475625c4cde0b378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b014e2260f91ec934c35a406c2c602e4

SHA1
bba9321e3300e0b7be8fb75795d2f57c9317aa5f

SHA256
ffb76c902be50a51cdf4ccc12c7cf49e1bf2d02966680de859874a33d9517b40

SHA512
4b3a12d93478d1f50fa1625adf724414fa202756bd0752f4e125ec8839384679837e8a645370bede92b02dee45b6abaee3fd6a70937066ce56dd4e46146e60fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
295bfc7ebb49f6ca6f3e4695fc2b9635

SHA1
adb138c7f947b3ff0f5dc382e0466c6c05f44d8b

SHA256
7b87e889c72341b87e41d43e0bf6d76c46e137b67806f4a4df9b642cdf42d775

SHA512
d7a9e58ba5e5d7da5031c3ce402e6cce3f3ccf75341f4e2c48910eadb40be2d1027904135be827556a6788b81085b04ab44edd98209169f6f829109e1f186cbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\0C0E12ED83B149D6A68D87C705EAEF00394A7588

Filesize
61KB

MD5
e136cca47247a583390eceb342fcf870

SHA1
34ae719e57573e081732a58a0db57019806a56a0

SHA256
0903f4a947c4da0b2a6a8c41d2df208d32b6c9bdbe5499b0425a4454d9caf1bb

SHA512
3289240dfafbe57ee01d41d48f81b775d858deff2081d254ab58375c52c419e9844ce4de74f31879c92c2a8a2af699617e59266fb7d81c7405dc4f05a0a39d46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\63b9ec61-57fa-401a-bfef-616b7d6034ab.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1552_1639464787\770d3623-41be-4309-9e0f-642a91bf3f2b.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1552_1639464787\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
c560e056252fcf3fd83f12ac3d4cd465

SHA1
9a4fe93591cc146fcd76ae3c23fbffff758d0218

SHA256
9e14dd4287e746dbd6f0ba3887e7ddcced86a52d6b2f71aa3ab5a32a05fd22f3

SHA512
c486f6f73a64f7c8cadbff390b5538cb2330639b3c47711742d39e44e5a0e79b87a5893805712945c1778714a1106c77c174cc1e68dcdd53516e5ee9bdf42c5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
df72d523f0f647656d1e8328b5539fcb

SHA1
8198a4f19444ba48a37f4f54ea08ffb5bb449b90

SHA256
91ef08de787145c077ca699084cc4ab03cdca46c9f954447adff92d8e99d8a52

SHA512
af536e86ff76aebf10b81bfffa37e0bb4076ec0adf853c43c2b1216026c877bebb08245a77b5defc8cfe8cbfc2033b5ed8c2867cb306824b497787498de2dd1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
8KB

MD5
2b6620bcda6287e274e6538f68a286a0

SHA1
3ace716d4338a7b3ebc70a49a9c4e34a7ba58679

SHA256
9d50c17f780f4f910a1e399712a49f2129944a4284f051e7bf59688c90102eed

SHA512
9957d37907e86facba3b56a41c1f6569a13d490ec8859d7cd887bf988e9a46c8c0c2fed3801eb129a04b38b7d7f14235db5eaeab93601ced115f7859d23f1103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\bookmarkbackups\bookmarks-2024-12-26_11_r4aOTMparBYWmjH9CaluYQ==.jsonlz4

Filesize
1018B

MD5
6ddf583cffe66823f8d04ede0b549985

SHA1
11d0d931e6bdd306092de59090596f3fc09c638d

SHA256
c055029454e90de461d967b3c9490bc02bc1c4f91c4b7f7141d583ee0f620807

SHA512
ade07d2c92043b625093b142371368b3c765da589842fbcc48dc14d9dbd0fb82d30b1af6b22a601169c29fc38052eb36af5ffa883e68e94a185800063897e2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7c085ebc76b0b5235f2f443fb24b789d

SHA1
1721f681aacc0cda16345d5a60ba76116604cc73

SHA256
4b338e1cdb98697c6e95e4c9b263598010bb78f4e9709bd693b5e8571bfa9c8f

SHA512
fc2fbe3ad265ac9ef56055a5e3a468b7563860509aaead4594268d92df2f57c9028d45abffca9e1289c1497aa6d6c47c1c3f858f11eae47ebb60d2ef50a8bdaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
28KB

MD5
8527236186adef5238208cf5a4795ba3

SHA1
02f05befcb95bd24d65c4b9845f27a5b13b7b8d1

SHA256
8a4fcb50ce6bcdb255c854814bdf7b896624b4f608c8fd0a209e44b520b8483c

SHA512
b9941070560e0bdf572c54d473a5d5ca31aa99cab95da3a571969f27e156366fc81af531e7ae1c0e85ffdf6322c5dd2f84fe1fc9ff54f6b776b99b68e1d9b433

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
efe848505b00815920ba0e07c116235c

SHA1
43ded28d7eefde1092361983f7797ef1a147bab8

SHA256
f6f60df4615a6adf31d017f6f18c8890e8b3992b05437d4f60787dc8e99144ac

SHA512
bfe938a02baf43a1ac63a6888693c8166087b62c5bb18368453d8d55803b82e461157bf01ff44ecd58565af2edcc3e4c1e4bae001bfa990e9957953c4663ec95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
2adbcc35d96d19086adcf478a9499472

SHA1
0078173d971ceef951fcf126be0102d7d8d6e6d5

SHA256
ff097a1dd3d08a295a56f8f52baeecaae415a39a31a9675c1374e051683b40f2

SHA512
19ba52bfc1213daa10659a295db94e5d181e2c7b3544d0f1cb4b7129e4aaa4886348c9f934b79b71a881c0bbcf92b1ce4ffce945d42cca6210472c358b22d92e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\305b63e2-684b-4e30-a798-c364e8a715f9

Filesize
26KB

MD5
01d021c2e065ee31f320514127a6e278

SHA1
50c230075d7bde2be48fb9404f593d3974032bc4

SHA256
50795402186eff8a36c38bf0f6da20b02f24fdd08b2c8785190ffcad23ac9444

SHA512
ff1490688b10c38c1def1b7ee3cce3fdac21d6722243e302834a356e2543f312b7b5a984017e5dff90fa61948c62d03b1c20e9d4bb2c3a013b59007c20a0d796

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\41a7e514-797e-41af-8df2-9ddd0ce60cb6

Filesize
982B

MD5
df23b21701c158cd24285fad7adb1470

SHA1
1a8dd1b26bfcb44396392ff9fc15fa16f2a888db

SHA256
d9e0c003195f38cdfa224ac2363891647a83d0153cae88ef81d35f8d9adbce3c

SHA512
eb4fa8fbe4f8ab0112042393092e5fd2cc39282b197514f0d49a4aa0de03b558a0b6b085d2f9307593abb17bfae960253396ef9b28307f4c5f5411e8918bad1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\59712f8a-055a-4cd8-be84-e6271c9dad6f

Filesize
671B

MD5
066f2dead1ce1caf8cb0b395acc7a47b

SHA1
bf8a8f783c9498aff7e8f84d23328e84ad27fa25

SHA256
07ef7353e6ae2384da3e617bb2a056afc1152da3caca7e2f5f3233bb51bc0df7

SHA512
07ef446934ee7622f2c4d8cf39311bdca2507d42dff2ff16d7a05a7e1dd6108bbfbd6284ab5d72a27437da3a9ffa2ac2e992bfdb0cc756f89946a277abeb3de2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ce2112f4-ed73-42b8-bfdd-4e381c1964fe

Filesize
841B

MD5
a8c45b6620e2425fe85e0d23ec7993c6

SHA1
b03f27d2d3c1a22cdc1a9b03091c864103e5ddfd

SHA256
14a3a8cfcea6853ceb0829e47cb5b386a3d1a5b20e6ff90ea81fd9e1a26adf8f

SHA512
0c2914180c8daaed44b22c1df268125f4275f16ffbc45c6990fa6ef8bd1a37bf65ff33717fc7f4d1938810056d690d495256953fb94c176fe23ed9f08769f4b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\places.sqlite-wal

Filesize
64KB

MD5
c4113703ed1aeaff5762aac9702e7f13

SHA1
ca64c4788f3d2edcb1c12f6f5ca918f7f8322e23

SHA256
494a9634310141cfe6a05fe3c25aaca2b3d1dd23f701b254ad47c7e825da2700

SHA512
469e4002033c1b4da6a4fcfff98b1f82454f396cc4f9a4a1bc91cc057f467c6e53c62563b64c27bf7aef58fbec573aa563b3a068238330fd9f9bed8b555b68eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
11KB

MD5
38285970ec34be9192d1be16e7a0eacd

SHA1
f2542a106396e66a64641c89efb5590ee6997be5

SHA256
8fa68fc3dbe687960db08462d9b06bda30ec9b192fd097222b41263e74215d4c

SHA512
b7eafcf0a937cfedf70ec897e6223e5b97649d19ffba6e7dcff961f6b3a89cecfcd23d51950c83e8242151bebe7c3fd6f4a77a2307c350e46cde9fdf48d7436c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
673f228290188f6e141e408e476f5192

SHA1
b383b9464811ee54381a3a600ecb11e1f91f1f85

SHA256
4502466743fe828512e418f5218f6cfa033e5cdfc9a4142327ac893387e4e824

SHA512
d90a700349516d9387d9840a5e1ceb752552ae782f2a3046fe08e726c46bebb51420138bbe719f744886b8afd34ce629c8c674a8a15c33799535c2fc9d875ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
10KB

MD5
444daa5fff0ff4ff601c1103779464fe

SHA1
f1bd0e8ff6cfd7d0e261336af27e80fb797393b2

SHA256
5539c018f7a841551f1b3d7be5925a6d7e641cc45ae8f9de0ebf4dac6ce273d5

SHA512
c54eb0c36ea6be3f12ab652e39cd54bd55ec5faa20c0405379bb249a5c42cd95f2b1c5c94e3208dd7789e6e6514b8afe7578b61195a4a6ed41bfd5c28081e274

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
29d95cf4e12cab668a1860c2edbcb45a

SHA1
380bec4c72c356b4670b39605381d7ca11eed796

SHA256
ca1efd57bb324c659dd7b393246d0cb5a13b06fe76561a257908cb014af546db

SHA512
f1a6cb9eede352e842cc37b6770c6b3f677043de49f165c08cac5a2a9c78282c9964edc3c2cf70e09357b772057599b96aa1d00ee7476b002a30d3e8861d5aa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
451a1738c0798ce925080846d70e80d4

SHA1
73d2ee634d9d89340cde602162eaf5e2a6b881d4

SHA256
baafa04f0eac5a253265fe1a4b467fea637af9a60626d73f74095094876a110e

SHA512
91b8bc71e598306b9d00fa3fb451f01101478ce19145293c01a298cc8b97f701f4ec49e0a4216400857d5219661aacc036bc1645853135ba45058da1b0ed7116

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
cc22e4e143088ed9bba2239565c99fc3

SHA1
e75f7ecdce0d9449863cb3d8c149706730d55d1a

SHA256
12d6d480e2f729098850655be711eb6888fcb79786931f01c4e3d80ec7a12661

SHA512
fc6b2edae612d0485ee855a3bfd99d508ddb3eaa7adca1440c915b86fee0f92eb8957e623ff811ae2f5792e919159b0920b2a0316763c156e54831b215f1c01e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c02326de6efd5d500c612ecd0386158c

SHA1
4cb4404d54b5e0b389c7bb3e4d9b2f82d822e67d

SHA256
b51c545bf2a5d31f921fcf98cc964147a634fa4bcfc08a520364748b223819cd

SHA512
453a07a42143193798fee534d391a3914c45c40fb544328f27e4832e41df1e44c4e984aa382be615e5e7ca496034dbe210b0d8c696b13d96dd06e859192bcd80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
882febf07c882b3583a16070cab75657

SHA1
c4c2ab15d748fe4d32218e83d80b0c8c0a10608c

SHA256
32a6ddbcf396007e3703cef2f8577637075b70f1a02d9bea1fb2482c36f8d388

SHA512
9671e9c128b53222fa13859ca72c9553b1ddd1624edc0d94700323dc665097bfa2bf2b69fb207c7461016e2aff4a12ba7c59d50dc7a97a528269c726c18dc556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
e6631705294bcb0444e219caf62da0b3

SHA1
45166c0b6c6faf67f4d124a5f12ffacb7a76d7ec

SHA256
9a2aeb30c80302d1089ee734e515a2befdb03c8cf803d331ef068391ec3ca0c8

SHA512
a5a4ba861b70bfb5f8f0d7ba001e389383991b4b6e96b9e8f6552c59ad812d974cf34fd77ac767aab64052d3ad9e46294157603bacf356273c2c710b59ad045a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
f344e8f5ec2912b969fd85350a659767

SHA1
50ebac427a4182d237de95a9541fbd4c27f7d91f

SHA256
3278996f3f914d1e90e44ffb490f021896aef3ba933d30e4c4b6c7a0cbbccf59

SHA512
0b1c4ffc374601b3f942575b9fe8be67ea02c2ca1b63845780c1ccc0dd13620614f3736a66e2acd8dc70917afe5f3249f4e4c7c490562ff9e79743e5178ef3f6

Download Submit