hxxps://kcm[.]trellix[.]com/corporate/index?page=content&id=KB88828

Analysis

max time kernel
298s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
03/04/2023, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kcm.trellix.com/corporate/index?page=content&id=KB88828

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230403113816.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0d95620b-8b03-4df2-a10d-0695e4231ce7.tmp	setup.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1684	powershell.exe
1684	powershell.exe
2140	msedge.exe
2140	msedge.exe
2116	msedge.exe
2116	msedge.exe
2248	identity_helper.exe
2248	identity_helper.exe
4724	msedge.exe
4724	msedge.exe
2952	msedge.exe
2952	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1684	powershell.exe
Token: 33	3708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3708	AUDIODG.EXE
Token: SeDebugPrivilege	1144	firefox.exe
Token: SeDebugPrivilege	1144	firefox.exe
Token: SeDebugPrivilege	1144	firefox.exe
Token: SeDebugPrivilege	1144	firefox.exe
Token: SeDebugPrivilege	1144	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
1144	firefox.exe
1144	firefox.exe
1144	firefox.exe
1144	firefox.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1144	firefox.exe
1144	firefox.exe
1144	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1144	firefox.exe
1144	firefox.exe
1144	firefox.exe
1144	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 4920	2116	msedge.exe	93
PID 2116 wrote to memory of 4920	2116	msedge.exe	93
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 4596	2116	msedge.exe	95
PID 2116 wrote to memory of 2140	2116	msedge.exe	96
PID 2116 wrote to memory of 2140	2116	msedge.exe	96
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98
PID 2116 wrote to memory of 676	2116	msedge.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://kcm.trellix.com/corporate/index?page=content&id=KB88828
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc151446f8,0x7ffc15144708,0x7ffc15144718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7b9875460,0x7ff7b9875470,0x7ff7b9875480
    3⤵
    PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10513424787536173082,5371181843215701640,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.0.1913895505\42138732" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8974943-d8b8-483f-b49a-88ba0f89728c} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 1900 14dc23a7058 gpu
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.1.1902160993\159716009" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a2ce26-5b48-4d05-8813-7f7338946e30} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2300 14db4372b58 socket
    3⤵
    - Checks processor information in registry
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.2.2001115390\1186376773" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3160 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d261e6-680f-41b7-a516-1b5fc3d3ba42} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2976 14dc4ff1058 tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.3.2010093469\16987105" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 1656 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e835c0e7-3967-4341-a236-b0babe332a0c} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2460 14dc3aa7558 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.4.1734899287\1177814525" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9076c7cc-9a17-48ac-9bfb-d0edc8d73a50} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3784 14db4362258 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.7.1419705369\427133487" -childID 6 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eeb8e18-797b-4297-a693-26d8c3428ee0} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5444 14dc75daf58 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.6.1986963047\244636828" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68cfeb8-8cf4-4226-9a7e-7096476deb49} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5244 14dc56edf58 tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.5.81979825\2111504603" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 4720 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0e93ae4-745b-47d2-aa02-b53ae79c26d9} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5020 14dc56ed658 tab
    3⤵
    PID:4984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.8.664957227\1248463782" -childID 7 -isForBrowser -prefsHandle 4840 -prefMapHandle 2716 -prefsLen 26941 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c09bf3-ab89-4ee0-b570-323f34528e32} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5092 14dc3cc0958 tab
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.9.1233944185\602380323" -childID 8 -isForBrowser -prefsHandle 5508 -prefMapHandle 6204 -prefsLen 30379 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67aaf18e-cd31-47b7-b3c6-406bf15b24c5} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 6208 14dc933e358 tab
    3⤵
    PID:508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.10.1678377787\711477051" -childID 9 -isForBrowser -prefsHandle 5344 -prefMapHandle 5360 -prefsLen 30379 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ca0bcb-17ff-46c9-802c-d5580e05e8c6} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5424 14dc3c93658 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.11.830815050\2068041573" -childID 10 -isForBrowser -prefsHandle 5628 -prefMapHandle 5548 -prefsLen 30379 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3315bdd-fd9f-4690-b8e3-693d1858bd89} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 9728 14dc8bd7f58 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.12.1405271671\2085544856" -childID 11 -isForBrowser -prefsHandle 9456 -prefMapHandle 9460 -prefsLen 30379 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebf08af-d2d3-4abd-885d-8076d78dafed} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 9520 14dc9605958 tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.13.918214871\1381801069" -childID 12 -isForBrowser -prefsHandle 9352 -prefMapHandle 9336 -prefsLen 30379 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49acc5df-8f93-468a-a01b-be79d5b217bc} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 9384 14dce1a1858 tab
    3⤵
    PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc151446f8,0x7ffc15144708,0x7ffc15144718
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16778694818767022126,13290267185643639050,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6d445cda-0af3-44f1-8b8d-4fff7213b625.tmp

Filesize
13KB

MD5
3df727c31740a5bd78e7c5eb62544d75

SHA1
810a5b7654c53af863675105eb45b89def7c9eee

SHA256
9b38ec6777c8873de2366e55f05ea5e4201571decc0c912ff1986c2343c6773b

SHA512
7580920c613b8ab654d7c693ba0bbceab2ba29f569506c15c60c7455afc02e642eb5459390cfc31cf3ab80a467d32d598c51339431f58075ba16322692752f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b334cb75c59fe0ca7feb04daed78db15

SHA1
da8f6cb930cdd36d0bc11af2d24dc78dc6293ae2

SHA256
33058cdf7383eb0ff91b7db2afb430b404fb6991b964171a6042b2e8c9028ff5

SHA512
a1459eb53540d665eea9fbda778801446d25ac77d3fecea41690c7d28ab27031147c227e8799086e4d68e9d2171b5df851d974673d7c1364456c13cff1f902d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
163KB

MD5
6bde28074427e975690733423d668367

SHA1
b8d2aa789010388c4fe6495e04e760c5fd4d7dee

SHA256
fc4c2a1d39247cbf2d2b7dbc38160277cccaa254bd8ec1a937d211170e747628

SHA512
957d12f3472901a7f3338aff80c15fec168baf60416337ccb197066487f92883dde19d45da680ac72a5b9d9d8dba1f03148ebb4dd22affd888acd67220f09594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
30f76234ae5dadcaef894cbfbb6b98f4

SHA1
8af6ddfbcfa3883f2a7cefbb56af173f93ec4e8d

SHA256
804252e484395e814f8b508acc5eda447535363a46a86e6bc9a571cab26defbd

SHA512
e0ec9370496beaa1985b9b42bdc67ac3cde8e85d914abb71184f339d97fadb9950a0aea36b7d6eeaa601010643c9d02494f4da7bb7cf2539c87ab009f27a81cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
321cdd806be888c5bf8d986cb3eddbbc

SHA1
ab793414ccbdbea19e90a95511920ab455da349b

SHA256
e3c9cbd505febed9f3dc7940bd11750ae85731d00dd2c8f4a62712cbc41a2fdf

SHA512
906eb989fe2e29ba48e4cce249f793745cee78d8168587e0f0988388c1c5c52ec4bebaec37e898f1f548daf3936d4b7a2b06e0e839786c466257242687ec3fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
321cdd806be888c5bf8d986cb3eddbbc

SHA1
ab793414ccbdbea19e90a95511920ab455da349b

SHA256
e3c9cbd505febed9f3dc7940bd11750ae85731d00dd2c8f4a62712cbc41a2fdf

SHA512
906eb989fe2e29ba48e4cce249f793745cee78d8168587e0f0988388c1c5c52ec4bebaec37e898f1f548daf3936d4b7a2b06e0e839786c466257242687ec3fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
345d8a71de8d375eb013a6e25f1ac2ae

SHA1
e7f25c31883e66491377d87f6b63b67df3aa4bac

SHA256
a9b48175f0714d1a6fe3101104f419a1654befca3ff781ee3110fbbc1bce5154

SHA512
3d9660155a25b8e3c244ec7837b742ca65f240eacb599cab12754bfcc7cf5825d9c2251472713108acd70bd06b07d8ab215dde29dac06650f0d44d06fbf6d6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
30f76234ae5dadcaef894cbfbb6b98f4

SHA1
8af6ddfbcfa3883f2a7cefbb56af173f93ec4e8d

SHA256
804252e484395e814f8b508acc5eda447535363a46a86e6bc9a571cab26defbd

SHA512
e0ec9370496beaa1985b9b42bdc67ac3cde8e85d914abb71184f339d97fadb9950a0aea36b7d6eeaa601010643c9d02494f4da7bb7cf2539c87ab009f27a81cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
b938e55bb806bfa8817fb243da61e598

SHA1
af876ebfad98c92c016d6dff541e26632a5b4313

SHA256
99ccedd508e3b184a62eb08969a51aac17710f379ee9a3871a065dc0206be268

SHA512
24441cd00f37ae293c0153e966081669ccba5ffb8138ff865cec590d471ddaff026f0759d37f0ca64f0b98cf07c94a11317b538cecc596f26841a28e7d08f67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
b1ae764ad12078485c2af055bc901ca1

SHA1
26c5c517bc5071b923259bc6863a6e8a238b3ba1

SHA256
1da44d55085916985a915103c8066af1081607b8dc7975362bda998d6f2df67e

SHA512
36ef1e726e65a1b88d31261056d7ddcecf0fdd8685c9bb98dd046e62165b510a0eee6d28df4dcb51231d9154a5b91a6fbd629a43d01c37b80e94cb59005cf619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e2e6dee836c8f49a41c12effd6636f3b

SHA1
e5466341c7f68d98934e4a452aefa10df9484464

SHA256
fa558bcdd37daf32dcbdcda3bee89845fb1adf80f95407865d27590b9a19f60d

SHA512
ddf122673e7fdaa51e3956917473df9b7d16f638c3f3b867f3ac671275f6a92d747450d52b38b1ba682a5a71935a88c6537b132bd8a1fec8ddcff301599b7d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
a5be314fbae33892ad06b47ac9373d80

SHA1
3dc6fd16a3465c4763cd19950f91d3c506df51fa

SHA256
301b7a6c20cc6bff03619276b208240a8291827f281ab7018cd0b6fb06df132e

SHA512
f9b835fdd708529c74ebd34560677f955c52f8073c0d21ed3152b3ac97f784ee0836a964f4f3e9f9363fda5a6714c7a7d94ece07b509140f421b40b37586986f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4981f1b27bb2008b3d4817c1625a57a4

SHA1
3c7f0538d6616ad9cee55d64895e5dc267c1bfcf

SHA256
821cb2d399d44c6060def0b8a5356210c7b0bdb628be41f2e4511119e2fdc403

SHA512
41b81a2495e67283ec0d22ba241df339f97da4fca9abd5a3cfa915694c63b2059f932077d1159d44603dded7944002f28167a24463277c853609d399253fb933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
8ffab6006b9e0644608f2d8a0f759028

SHA1
71be3f3bb7e55bfcbcac30ade9988bdcaf82615c

SHA256
e21e636cc8efd6646c2a7baeb2f07bad94af30ad4c1058e106aeafa3f7bbb31d

SHA512
38d98233c2421202e687440b81e9141ac03465a298ead0108c5899731c18f38562a45c3ea448afee30d9ec0bcbf037652e8892b5fd62093b607ff26adada6990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
23798f6fde0a8b34dd80764d2d188984

SHA1
9f378e31924d5e453ec679a951c6969b5d242317

SHA256
3ba83410c8ab601f6b0714ce30d1b135a0d902c80fcd055909682c32a2e1539f

SHA512
ce0737ca2a13854f849e9cdd11e50d706457c181e638172f80bd195200e3223ff2071fe058d6be0bad4159385cf1e1f411b264f78044528a6bc72bdfbb5768b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
d4f06610ea909e5e18dde51e518f60f0

SHA1
aff673b7dcdfbef450ac057a967e4d1ec48bdb69

SHA256
6b47111487cd25a2ea30362472474e9368c650a793e09dea584d6ec0eeeb10a5

SHA512
ae23bb0a61ba495aa5b02e8829b60fbb3d7bec12e7822fececc66940dd48ff036053cab3bfc358c6d50e7827164698eae176657e6b66ffe950f73682cdbc152c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
3dc452e26ec96639f59eca64e487f175

SHA1
b82675b6fb6fea962b0bdb99c09dcc0821fbefd9

SHA256
34d960ff5ce97ac6ce5609307b0ae4b8618002008528c29d731e0506b132d39b

SHA512
e212eaa94f1f28e1970b26313e0c8d7bf7c5711d16b3a708871812655940486d4d6d76f279b8ac041e47a94d7b5a369411d947ab6a2828b77e66682538c0a129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
029fa26758fb5554858a98cbe12ced49

SHA1
1772f397a2cfd56d26e12c03daed320662866138

SHA256
56766938301a3509f6d49316a7432255b1f3c38cc823636658f6ad313bc708a3

SHA512
953c5b7e9ba199bed3d6de6d863fb8c08c499009f89ab8635536e37ce42693258e1a5f5b522f039b0ec20c0df3e1bd4ad9035249dc6b296928a44ab8ab583823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de7f330734d2f99a0a741920b764968f

SHA1
898ff62bbe049eafbd3db284d9ff8a62976ca5ec

SHA256
4455dd1ab0c24ea529c72b3d44c0687dcd35b7d604fa361e16d21f576f60ee53

SHA512
b41df55343db81c877e6d0242278182fcd08b66e632a2f69150de3581cf78c2429071251f1c385e3baaea1efe1c98f183e77387937746b0bacc22e17d1b77169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1675f3179fc1721c6064f222fe631b5b

SHA1
352b4a6b1a3019e2e84702a973297f40c4ea07a1

SHA256
d91460cf92ad2637f6d2562323c4fe7088bd1f89af7ac978d7277fa210ea741f

SHA512
bd74a744bc81437ccfd8f3b23c57103b16a9fa1af13979e9cdb3bb7d33b48c7e4d9b40816020a6001cdffa37ec32fceed5808d18c5963f6ed2b7a3a16cd27bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9edf53d62a6f536821e2070f60bfd45

SHA1
f9894856323b3c0db5aab825c0a1501cc528a2fe

SHA256
1c218e8824288fa3fcb6394e75f718c4158ccb086e251cdaad200955cf93d490

SHA512
c2308f67300ee92b3275d814be37d10b8ba4bcb78b79ab71184810da15b606c2ae5c9e71aaa77f7971b521c4134399f72486eb495e77f6b5b9f28c3ffe65cb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c49b5b4ba031d23491d4b9fdad03f212

SHA1
e6b77d8ad1fe397804b436a7a7b0ccb8e4daa7fc

SHA256
897b8bb40ebb65133c0a12c2becb1c9641370cc8d6d863942d4b5dc11e4b2c56

SHA512
f2fdfd53ff861654b0f3dedf2d3a375e50c3dd96e48109ae67e3a15b730be3ce1afc2a55975d0ca627646cb03b678e4148646c29ba18f0327451f183aa0c0a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91452d75ba5058d1ebf5d18725c49782

SHA1
d90b347d3e0b69258cf50f00f3a48f8359083bd5

SHA256
e63ffd533528c4fb8a373b94196b57c5262665aba5d08d40c3f4833eb874cdbc

SHA512
7443d0e29901211069923c7f0e6c05a181b8878d889e6f1804d0f185b78c7d4eb455819550a4584163f94e24b934fc15e1e897a567ff0646fc32bd45e5c67d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d651de74a91f5027b55382242880614d

SHA1
8de0d3875cb2875ddf0cad45bd17dabbcca7e03f

SHA256
3149dc786a19852a99c1069e58dc5ebf59eb24e05be1892fd5f966a3a1d8c7f3

SHA512
b2057d0b2cbd540597f4297c57ea0338ff3fa71251bad8985a0941d145e2c0c85ad7aed83485fe26da72cc5fdb06a451e9ac30641789513cf7aa75d4b2d8c20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d651de74a91f5027b55382242880614d

SHA1
8de0d3875cb2875ddf0cad45bd17dabbcca7e03f

SHA256
3149dc786a19852a99c1069e58dc5ebf59eb24e05be1892fd5f966a3a1d8c7f3

SHA512
b2057d0b2cbd540597f4297c57ea0338ff3fa71251bad8985a0941d145e2c0c85ad7aed83485fe26da72cc5fdb06a451e9ac30641789513cf7aa75d4b2d8c20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
dcc01ffb23804ccdc8621dc8b2a42c07

SHA1
1e7682baf53248c679f526edb30b142760b205b1

SHA256
693097d434a3f2afe5019d8e0cb49504b4316b205f2776c6c9b81965fe92f7d8

SHA512
14e009a86b12f6205b866fbff8b9242989073d250d9500b86ae146627b9adc8fc43c533b5af5676bca9bcc1b5c342e9e17eec0cd20db8a537b9a677779afe88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
291B

MD5
e340bdaae13f8cc0c0b22ff3b0c07702

SHA1
12dfdbc7173496e28ee88e27ca3a41bb77431900

SHA256
aaa6fe16e4f028837f36b81fcc7c566fbfe64b57969cf2c3f1e4fbda87b70718

SHA512
2506c8568dc79fc5eb246ac343f24816e1e89b277bd70071acd7e92511ad286f8435eeecd99f444950e09cf9e2219e69d8eca1c1d35cd8f7da1a0bb4606d6003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
165KB

MD5
d600551da02cf1c7a5748ae52b718239

SHA1
088cff5145f1a07641ca660cadfe222a7e923c2b

SHA256
561d4d9abbecf274101f78ad1cb2011471cb1ba4475c25cd30502dc29f2fccb5

SHA512
77613b32816a112c04788f843314f91ee19368c8aa8392c1b841ff743709080e79947a0228ded7caf00d6d99b16cd946932472663ab6a94c56572b4f4a985722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
445B

MD5
93747dfbca0ea293e010f86f16ef34f1

SHA1
fd356ec7820c48b1302b5a13763bd60b3cef48a2

SHA256
f5e6db947309b19696c2a86a640c8a9096be70a537668bd9e06ceaeca091fa80

SHA512
fac9413c34caaae4a3eb73938fdd7e76782ec717aacaa7c3a8dcf9eb242d4ea24a99c8077faeda1dfefe26cadd6f6953fbb4b8754c2825eae055756cebaf3187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
107B

MD5
124527779effab00a68b4a82be5809d0

SHA1
c9b6bff9885df9ebeb7071a58123395fc7752a33

SHA256
670f4e8aeaa07c85b86c3597a7b55c5d2e4a5117f9d51fe4ed0e461f8e24a610

SHA512
e8a197ccbf5130251209ea96966b28c578fe41946d64e7f61537d1e94b6518629fb28ba16cbed127a7cd208460d3318cb1a1de384c5db3c6343c9380483b873e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324995530090940

Filesize
6KB

MD5
ebae033405778dd4a2a443690e9975ef

SHA1
6f91b684aa7bba8435a959ccbf7853c4ce0a5c1f

SHA256
f020f336d89c128155406b99fe31c5443b0343911f1a602d2ecf3900316277bc

SHA512
d376e2dc035a9ccf2507bedbf1a6176735c2789e98699475af3e2112cc49c2d8ae09542e66282c0cf6c3f5d7bab1a4b2f24a6189a410f9b5f4487f2b9430c6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4d6964cff058d9d8e9c1f4ec86ce41ca

SHA1
a20088a645f8400deaf187f5e90367b7e2c968af

SHA256
510f806c72e41fee85d7098c731c46e9c9633e63a3b8c12c641cb4715f7371c7

SHA512
75f82e30f4d77cfcca82c6462bd97b107855e1d76ab392273e7b0619633602ae46bef2355502f662d64e2a38bab2ce6166009a850c96df02c923cc1d482cad4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
9ec59521bc3d6d6a0baa1c2c0bc49f0b

SHA1
68a94546f4602ff7eea9a5e81dadaa8d4a45ab97

SHA256
c06cf980cb448f2a205129f529a91fb035fad8d48f457a09630e9fcd408b4f08

SHA512
148b5fa9af9e7f84bb6257a8e00210619f1ff2e3e8f7ffe9f74808c80593971023001bc2a0670a3648d5c946f7a99b3e31ef1e3233ec1e7edca92b56d90e9545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c14454a2fbd157d84d5ca67ec9020598

SHA1
8bea640de14243d21f5cfa9166848b5b3f9a265c

SHA256
c1c3191b387eabf0a1c24eb00b7b4a39901fd3ccd1b281a50128bd5d77c3cdc8

SHA512
d550412985cb75fdd8ff35d8e9a54191dafa76b3dafad73c39822c3807adeecdb33dfc95c9d2bb8f9b9c3475ddfea89c13033eca041d8c1a8b0cea4808a1b223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2c5f0d6e29f5075007a15e2d40bd1ad

SHA1
92796ebf7acc19078dde716c07ecc134c4f296d7

SHA256
60b778005ab00562232b5a0184672e5c5ff1216eaad6d1bc2cf60cab58387d75

SHA512
0cf29eb09775d6144bb997cb06ead7da541ebcf5430e027f688f637f28625d0f253bb4d76684f5f939e04c3a2e38ba9876b7458bb98c7a9c71bf35843ed74882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07e4998bb71cb9c65768f2437e4faafa

SHA1
3e43f6d9c3727e02547f1f7c7ddf5b7390d80abe

SHA256
21c7efc6a05359e43f3142735696fea5e471b69daa5d9ad0bb04d0c8efef426c

SHA512
da6963c2d9cec59652f4abed808778f645b214e1be3bc4f8c51a2dc5667cd273041616844ef2f0e018d279fabd66918ae74558d0832764c78ac94ec4f1e0e877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a9ee670b3800232a6f021a5f4a9fe6fe

SHA1
7663908f701b447f22ee33b3288764084bb60463

SHA256
e98d299cf2dd1f8bf90565e4a86457f37dec8caaba1b7261a58ef1a17460f441

SHA512
bdb5ee1c8ee7cf536b15f4275f6d59d2d37602f13182c2be2a59ea6787f0d12fbe3b9fef61330d4c984ba306b7c9ef0e68b75309a7668b0194eea1378c75437e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f579b49f30cfda64cd34a470986892fb

SHA1
109d2fd48adb37c650e9ff0c06d6f30afc607035

SHA256
d3963b6d0387e2a32c97fe38d5071f9cd8f45f0d4bf89a7757286664d4a0a1ce

SHA512
640afbb1db7eb6c449e32349742f035ea82c74e3ffeb4cf1fdd5656857db6ecf204e35f2a608b9ec9b5f3cae8725498e6c779f98f1c49227ee7a0fa832aad78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
e0b88c839731178d13725624e5d90200

SHA1
5536927a1f65557c8a563777b4a3dab4a70827ab

SHA256
f29d30188c20ff3f9a268708e50b10e95c803218d05a666de18b1387e92b4105

SHA512
d0b22c6d35e167ffb5674ef0441b433cdca48b6b5387dc9a489ac5362d7419a7448c188c8e8cdffed839c5031cbd1db7ea59b5b494e34af0f86aa26f1a53a8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
97a1e3750e21648f9b9661458f313cc2

SHA1
1548864ab0872ed553e322cbef70ef784359b846

SHA256
04373bf6fce64f2fff8a93d35bf627dc17c6064c7a27995d3c4a24e60011b154

SHA512
ea5e0c360e80de9bbfd8672ae61734e1c8da41c35b84b455f7d570e00fa5de4f6717ee7fe7cbd9ca17c7df5ef48ad2a84d48dea677cf5c03d1b392f82d04ca2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
72bcc7d757e5070fe443dda3bcbc1189

SHA1
da06e053f330e0a8c4592e614eeb09d3e1c68e0a

SHA256
6bbd0d4b5b493385448fd55174d1fc410b864ced76d1ece88e14e7aa629505dc

SHA512
50a3ece7c5d0d3acec92fc41cb02a6ad3cf9324ca6588839ec5493284f5dcaff7209819f5dc437368769383934ccf735d5d4176127c9b3607ac51b7edb6fa1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
560B

MD5
715bf12c0b50c59bdedf365e6f736ea0

SHA1
682a4db1e4313c15e10b83937a708270c47d2f28

SHA256
ea9b524e0bdd74f2a75077848f5b87d5c0254e92ba94e7d14c7d640f775cd180

SHA512
8f7883cdcac8e8be79ada2cf4de3f98e850382f25fb7029c8a83296f5d7f91662bc80de89036d156baaf755d378a1acbeb281ee8765440a5ca5bab7116635e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
ce2e2ce1595087b9ef699f4f39c1f443

SHA1
cb1087e0d66342f01405a2e01b753699cbf9643d

SHA256
541ee1f642a053a2ca848332ebb34dbad475534ea41a02c51b8565966c961663

SHA512
1ce528a0c8a69b4f6a151ba7c823f70d6d58ee38083fd2bae105f2a9337cef7f83eecaee9eee25c19127e035a6c1bb5fc2d19fb25ac9f5df5d87db078cef2403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
86e8c7ded95206ea1d4cdd31f311189a

SHA1
d712703a41b6f236b1b28193b52f3d7fb67aae93

SHA256
2dbc5a7899f1162e15675f980fa7cea34e4072a7e561c66ed33224910a669aec

SHA512
2d14148a00f9441d5bda4899b5dd56c1cbc926d1272a7ff4e4fe1ec442ad28cb65ce5c4f4b91d0203a7a0871ad66fc50248edf4de8c1ba58abd4f93a7c5eaf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
86e8c7ded95206ea1d4cdd31f311189a

SHA1
d712703a41b6f236b1b28193b52f3d7fb67aae93

SHA256
2dbc5a7899f1162e15675f980fa7cea34e4072a7e561c66ed33224910a669aec

SHA512
2d14148a00f9441d5bda4899b5dd56c1cbc926d1272a7ff4e4fe1ec442ad28cb65ce5c4f4b91d0203a7a0871ad66fc50248edf4de8c1ba58abd4f93a7c5eaf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
384bd6242f95f9a274ab23da45920212

SHA1
dbd7e0d65c51758b9368861a7db87ac931b40d33

SHA256
01631d2cb274a356922768f41092010fc7e4c2cb1e661e681d8291b72901ca15

SHA512
935a01cf3ac10273ecf7690870e088db773faa65b29ada8db43a12dd0e2ac2f5b6034342fd6dc19635afba4063875599aa00489433483610dc55cf70f2661db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
384bd6242f95f9a274ab23da45920212

SHA1
dbd7e0d65c51758b9368861a7db87ac931b40d33

SHA256
01631d2cb274a356922768f41092010fc7e4c2cb1e661e681d8291b72901ca15

SHA512
935a01cf3ac10273ecf7690870e088db773faa65b29ada8db43a12dd0e2ac2f5b6034342fd6dc19635afba4063875599aa00489433483610dc55cf70f2661db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b605836d0938da75f8f640568499843

SHA1
050aca38ead3304d6fde5eafd65e3bd30d89a1cc

SHA256
0ffe85b5b43d89861ff89e45adf45eab8684a75764b59a13c05d72021f4bb03f

SHA512
8fa2bd71a167d195006bf8084bb8c81d405b347dee0ef835a3cd9545194b5154ac36d3d6491c6ae3b6242cbdd87f8f607b457190d2598a7832495001e1be375d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
afbafa67f34142ef875e207f3e5892f5

SHA1
30e7721619bbb6cd9a261669bfcb7f3cc1a1e6e5

SHA256
c2fc85b3aa81dc08403f4a69bf138589281ce98ee52648a030d3257d6ea86188

SHA512
ae0d3677284098f27433a2442fda373e3576c730c5259c733b6d738febe94b3e8590553de849a7c4967638632381dab3f77e7b7bb008cd622cc093cc3c6b1b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
77098af5541a6557fe4d7169ee0e7aba

SHA1
3d58ccf3ccce676c66d742b622be8583851ff90c

SHA256
1be645872aa724f13d7e5a4eefb88d92c5d8715cb0caa217690270734f61ad2d

SHA512
0e78b2f5008683958e1996ba31c11a35415e2c61b589987c7b3bc3a8c9ed70f4bdffaf55202409eb0a8870f8cc8d8eac3dbe29771a4501bd6c1ef60f99b617f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
162KB

MD5
a11d0aa5252dab8c18584b9229fe4ef3

SHA1
24728fb84c83ea2aa4d7c94cfe66a3348952b213

SHA256
4410f8c813b93fff4522b1bed3797ee10e52dddef9f9474a9133179f21fd05fd

SHA512
f64d21d127ffe7bbfa418fee6e587d47c1cedd2c46980419d603e736be18ccd782912948c25356e4e52f52fb498035e28fdab1d8cf7d0c769866cb67241e6b50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15653

Filesize
13KB

MD5
fc39990823b0b1d39b9b3c8d116125e9

SHA1
748d35206992f7408992e64802dfdae2f69c1847

SHA256
1f23628d35b5ce77630b14d21bf8c6e66a909287f1baa0d0acf34b1d60a1a1d6

SHA512
19f5763c8f4d5c5b024e38cfc46320a88184e8beccaef2849b9af3b6ec0dedfb69840c5f2f617a5e399f21bebd5f7c45eb82cda08f17aaac5c0da000eb2f0d33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\17777

Filesize
14KB

MD5
5a92905f95d7106b857b22545375789d

SHA1
5b924bc36b7312926e59ab1143e60bcd5187b9b7

SHA256
3a31b08a0a33826e5b49b47d4c622e154d60db940bde8bd0dad1d3d65433990b

SHA512
c99234f05c7c0f5b571632740f3b503c2ccf759263e1f1530dca7df56818f3dce20efa8654b012617d93446f7e82f6505fc6020ba014e19847fd45421af6429b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\5182

Filesize
8KB

MD5
261dd454e9cbea74e5f1543677166f7c

SHA1
b3a6dd8184c27165e7ed139588587612e5764f98

SHA256
09f1634906dd80ab61e0d571d103f9460b06731b8e6bc4f61863dd993590cc1b

SHA512
f4c661abbebadf711469da89f85b1f58e07105c69c1daba9f234636d4be9da80d06f20be4ed7f0aad09d8d0a86dc12eaf8c1551b5bd7dc1bfb86d2d9163d268e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\564CE2BC0C11F98CF6AA45C1C6D3616B90F0764D

Filesize
49KB

MD5
6040b1e4652f92b5c87e4827a5ec6203

SHA1
d8d06faee26dbe0bd691c25fbb033e1ee1e0cc19

SHA256
621f7deb2949398c692e0a79386cd9dbd230675207c136cfa540145b6518efaf

SHA512
b8868d1a6a691f4d3b7deccda4f205a9fd689bf1ef0fa8a454be939ff366809284b56f0582e7cc3a55bd2ccc83a0ea083c3f68ab337197e48af75072bed45aeb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\9FE69D8D25F630D37DDB13BCD4773EFB198B9547

Filesize
101KB

MD5
925705429ca25d2af835299485e30669

SHA1
6678720498364a340e71675d9b7200f58de8bb24

SHA256
082d573f395f07f0eef7d55fefa905c930b026b3c4d16275da3832896fa93318

SHA512
d0a652217e46563ebc4cbb4efa105cdb45ae0527e49332c947ed104a534c1bff94de267086aa2ceff382f96c331180256196670ab7c49f377bafbc1eb71b993c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\A4BC0C99327D7691FF360F07D11373B5791EB30C

Filesize
14KB

MD5
997770dbf319c103d37682fa1ed89576

SHA1
ca3eeca2dc1533679aa54d0d5d54e28c1473b800

SHA256
93d72c7b434f4be1ff0f809215c906d592d33a38ef3752e333602917077896f0

SHA512
1d237e78fffc5bc930f892c1697b5ad37fa4d93e875a97e87743c912467ff99e83c9cfc0907bd72ef498762709f05cd57527cb11cecf16d849c300d6143f95e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
b7e9dffd592edbdc548de4c910c8e73b

SHA1
ddd2d95e555f6457531d4fa1003196f04b4dc152

SHA256
bd0d20ba2d23c9fc29c71aee8374e0e27e7af231d1e3bece0b03c675abdab728

SHA512
633e0c2947c5f7ca07d8866d625967ba4b09d62e431b4693a11229347e25b11341234375614f28cf45fef1e2123bbdc6e89b6ade777fcfbf93f36f1c81e6f59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1t2p0nrd.owm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
d4f06610ea909e5e18dde51e518f60f0

SHA1
aff673b7dcdfbef450ac057a967e4d1ec48bdb69

SHA256
6b47111487cd25a2ea30362472474e9368c650a793e09dea584d6ec0eeeb10a5

SHA512
ae23bb0a61ba495aa5b02e8829b60fbb3d7bec12e7822fececc66940dd48ff036053cab3bfc358c6d50e7827164698eae176657e6b66ffe950f73682cdbc152c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c22638fc4d235d0392bad44a04324efa

SHA1
e5304a77ee9d845b3c741077ebbf8300b8ff9e6e

SHA256
3ab5e4cdd31690c8050f4f8736c8ec438180e989c8f7a403d302052a10abb059

SHA512
e5deb6ea78b9cb9e228d9a6838e37ad6ccb3dc955e3e4ee98688480c328bf07c5718f8de8c9f20a3a252f851c548f87c3db67c9bb862274365c641c41e4bbc94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
9c8c75137cc2ec2859d2a4f1b27b52ec

SHA1
05ca3bd3211e54337e0d22c9b4f0e62ad5a3d05e

SHA256
c5d2633a4311e1e897b69a2c26c389dff096ec63df0d201961462a284c416067

SHA512
7ae723f5ce84adbe00c6a5815faee96e5d22b281a4166e4606996201fcafd63201e3a4e7b53ee0f71197a7007369d2940d1e5469565ba467041a14ddeba764cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
6f71124241fdbbf4834cf39eace0a453

SHA1
b77f24ffe66997d929b84e81bcd75d34503583b8

SHA256
065a5a1057541c2aed73e3ffb303a4ac39e5d81e70001b9393a5bb9e4bbf1003

SHA512
e79921a21aa0ab2df64c4c2a69fbf642d6785f6f7479b60c5cd132009405ed92d203fd52a7e3028b8de1bfa7381803ad8bacf8249bf037032ff305d0521b3fba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
8c14e6cc0b38d80603aa099a92d1c5af

SHA1
39244337aca29d7baf6918349dcc35fad7a22c33

SHA256
74387b430559fa6f1fd1a74ffa5bacc3dac1fa02d4c8b20b6f66101095dd9284

SHA512
ddf522587bc30735caf4a4f433e4bb44c2559853ee153a5e42a991b18fcaf90d6e3fb4d4929d3bd1c62a2bde3308a112d77b49f7422e61f4428f6835a851e720

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
e78e4b94006bf2e9c24882949855fd4f

SHA1
41d0fc129d5c00708ea6293fb4cba50528bb30af

SHA256
eeffa90985d33fc76d9848714fc1f802f581d177994f5bd2e9921da330101e2f

SHA512
39c772be7305ea9d1f434cd2b19efc59606ef3c05d141a913c6b194e3a508120bf140aeab9c28c502ae7a91ab98f22c0b1ba69f82ad847b15810813ce6b5100d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
8KB

MD5
6479788138f519cd9dc3ca1ffdae4de4

SHA1
34d8e543fc664fb874421ace4e7f7f691aa6bb46

SHA256
ac6b81e72637d624ee87e6d6b32ca1514c2f636a0ead4fd043d24bb12010af5c

SHA512
3df3a290fc771089d7ca6afc86e74935aaeba55ddf4a7b7a29b4fd34982b66c71991331524ecdecadf000351ddbe7d46a6c218c919185162b1f95c88d2797611

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
10KB

MD5
f3ee21e32f20c4ecd285aed7effdd11a

SHA1
8256989b9fe4de6f205d175a2d8f2f83affcf342

SHA256
c7ce370dd5a0ed1e5837f9de61f7768250fd5c2da9fa0b0504794e78542db600

SHA512
8172b4d9db057b3abc3271894614fae82729aef779e3f7ec9ba6699cf025b9774a585dcc944a5a27afa3fdeb4f186950b5e94c0b0133593118b830c2ad57bd88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
10KB

MD5
99ff5accad39a39f280a6c5f8d8c2a07

SHA1
e69dacf1f34cb740239ffd19dd5531787b3c5273

SHA256
464386130ceea67783f4223f28fc4debea218a5482aaeeb06786592da4f52010

SHA512
3fecabb1348af663094e928fd088dab614280a2d735d6c70cf88eca68f10876a3016eb70b0c392cb6f5ce292b234c295d49dd3527902f03c8fd5a4ca1c9b884a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
82ba6d0b167e79b6fffd619a6b6bf338

SHA1
30670c7f78b66976ff7345e0e0e7efaff9e42fd7

SHA256
f2dd6fe1ff600b88eee0a53e3e5fc8a7de41128ea6f1daa6040534a88cfd59d4

SHA512
38abadaaa94189eaf32bbee3f25a6ad62709cdf1499ef843b92f86aeb3be19792e8b9e88ef64820386e7bf6243c23639f0eb948bfea5f5cebe84d8430128b4f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bc75490bb4fe902534cf3028c36c2a35

SHA1
db42021d6d6ec5c1eaa9524022ac961d9de38b81

SHA256
cc9a1c6a820c3c359ad9af75fe633269aa14956d9b66b10a989903554b8c6afa

SHA512
5641728cf8e53b2d09bacba5d9c64a514b4efed67364079943096043a01c48c244e21813b9e2050bab11ae6302bf903da016e9eb79e17259f9e02b1b36e65183

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4

Filesize
9KB

MD5
8e03c099a1886d0e6bd0e2877b07fa97

SHA1
9647c03400b5498b3b7fb336aa04d6b00beed8a1

SHA256
0acd25b29cc11b21ceca5f4c0ddabf865581a280ceaa2f2152edb7b5c839b3c2

SHA512
7cb1fdd28c0a42b6224eedf5ae5ecc154a047194d47218592f339f24d113d81c34b0ecb5a255cc92185541fa32cc18616885c78646db77e0393421d469bbdb9f

Download Submit
memory/1684-133-0x000001E221620000-0x000001E2216A2000-memory.dmp

Filesize
520KB

Download
memory/1684-146-0x000001E2218C0000-0x000001E2219C2000-memory.dmp

Filesize
1.0MB

Download
memory/1684-145-0x000001E21E990000-0x000001E21E9A0000-memory.dmp

Filesize
64KB

Download
memory/1684-144-0x000001E2063C0000-0x000001E2063D0000-memory.dmp

Filesize
64KB

Download
memory/1684-143-0x000001E2063F0000-0x000001E206412000-memory.dmp

Filesize
136KB

Download