9585556c27c30570867f939493329434261f650796ef2677b0cb54ea8a0658f6

Analysis

max time kernel
1795s
max time network
1799s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
01/02/2024, 12:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-01-22 8.59.23 PM.png
Size

982KB
MD5

eb20fe847044bb90ac416d5953b601a0
SHA1

722fccd47499f655cdd444065d925d71c29ddfcd
SHA256

9585556c27c30570867f939493329434261f650796ef2677b0cb54ea8a0658f6
SHA512

080c5cf792f9bd598b34a6f2c5faf038edd1bbd6365660d8de66b191bba5b21d54bd586b37eb4e650c4376e421ff518db543d8a0792e8552acbc0b3b689c6626
SSDEEP

24576:7oqkI2hxdx9p2EbCgvQwwKWbSdfUxdXC2i4Qys2CZaSebOvEQ:XkIaFT2pGfwKESd/UQyxiGbOMQ

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1176	TLauncher-2.885-Installer-1.1.3.exe
4528	irsetup.exe
3844	TLauncher-2.885-Installer-1.1.3.exe
4804	irsetup.exe

Loads dropped DLL 6 IoCs

pid	Process
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002a94a-1663.dat	upx
behavioral1/memory/4528-1668-0x0000000000BC0000-0x0000000000FA8000-memory.dmp	upx
behavioral1/memory/4528-2012-0x0000000000BC0000-0x0000000000FA8000-memory.dmp	upx
behavioral1/memory/4804-2046-0x0000000000190000-0x0000000000578000-memory.dmp	upx
behavioral1/memory/4804-2370-0x0000000000190000-0x0000000000578000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512649487536661"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1184116928-951304463-2249875399-1000\{0CE7BB4F-C226-41F7-B7F6-2FFE0CC032A0}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 994187.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
1124	msedge.exe
1124	msedge.exe
2008	chrome.exe
2008	chrome.exe
6100	msedge.exe
6100	msedge.exe
2852	msedge.exe
2852	msedge.exe
572	msedge.exe
572	msedge.exe
3412	identity_helper.exe
3412	identity_helper.exe
3700	msedge.exe
3700	msedge.exe
5712	msedge.exe
5712	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeDebugPrivilege	5028	firefox.exe
Token: SeDebugPrivilege	5028	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1080	MiniSearchHost.exe
5028	firefox.exe
1176	TLauncher-2.885-Installer-1.1.3.exe
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
4528	irsetup.exe
3844	TLauncher-2.885-Installer-1.1.3.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe
4804	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1228	1124	msedge.exe	98
PID 1124 wrote to memory of 1228	1124	msedge.exe	98
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 2724	1124	msedge.exe	101
PID 1124 wrote to memory of 1092	1124	msedge.exe	99
PID 1124 wrote to memory of 1092	1124	msedge.exe	99
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100
PID 1124 wrote to memory of 4196	1124	msedge.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-01-22 8.59.23 PM.png"
1⤵
PID:1212

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda6663cb8,0x7ffda6663cc8,0x7ffda6663cd8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14389407779292678469,222048374743583143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd95389758,0x7ffd95389768,0x7ffd95389778
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4128
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x214,0x25c,0x7ff649637688,0x7ff649637698,0x7ff6496376a8
    3⤵
    PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4672 --field-trial-handle=1816,i,7374868613214425587,10128633489232816406,131072 /prefetch:1
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.0.187595383\1008206108" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2f81ffd-d198-4492-af45-cda8e2a96e34} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1904 1ce109da158 gpu
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.1.1460711365\832384191" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2240 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99f843d7-84e1-4e94-b13c-df9a64e6bd7a} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 2280 1ce048e3158 socket
    3⤵
    - Checks processor information in registry
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.2.1725112682\850866876" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e05865a-876e-4eb9-90f5-e841ad080ce1} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 2952 1ce1095ff58 tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.3.1642065540\794684400" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3252 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65a0a81-fd2e-4ba3-9a8b-321ea0ec3a86} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3492 1ce169a5958 tab
    3⤵
    PID:2480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.4.456227819\723494958" -childID 3 -isForBrowser -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27548597-2573-47c3-9527-a7c813b9eecc} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4496 1ce177d4b58 tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.5.1433599746\2072865587" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5048 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6a9ff1-6c34-4c25-9418-faeab6803050} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5084 1ce17ced258 tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.7.1877322365\1844624409" -childID 6 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef06fb9f-5cd3-4651-ae5d-5eca6a5140ee} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5412 1ce17daa958 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.6.1248854901\873652821" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ccd888-1780-471f-afee-2f9bccd5445a} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5220 1ce17daaf58 tab
    3⤵
    PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda6663cb8,0x7ffda6663cc8,0x7ffda6663cd8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe
  "C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1176
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-1184116928-951304463-2249875399-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4528
- C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe
  "C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3844
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-1184116928-951304463-2249875399-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7220074600587099914,17349316191795659673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\418d976c5e6c42e7aa8d7ef6c209f024 /t 3820 /p 4528
1⤵
PID:4976

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\24d3d9c87c264e10b0d2af8547d7ba96 /t 4836 /p 4804
1⤵
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
fe4749f8c8a72c9783ce9fe990de9d25

SHA1
7c15be6b76f4de032c6cf856679679b41771419b

SHA256
f3b1a600c7707b93bb6ec5dbd6e1adc12705173180099bd43fe8b0c706f0aa22

SHA512
e1aa7d83a1f6fcc7e00be9ba42e03fc1601d49b1c84375a3fcb6746c2e6f02393b36ddd46c408ba03f1701a589a2e8637b38ad65e39524e585066d4defa7e857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
57b55f49f7b4ffd084700832a0bede36

SHA1
ff6c161fccb893e86e1a509944543a95aa23a64a

SHA256
546b6509b81adf95863bc89de1a482da3f76990c394d6ae128f67e4cee6bb140

SHA512
65c18f76eb7acbc1e29955a1fbbab258fd8fb873f4310108264be45663f30d15ef65653f092fe09c6344977c87a5f02d657a76b47362afa54185e2558f9b77da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
339b24433dbabd7d42c79896e6ffd2fe

SHA1
17e2309032333a7f734d6c5b57153c53874bc88b

SHA256
6e182f38b3b71f593337e17bb6ee9699ce817f9e3babe366b9ca0d3dd01399a8

SHA512
5f3fc65fd830e394428b53624fcc7fcfbf7fb72219e5357159a758f33cce3b117146fef1e13c13997030ba5a43313bf04969cb4961aba37a77ed6d1dd0460f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d14bda9c-a393-404f-92bd-c81cb7cf34b1.tmp

Filesize
371B

MD5
3ae64bcb4c8a561966b023e6dba57443

SHA1
027bd2e885d2b4da104f9c11d2745520e8fee52a

SHA256
277818039bb45210bb91a3a78cb89b98e0df224a64d7c415d0e00ed1b1636916

SHA512
e8062ccaa5e675197c4bca05b23ea1f6a25a2c940a9c91cb1b1a5e656638547bc3b46a883d42febfef9e9012d05b33745242b89a70e535d456ac3ebe883b6d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ffe8336701a14b0d52eadb639aeb74c

SHA1
c35dc9cf551bf2f5d5cb94d1b6c650d04f78aed1

SHA256
5d81f7d7d8b5aa2a898eb49ce1ff1c4d84838928f5be45160ded4f1c49af0852

SHA512
4f8fcc8afd6cf96f1edc58b7335056fae83fa600ce592770ac3bce15fc87ccb1843be2c98eba93f7f3e5bf777327c5f06c53b2ae33e2c902057889e495d685a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
633464794590786b05dbaa29814e92c9

SHA1
ba528001e55b3640c80d46b3d609e09b0cd4d9d9

SHA256
b095d92b3584879aaf4489e84f954330a5ac25530112b0b9d92b2f5b521b2eb5

SHA512
fcd260a1213aef90bdfe5927e3060e88be4ad20f4ce872124322d6b41e19c2918c469bc83b2d94a0f671bf5cddd64dfe435d99000612fec603ee61efecb793e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dbc1e9b8186af4d820afbf055cb420ed

SHA1
da98ec587dc5eae9050e3da98229ffacc3835082

SHA256
cb84b07ef65f1ee95eaeacd95928a4c95ef9766d27ae1ca81772e1367f603864

SHA512
fb627949c0da79cced81f348ef47bb23b0034041b13fcfdfc783d8fec66accdcb6743e6c6f33ee74024d9b88f7a6778b220019bc57dfe33a36a2242984960d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
afedc119cc1a8c25b2200910f99167ce

SHA1
24e09caf1a1a0c8d54176879687d23e6d295a348

SHA256
cb700209012f38e9ab7d5afadde8535b32cc7107949263b08f12894a5a5d1cf5

SHA512
41260551dbce097fb8e17bd9f4bdce13c0e35ceeeabd87154bec475401a8f137517228536523ecfa9fd75c1b3b4e82ec7e242ca7852bc0de2e089f5dd9552400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2fbac4b59d6d921abe2ff67eb3e82ea4

SHA1
f5892a34b2657ecf8dd6e88329098244bfb254ee

SHA256
e83cf8e588d45cb620402f04302eeac6d9e73abc7d2467049b0539e0097731bd

SHA512
1cec573c82a349c3ea13104961ee30badaa6e2c69e7f7ff9fc8e1b70f6c758064da3e8e1340db2c7e61c0f9b9f7b31d775fc6a179a1b32f40fff778e53cf321c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dbe72a1f5827efc08f70d06ef815d46

SHA1
6aacd61519fce53ecb92e5e61207a6c29c01f47b

SHA256
dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3

SHA512
2e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee38646f93c883bc40053ffb72cf205e

SHA1
ea350fbe508cb427d587e0103c09170602112461

SHA256
43e2b0b0d90fc5f1912cd7c6771a5d5838d20ca6fe6392094bf91f2a9c2e3011

SHA512
63e577870b1aa120d8d08701a2a52b41f96fe25368cd62239ced4f62257297ace1fa824fc49a3012081f38569bdd2fa30685e4923debc65f8a14ae148270ff6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1164e05d-7850-40b0-b4f8-0758107fba90.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
92c83a3d89a5be4e6d4b58dde53bb107

SHA1
35d46192176e82e86e0faac90b50a69cae70f02b

SHA256
f86f29547454b8d4ce537cd9d6faf6171ec3ae3ec3a61a17d55d3b0b3a4e339e

SHA512
d0428b28afb3a7552762e8fc4c250fd9536074cfa5865342b1a37d348e30aec0f176e7756e1cac06dc50b593a68db8433bec5c844326d014efeda39f1dc32248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
bb99872a34491db92a2c090daf157091

SHA1
2768851f891582e750518bd5fb2fc58e03af1f78

SHA256
da180449460c8add9de84ba54986bf0c41a1fcee6b29a7253d1e0225ed73e9e4

SHA512
347111f8c4f7ed5f2decf8771db4528c5455edde4c64c1b9984e85b7027dfc3aad394db409aa41e0b8c35a6285455ded2b4ba931933dcb0484c1b2d26ab5fc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
27KB

MD5
b8c7bcad063bd64939085d68ca0b2de1

SHA1
006ade91e89bf7b21a7e4f7ed1d3a1b4ca324c11

SHA256
b33d25111ae42d220b2ebf8d806e4e60cf8043b134dd7fc41b7a22259ab50b53

SHA512
4280154fd5205beaf577612ec97bd65713f3aee1123b6e439e363f2cbf702b43875008e5d1d0eda5ede0851253629594d7fe63630c609fcd49aea233d2ab9180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
7bb514fddaeda52f74a53b57c735e3ce

SHA1
4cd89568ce444b10312a573375e316fec63586bd

SHA256
d16bf0edefa9d842cb3e43d99a99f53e8bb94b19c00a46a06416c8d3c63f8254

SHA512
58c50743c96024ab00b70c785c449f8c60384857c1c8695ed7d6776030680a3dbd4fb371c57cd359dc44c6c6148912acc00287e46ce39461a7e5384961304c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
27KB

MD5
8e726f705237de526d24bef1bf3a0631

SHA1
32686afb7c33d0ea65c413d773bdff6a01a59899

SHA256
b0caf825c0456cc2e5ffef6801f361e34d5533c3bf55e3af0cb983e39343ba14

SHA512
c62c7e9ee6d1c5408811099f5bd5dde0ea20dd5d9d85deec980b3bab8344eefcd55143eda98b995d2418ca20522420f0d2d6c8f18bc0ecb48ad32b4a5e2e8c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
193KB

MD5
7fe2c36271aa8065b034ce9efdbd2a07

SHA1
e22ee654cb122d0d62393dd8d6753d2bcad148a3

SHA256
02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

SHA512
45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
71KB

MD5
398845f61d91d2348b59f4031931ce91

SHA1
f4b19b5054ad7ab73d8d83e920f0e757f00b0b0b

SHA256
7a59e84a373b98bbf21cc9cac90406f1e61dd4c586bea312a4a2fb8eefe5df58

SHA512
93e5c5ac658edfcfa5e6708c8d5f0903643083e2628dc89ee18f3cae31d20a424a8797829e517515a35d0554cfba98013d5b6c296c21cb89abb550f30bc29290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
81KB

MD5
549c62b59b5596f709d8f36a57157899

SHA1
3ad05a60bbc5a20ed5d5f51104f8ea3f6fec8b78

SHA256
c69fd1daefae556d4594491bcc72a2efd16d925db0c65bbb0d0de791771d785c

SHA512
d54e817a19a2e56a612b1ed8267ddd2a4a4fd3e790c945efe70f65b2d19001dbb03ac033be0359ab53da6e8bfc03e35361edb728ec128484ea87b178c2e15d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
70KB

MD5
f90cbebb3d3fca6441bd0c92dbe5c7b5

SHA1
a811bd1bcfd1cd739d9f164205c56a63eb96200e

SHA256
4ba5fbfb2a2a844c72f55b86f09e5d659bd66f18f0fd15691a65ff8f2068352a

SHA512
d49496b500fbc4fc8e8ea4b3df08de6627db2494836b3be3f64c76d84c71cff8b901fde0092d644ee27ddb0317f0c4fe0b85d1f5dbc9d6eb4e0e9d4eb8eb2cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
67KB

MD5
b875dbaa84851be211f2c3a9951bb8dd

SHA1
259633daa447b63bd99e83f6875017ecb198b4d3

SHA256
873484792b4428043e5cf5f4e63d80a177a72af0b954e0be3e6268e1e84ae280

SHA512
55f863d0bf5328486e336b31c6f0eecdda1187b8486982271f166bba0e1c74c0dcb829290a47e8fb197a6dd95b45b9a1d2de2df5b880fda5492371ae7186d469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
79KB

MD5
9f36c62cbbb0970264bcdc6d08236c7f

SHA1
f72703bf4f599e9e5c877d22b779abed50791bdc

SHA256
eabb5f01bb55de0281bce1306d8cb069dd65daff965e6ecbe047d21d47df6deb

SHA512
1f52564dbe57397f6a0444c7ac4af5ae670719178504bcba69de0b7fe9a990b908a7a20b3fe995bcbc7811eb2711111cdba82c3b16ca8e240eadf66c219872f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
83KB

MD5
cd266380574df22c0371e2625c84e31d

SHA1
02c44e3176b5bbd6511670b4d21e901fd962c09c

SHA256
0ddf5b158467536fbf4673e717626949003fadf84bf03efd3e7edab64f0f51dd

SHA512
a883e3f5c83a55cf00250f99a9fc03a2976a676757f3d6eb18ac73458f0f35959c575d66ecf5583cc65ae84cd7bde27d53ac46f0b683ce00dc06497ce3255424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
57KB

MD5
472dd5f55bb31d9a7ab19d2f61da8542

SHA1
5f3cf86b7ddbfef6ef80b1f78b5f4130616524e5

SHA256
4c573d3bfda70266c709727a5664167f6579c39f17767b0658d57546197f70d8

SHA512
95d127f4e71f300b29d699e9c6678f634835cf666ff738a2b3a4519a65a2c5e2f85deece6aa15b67a740de13903d37ed55404c4f7ca959ea15e425ef4edabc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
40KB

MD5
785d23f3361314c082de87d802f68bac

SHA1
ee66e3ade4db272b9bc02850e452076af3015625

SHA256
09c200de74f04331057371a7a72d5642be545afe9c1736964d29f7eae378e266

SHA512
592b91053ffc14d937f48cbb3303756e7c6c315a33beab0cbfa269950858afe7b9cc4ea136c1ebc04f1a0b1934fb7fbbe47029ec68264eb0dc1a4f134db45608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8e0e1c59f0cc0e7032ebddb1565d0bf0

SHA1
931a732896a1c8f5aa71a736ae1b30ca654537ce

SHA256
ce81f16052f39a922cf26973dc0c78f49fd593c26550f9fdfcab7022c6aa1abc

SHA512
36faaa4f74fbdaa52ce673e0b92ece0e8f4d35c10537472c860110582f9e20fb9de083b71e5001bbced57d74322ccf1d0c01058f9efa2bc7d251a8336a7274de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
316ea3f9b449ea196112237371659ac8

SHA1
bf3760117096e9a40b662c7d197e0eb9126245e4

SHA256
19cbb9f1bcc7303bcd1e2dca64ef2f401ce8d643d52fbc30cd21fe3dc601bfe1

SHA512
d96dc2c5128171663815e3751385c12e842f000b73ca48bb782a763b572c5a70bf9ba78b323848e113c288e3a116ec44bd21a9bcc1228de5dcedf4ac0f13af21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
980dbb36a517a18b7afa94cfaf1c6c38

SHA1
776fdc50d789c8576b380a243cb2fe3c6e908f95

SHA256
8cb7261d20ee17737220adf4295ed4b62be09369b0e4f53a500136bea81d3a95

SHA512
2c76dde006499755b67b5c1883899b41dedcf9aa3776a678227ab709fa4861f8fc9f5cb8057aa87cebbfd43db3b120b6133e0662ee6233b9fb5fa124592281a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
627c1842e7dbda3fe178aa1034739839

SHA1
2d72f2360e7e3dd05792bb20947ebfc95f73ef0b

SHA256
5b1e90f2141ac6b754782241e5bd933e9462434d217ce4a8e96ab35312df140c

SHA512
be1cedfd4022d9c574559220d4aa717fce6120905722a3d509bd040a412cd7134134f716d816951274e4fa888417cf69802af69ef7b1e3ef6bb2f87ae192db95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f0fdec22c7442f8456045cae51d04457

SHA1
921738179bbb3441159e901a2a9378365b5a6902

SHA256
f96449e2bee8a1369d7884ac73d72f7f32355eb1c71bf9259a83237761c65f6f

SHA512
7721ee9b4b083264e847230d13c32b0df64efa73c4f0c7336adea3e477867de9248d2f2178cae4e6c6777769d7644dda9bf106b3046b3d8b5e470ad8dd5f31d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
8ffe5ce088af30dd715cc83ee244c096

SHA1
a5cb6870e1932ae5094ded4edca913bc46528b58

SHA256
952d296a08e5668c00c0822c3bf86469cfd678b62df7a4d1894b6796fcac814d

SHA512
ccc99166fae5e69ffb7b2c8fa943ff9c2bf20b6e6a89c4948bcdb417e89b7795120100569aded4fe525d66505b96057f56be4bd626a23f189e9e63e13510a347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7af57993799e64c2d6dd6467dbd8694e

SHA1
86d28639184a9ce33c321152d2be5433317f4ef7

SHA256
348b58975a73143fa710f5c395875ee3b077e1b2256c00007de5272e4227bbe8

SHA512
ee7313393cbe319696f406541c5c641c11b3e4a1265605b6c999887b361dea07f0691225a697ab32c9f5fef81a257f64ed535a1a675d8a6841e9a9ba8bbdda78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1e1afd1fab121167e7456c5e164f4f31

SHA1
91868e1cae1cab1728f74edef0c897599d736cd6

SHA256
61f24ed45fd9091a0a71bf1435856d8cdbf3010d348145222e18a6344e332ad9

SHA512
f9f7216612ffa2a0b8c853ba57641715cfc10fa7cba516fb4f06a4172aacf2b8e9be2f50f7b8f349c6e9129f8fcdad82b33d1aea0fb50fd2e2762cc442e6a763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84c7a2f1880777db7e6082b4c0808f62

SHA1
d11f64f9ec4cade948f9598c4dc75fe1cf41eb6d

SHA256
eabc84bd72305cc9b272dbf11491854aa983aedd1dd794d8adccf79007ffb2e1

SHA512
babe4611c6a13286bc0ed5e2411927ed21f79d9d2015a440e549185afb074e3702bb917a0dfc1be5826b107dea098e9014670f56b8272eb3952093704a2da911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
549b5c38cb6c1854505dd12b2e5355aa

SHA1
4956ccdaf3dd3d48e86c31909311abc2783fd050

SHA256
c2eaf1e84de567c24e647e6f232fd0a2ac3263ce1828061119b1315b35534e04

SHA512
f45a785f4c7fdfe3f1a5c17405a92566af0143b8a150f889ddd6ef8c353b4db544baab67a4149c878f3bfad77edc307795309ca65ee46f50d544ef36913a8fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a4cc75ad6479f570591a96eb2c51e092

SHA1
ad7ad6003775cbc4acf3090763886fd38ad5837b

SHA256
a64a5b8900aed74a8b7cdabc3203100018ba14713b374fdb38a30ec8386f2f94

SHA512
c153a63009d9dc867b025682650c7c4e99685f709f1996e92c32c8d81d831c87c9ae729e8d1489eaf8d503b60428457bbfd649bb7acd0078833e6cfb61dbccdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07fdfc03000d00c7a1988bcc5506e921

SHA1
086a0772cb443a5f7a78415fe6a1b6c6319d9b40

SHA256
639e817e4e7b33488235f9d108cec94a7013f82057ff2b07b0e39ceacc487949

SHA512
751a15d3be49492a97a84bb038883d85f890be09b06d315a4ff84d1c3ee15dc39cd386fb4cbd408624678eb7ae6854af83f09063e116f2c182e3c4f4fbcc953f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7adee833fd9b8c152507ece84dde36c

SHA1
3aad0e75a2415f8da09139b4dcb35cf989072a39

SHA256
2c6f750c17d18489e2295872d3fe31c129ae7526a871e98e85645dd682e86085

SHA512
9258f1c9f1f3b50bd8be41382aad1e60d13cefffedd0d71580a1d562e22a89a737724b5819e26c21647ce53f154164480733b038db9fdb7e42d26e3aee6183b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81e3f7ac4398be86b96f27dbcb17e8de

SHA1
a09714eb84e0f567732b85f67c8f929941b138bd

SHA256
ec5ad015a6f7e204a098819106f30ac63b40159cc61f070808fd38a73c5a6f7a

SHA512
d9b0add12b1de46ac22622ed14d963ddbd498383fd914770db82113adf90c7c68e55cf32520b338b6d081bd37c317ffc78597335c7884dc04b0b4dd22c22eea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0312c5fda961615ea548dda0984bf77f

SHA1
0cb8a7d834dcb01ef8c0cef72598aa375307b959

SHA256
4da39d78f4ecb4c4f5c1b606f28e71b6b69b2d0aadf859a904b12762a9bcfc75

SHA512
de015a06ed6a7664ef3a8f43811c8afd838f9c76ef5b1fac8d13120a5259f3f072db06abadf620fc3b22564a11c6b4ad8433587fd14837eeffc764d3271a1040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
301596751ad80eecb69b0b75eb85d29a

SHA1
ab1b716c99d72e4fa47f28c0c9881c9063134716

SHA256
04260d7d621c9f1345fc1a14a96f539d5918b7a91a56fde23da4dba9a16422f7

SHA512
292d3ce37390c258d118126b77b602bd5ca1779b0a14929507cbf2d93dffebbd5309b8a0cf536a154f6341e6ee72387679804db3a70276312ad4497c30dc23b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
500a544168a66e48f91c03ea6c483be7

SHA1
1633e6b02d710909b73c6b655535c097e535c656

SHA256
cb43853dc542468a5854f08eaa7e903e329c17a276e202bcd069b3282182309b

SHA512
9744da144d52d69112fb9179044a8a6c958046995b0dfc621020ca2e63b97371af5847f6295d128bf154c7cb0226f49b175340dfee9bd73a9d63529a5a28f639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcbfeb6fda7b1ff25b563a9e4672d430

SHA1
70570bc115074ec07cfd5eb89bc3e2ad870188ef

SHA256
cb249cb892b97980ee1d1ad6d5ab040257703184dbc4456b5b592804da8d1e1f

SHA512
55efb18a3ef158d2b0471ca2de88a6e4c6625cb517277577ad7b0e62dd637e31674125828859942712947223cdcc1d1ad3b7557d59f24a138b7eebce3c1e5166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e733cd959ad2a67a80504ad9eba9edd7

SHA1
f09c55d99f53b09e01165e9f6edcce8baf4b322a

SHA256
44bf4dc51729546b6d639c2c5ac10402a25c9f9ea1d31a5870c55c4cb77036ef

SHA512
f6f1676601a11cb3af4003d0331a21bab2dc2e66d1a0855ebd6733309d7f6da27b6d941f754b5f6d08cc7773adbab6c325982cafa4834e80899e2b7f57c5c37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e19c415d26334e0cabe957526dff1325

SHA1
98a92fa5e17e7011d1112dfe3a87bbdbf7571569

SHA256
d1a6261bb2bd97f051964790ef43478a8bc947d1ef61520e00823a67baa394de

SHA512
e67dd4fdf7537e51c2ad2cb749dcd7ce0f6a46018e1107e6865610ac1d5c719a5949812471508419c8c34a4e378c5622d982741f86d7a8b3cd2a0d09acfe4974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
2d128c87cf6c4182dca054db2496b7d7

SHA1
48afcf964fbd65fc1e0a01af92573dfc3ea3da10

SHA256
00b248a16b51a173472a342bf3cd3655cd08e86f4b3a95074b443e4f30d2a757

SHA512
866bd2db555b44235c8265e2ea439ad3395494d69337694c8c96a505faf25fb03b5d4c9de0169c41d5d09cace400a63d99ea4aa0da630fbf6efe2a2ee7224586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bf31c1e82d73af1e6e9f061ecbd629f9

SHA1
5747233ff1fed5c652174e8361e921486385dd0b

SHA256
ae1cf73292a8c37df1e8a47362f8dd1d0c01bbf3e3b43c6f998413994e0edcc6

SHA512
52bb9c15c0c01934e30ffd60bcbe23b6717538ab8d5604308418e0ff8475a9d121a4a9e0326fc74be2a4ba5f6f9b8c0178c301ecbf8697a5f65e20bb763c3d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc270fc030b9a90e09e19a714aed55b3

SHA1
6832467528598313c42ddab1a02d62755dbce92f

SHA256
27f24fcfb6605803597cdad838f0ef1ccee31263677abad25687a6eec91c1110

SHA512
b74409bd9befdb5a7ea88a74b207c4238995aafa06a1f070c0a029da7a77a9f958ac995e5783dc80d997aecd4631f73952fe07147f7a683100706bfff86d6029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a30e1c7c74bee8cf2d1ad450e975263e

SHA1
d7a5a1269ce0c1dbb84eb9813c8401a154855ebe

SHA256
9c093d2ed8d1fdf8ed442b665554ed6250d7234272134dbb92f50b8756608959

SHA512
dc065e932c389818fc0a18ab46b31941256929873679892a138d22aef060b7e4076d8b5374d714fb96767484ca01cc5156c87fae0f778b383c8649888b5e6571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc34ea847d018fe57cbf4ba17d000a2b

SHA1
8d21895e23548311b6c38671f72cd87e2fc6b720

SHA256
221a71677cd62ea2f16d67fade9e5c6c0c06cbaccf92ec00e3f0124d78cc8a67

SHA512
63287dd25c200236d1ef7d442cd599c3a3779a81e31b312085e3a140a8c171709129e420a6d56b9de3d29d1926d0cc5a05331683f2c184b7db13826c0b911518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
53aaef8445daaff16df13bf2b61d3990

SHA1
1d8721c761b5ca414529d9a9dace3228fb27b5ec

SHA256
fbcd85a94e87665a524a1ac08c00610687cc9ff2bcbdf406ab2c9dfedf9a9084

SHA512
838e6ea65ebcebd32c3d0e13562c9082f17e29e1028dff892a10f8c3a88d5833a7d6cef8a1f16c76eae2e6e1ddd87777351d09f708fcf0c6623dd58d87718856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b417d3fffc6361d2ca30836fdb38f656

SHA1
1414d6ceb6be51a9d95af1f3a5754a7b977aafbf

SHA256
862daa7de16f94eae12754295f56c36a8376d9f127710f8de0bb3b5246d5ee20

SHA512
4da95338b6e765aa044d9106efc7347ac19618c6e3577fb0ab999398cb2ace75dd11525c5d5c544ad060dfbf4dd9a2c11893663d9e8dfe5442fd583bdc560405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13351264935591211

Filesize
4KB

MD5
85af0a525556c409cbcabd0c227e7ef1

SHA1
4faf86bac8e118f9f7dd87cb8a18486a5814b309

SHA256
d17be8137624549fa1715a058daba89d9d019275460d2cc4a94b92b5ec3c3bc3

SHA512
0bc0c8b3065f1182368c422a7af64f80dd72b8fe4075e3c175995f90970aaebb75e0d81d886b54d0ed55fe255f66367bcc26bc640122ab7ab05e318f0a927a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13351264935663211

Filesize
2KB

MD5
cfa12497e2f884ed40e42ee7e89ea8be

SHA1
9069d3674fd725401eb1f64edeec8bf40090a4b1

SHA256
a4b55c57976f243ece5b86543093c9d1d80e76fb88870ae81a37d736b8a9d615

SHA512
7c33956290028c5f87ad7ddd858637da04f009d41b7afb4a712ed2c27b6430d89c77be45d1ea1082cd6ccfd609f654e43da9e03e9ce6908e2884e702b0ee55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
cfe83907c1a8c58e655df1a3ec932ab9

SHA1
2bc91d925f77b207d61177176aa273e90ea2a0d7

SHA256
dc0310960fd5781f4a3f0baef7054e251db3ce79c272b3e6219367d3c93a5ebc

SHA512
bc054b027af1c3b0ff3cda00df5dbbae3d5910a010c2edaa62be6093ff00aae183e18f6c4a7d46897bf5e81ed34bbe32e889d2e39af15d10feaf60672b893f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
84df7f975fcd04e6b5e2b7238977a9df

SHA1
bfaf46fcb6ba27a54881becb2ef9f92a994f83d8

SHA256
ff4a3a17525d2d19f03bb3629dec4c22cea22f74316a814255665e22b42f43bf

SHA512
706c742252cd19b659fc47b37c6ecf05be231dd57ade92344f6820b96edfe9fecb0513b215f9ebe42a8de8246311b2a893c5d42ca5692b38d4f019ca23b3174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ce0b7d6ff79876e635931bcb24246e3c

SHA1
e8564a5a60dc2c9222e8645573dae3ffdd48f553

SHA256
827092c9c0b6492485af78d1a820a569b304ba9f844f67d7a813dfc99f50a5ab

SHA512
01b5a453f41f725c00109204fa25be82e72e31f151232e8bf17a5487e1733949a39a406e16570f9016f1aed39052b0410a9f5797bc2918b4fab2aa29711c2f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
752c0d94f997a99c2556944a04326800

SHA1
38b76406073e3f54c96715374a608ad965b98423

SHA256
fd37828a6448e93dcf01f30a3a9b35b3613913fa2778a93e3735fcd178bceed0

SHA512
dbe6d29ec0a47cdc3eb9f3293da658e738b2a1897922d0769d1e83a65f609af02736d87825b5be3368decdb752ea50ef082e368865bd2720f8d1c2bb2d71a70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4d9a51c6fd2b154d8d985ccdf6fb916

SHA1
aa6e86b5d4f7fc2fb5085184077c6a8c95ae51ca

SHA256
1e5875d2215d7f3b259aa3a925949454d133ced35bb82e7cae435a34aec98f9e

SHA512
75d49db69240ec4dd0541f0f04fc9510e064e97be5c4fca2f7c36fa75e7ed50f1ae11360b5b3bf6ba97f525fbc22d3c846d06794aa97aac1cc2a00262e775396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
824acefca650fd6b0d19491706add619

SHA1
360e17b2b1354ddc99e1d268a300fa02f48f3f5b

SHA256
e503a91948e5c9dcfbe964f74769796d6b7d3d5067ba47e4b643ec0bb10d4ffd

SHA512
af8c2e3a094e393eb83598c3d54d820cd27e0db850d4f367207e5b0cece6079261f879353ba9b7cc15a5df13f7eee77ba8b872ee9eb116b5f3157c9fb4566b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4cfabe8a3cb0122cdd60f1202090c72

SHA1
1fb7c3be0db5d079f07a5a1f75772787bb73b2e5

SHA256
a5e5ce3c59c8c69d21c98b721b8d61596adf9992f05b0060d895e2159d565e7d

SHA512
c2426419c0a41433c856877a79189bab78003c2ea6a85629a5ddae7c9b59cb7a828a37368258ee697a64843e81ffaf237f8668320a483653c3e1194b018f5788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9697cc5a0a095a04206c442af4c2128a

SHA1
395e56525920443524ee70853e1231ac7e6e39ca

SHA256
a2911c0e2c6a8933cdedf83395849ede3b57576bb06319d0d52664666af3590d

SHA512
3ace91fd92f4344329aa1a94694b65332456fdf4db48fd3e8c99d34ec72f867656df1d4ee53f105003b692561bc4a9004a21c7c065ff70249c5b8084b505779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99122d05a0ec6b751b739d46e124724b

SHA1
3f21e3792e542d075b23c261e031161ed1154afb

SHA256
122d32030b42625fcb4b3da4cbb60970f0e428c873c2a895a8c4efe72995224a

SHA512
ab75f2d98b2790b3563619ff0649225113a143313be88f03c913a1e02932089e08388c4798bf4afe3cb3f2506edf223f37e78229310a22fd75f0c020e6c8964e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37826f0b466c586d550c171e462b1d10

SHA1
f791a8a9a4ba0c8900efbada333c9c43d6de4eac

SHA256
535fdffd80d3118baa5fef5d8a052a2f160413752dd5fdcdd4de217fff471b00

SHA512
17644afae422066f3cafd17d6ad8fa4683bf710d31a6dfb7bc10e740e30cee71bd027fceada946d6fffed46a52d4f79c4aa744bc2f3479e7e3775cbedef003c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bbc188968358097e998879bbbc0633da

SHA1
23ccf55751913260be9bd84c63661ddaf97a00d8

SHA256
ed9d34d95e9b9eb2ac7e3411a371b91542e3e0b159e25456a9247041e2b08cc4

SHA512
50667b3b8516001258991e8f320d6c289bff43e8d4fea6ec6f81995ef6699464a62913a588df93a532b673ec82b3fab2a0230d065c9e43d23bfbf230f16ad953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1f12.TMP

Filesize
1KB

MD5
5bad191505fe102d9b2b047d07780408

SHA1
01344de3d182dcb52c697de6e7af9618bf3f00ac

SHA256
5483107f5c0b68e4584462d5ac13a88d763e0dbf6b9e1fddee56676e94668d42

SHA512
5242bd2f34780a82e203d575ac8993781a77bbad35300ffb50a289422332b86132c5693e356ea65d0283f66b031e8f11954b55a5f2a10814ecb3f1f87a014ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe593f03.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
e691b361fc0a8ad286614851f126d883

SHA1
e5ef882863e0644e55bc204d2c32da4ae7507207

SHA256
0e7dab6dc145c69fe09e667482319b51dabbc9cdc392b3ca5e24b6c4a02d7b37

SHA512
acef80db7ac807e80d4af8e95765ac4de952c8cc0eb504ba7827cc7f233b7d9472d840c72f64bb63f240e15ca46fbbe0e2d13434e047c39b9f5f793040ba6f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
48c7467264cbe0b351cdcdeee5b87551

SHA1
590b25dd811a502a63ee73c7b1e6067549f1e0f4

SHA256
cc6c31c2eedc3fe71d6e80ac6cb04d63fab60ae5dad72333680b8a33063d082c

SHA512
99172f1f087d292912f307063cc56092e69608dea2a97d7bd417269aa4dadbe0b65996c9660ab9eb6a029a880a7af0ff64a01c9d25800c1c7ba3c713c586da61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b9fe7e04065286e90897f1b926fb1c7b

SHA1
3c3727889c6dbfb96d4a5bb11e69096ffdff9043

SHA256
a06d037f4e1c5570f29d6b2770b870f6735bf7aceed051e31b30c00a0c102577

SHA512
cdd81c0dd03a437faee6d0e649ae3e1b0c0654a42d910e9bcff8c184a6a001abbeeecac7467d5ec813d8110b8f1f9ef5af4dd51b1a69793c5e8fffcdb1c5c99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5cd789d15c0b9b37e6ffa8c302af5aed

SHA1
7e5f9949bd609fa2d7d077a01d27ae17cd1b29fa

SHA256
2f521521a6cf480d178285daa6a279b3c3a605923e0bdb3284ca9dde299b5e5b

SHA512
8a69fbe4d620257e2ad91368de4e0353f1a918499deb474775bdb9402a1c912c02eafbf8ca80292348bb9820a75ead9f43378122a41645b5ec8a0820fdf2bcb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3fcd5d38b8996a5de4f0fedc266aec75

SHA1
19cc222c5ecd7a7a5312c667398b047510797758

SHA256
fce11145aa8128603435a156a65ec8b574d546975384159ec66e075d0fd44d42

SHA512
a872a89c89358a5df03c8507d8dc3fbf3bf3f2cfb1e69b41fce1eb8ec44fde8e68b9347b31bcda42c7b226d9433da5ced0f289c5b50625e4b0bc65e441121bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
811KB

MD5
3ce1fc99713ff09639d2b012d2442b7d

SHA1
25a6d0bdf669e420f26f69d1bbb1ad3042bd5daf

SHA256
e701cedde527daa4e33c67bf80a0af025d1de069c6f7f5400259ede38954aefb

SHA512
42f86bec5bcb190972cedebbd668e0f71bce416eb706a49b52f9f410540cdaaf7e2df10d48290d2cadd72f8eb0eae5ebb04baff8d6d4419b2aa29a9fee578ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a21a0289a49fec4a471c4e41a638181c

SHA1
1f6998459f834521f6c7b0b28cda4f6f77198169

SHA256
efd4af663db05110339a505acc5916529239caf09edaf00feaccc53d3f514c70

SHA512
53e609646cfdcfdb34ae395c49397c3e0b7545650e105ef3b652a597471e85ffbc4c17b8d37f396a7d27601c6da8b33f88e265a2582fb68926e60e1fa95e6f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcfcd7071c7c1f93bac5c6a60f26b3a2

SHA1
073cdb7d5ce35b61f5106db1adfcc915c946c661

SHA256
3155ad3c75f24066a7c726d57c6b1a9792620da680c190b4758e20e94a2d6ab0

SHA512
12bf75cb1b333df47101223bde7adb3162e056e93f52a4419cfa61377bf5acbcb7bac7f5bd8ae682de3ffe8667a99868c5d01255622281b358be255c75a63caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32902b22a88cd2e258944d0b3564aced

SHA1
ec29c96de33dd28338162741a252c043369f1c17

SHA256
37957e7c169b51b7175758913e8557dbc2ed16cb92a7ccc665e32c294f441268

SHA512
256832efaf3dd7b99ceb1e1fc094915052515bc374eaac2c896c910e256d8661b8ac1cce32aa4923e413968a6b143cf95167a432af74b90f1a072904cd36ee5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efae1f95720f248a91ddbe34145df151

SHA1
598d57ab56598f9199df0459d3081dcabc8d9132

SHA256
e55ccf433a9730d1bc1884308524f6e42632ee0202f50dbb02efaf447b74a4ce

SHA512
51db761dff0d40a25eec50ebf304f727bae8d0f777a2161533b65d691a1f763938576da37b918878895463a1157d921783ea512ae4782e906f65b02a35e89138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
4d2e2da4f7d309cbb8da693eff8e38a3

SHA1
6b428e2f022c8b7595783d4a923c3f96932924a7

SHA256
e62a77d7df731c7bed2b2199e3cfcd1e6000917a61ef5387ee5c62e2ab6d4c84

SHA512
bbf0c2975ecec742bde673090debfd4a99392e615140257cf7365947bbe5f54608440d5394472cc276b21ad467c3b18b94ced12f72c64025acdcaa0845b07668

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c21b33647a4a3fa17421e7c1a0b71a88

SHA1
ff29fdad49344cde95d344fe7f7458c0352cc066

SHA256
61caab128bb58f926102904b7986b86480eed3dfbcad66fdc830e3e548da4bc8

SHA512
0fff231c5b5e3aead65625a3b6de1912c15d071533884a593e1218f0f9c600609ff42a8a205a4a9afef27d2efa88ee5a9d35f98be4e11ba5f991fd56b563d574

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
fa451c524df3ae5f9d7d764f83ebe74d

SHA1
4d23431ff3f3536e2a9169aec97bc4af5967d30d

SHA256
bf12169b34fa5240ba8a63ef13a3844140fc254ff6d8147cf82493f5f7d2fbef

SHA512
2bdb629194cbd6337e12050000ea8690ed627cc30d8528d15adbc5a59a1f48d1a39e9b0b27a5ee82ffb95286386bf895c7bf601d00ae6ea96a06db7a56c30461

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
cb50d496ae05fa1c8bfbcb3b7f910bfe

SHA1
3ec4d77b73c4d7e9858b11224314e99d082497a8

SHA256
7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

SHA512
22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
5803b5d5f862418b64caa83396e69c7f

SHA1
97b6c8209b8ad65f4f9f3b953fe966bb09ee4e13

SHA256
ee340f8560ba2e71d7e6d305b959ff8fa77869dac916287da2bff7ce5aa2e159

SHA512
e9bf37f0c89299bfa369a8677ac56b12177dd3153246e5e6a9390577658111b731b0ab987044d30f43e05cb41d79ed31dae3b6f4521f225925920617d0414edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
60a19921c7ff3c75e28c302f95460994

SHA1
07ac64ffbb153c8675e2ce0651afeaa5e8c6652d

SHA256
33341d30463fbc7cf3fba5070925569c822b6835aabdb8ef2c3cf09547912d46

SHA512
b30b960152dc13b1a9d384c4972169392cd405bdf4d3ecf73f85cf8a9a68a075131b2495c0348f54d43d0e7a279907bc7b76ac103f4a624738cbfc73bbeeba02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.PNG

Filesize
339B

MD5
e5e9c323b6a9533a09982b2117c61528

SHA1
3dc0e877803d6e16b28ce0840e2967cc74494a61

SHA256
ba1f3e4598c5716bbfea508fada40b7dfd0989ddabd453e8c8703c04270151fd

SHA512
bbfa29299a1e948506f6ec3802aceb27f8aef3a5b2e3c9789a92b2bcc959fc2523d2344739ccc89df370dde6ea23c1db5ffc7e4799b5e532b0ec85dc98996865

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG23.PNG

Filesize
1KB

MD5
714ff209a00d50ca301063a38165db1d

SHA1
1400fdbe5e535b581b34c054183929a7e5548a69

SHA256
7749ac363a9f638040d0fb132be254e7569ca94e8e9e7917d1cb78050d2387d6

SHA512
d6bb2a5229300b6ad307e430d9e5e02fcbc9316dfbac0b836fcb6cb2f95739716c628d4afef61e8d34dae33f6345550bccd57b3b01cdc5f9335811e5e3fac6e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG4.PNG

Filesize
45KB

MD5
b3af6be5f4d16abd764157ec3cffb2c4

SHA1
bdb2c7ae18e9dd6d2edf3ed59be14ccfc400f4b1

SHA256
0e34299965ba1e761daabad45cad9aa27dccaf90a30a4badf5008b6a3d15cb5c

SHA512
eaf0951a615dbc0c7d6a364a53fd3401b60f53875f5d9a3bba922eeeadff83cb12b81e4b8cae1c612c3782c3c16b20a6e0d882dd913bbb533277d82af71a317d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG41.PNG

Filesize
457B

MD5
6afc90de971a64e963b2b2b2c9cfe0d3

SHA1
2198f7fc711a848ee4c20b51e72819b07bb81ce9

SHA256
d720258ffe5025af550847c3f674ca9854eb052b0bd964a40b920188d26f3ab4

SHA512
e418485b852e6ebed96bd85da59254ff63b7c6e390e71ae3e298252fee980b89942bd26070c4ae6615f44685fb496a87f7549a1ae45e2fcf091c10ae2bef661a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG42.PNG

Filesize
352B

MD5
269665f4752b9a668b8ead9b4d6cead8

SHA1
9eac14e0358fde1a2d7bbcdaf61eee90b46589bb

SHA256
68c133a816069421a9e384aeffdb3dff59945ce69da2a77da947545aead75b27

SHA512
0c2040775584d05271b701b3e43c45c621b48e63b537f9d441bddd44d25d18042fdb3a213836c6b52582bb358d7cb08bce9c292f4ce0c79dc0ad879d259fb74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG5.PNG

Filesize
1KB

MD5
14a02d0eb05243706364523f60261125

SHA1
d46052613634f65f7b2fb02058edd65acc7f79f0

SHA256
3d8a062470073015df141295ca78a41b68b39d24b17f50b212060c3677c02494

SHA512
15d99962f96cde8329b981701d2fdc8a46085b6b60d324c41cca5a27ba425fa24567a51b0ed91e2da70c7717e2a70e6882691a509a25d2c6a306527d0507ec61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
6.1MB

MD5
ee40aa6b1578404887b95d9cd97780c9

SHA1
cf3a13aa96f66bbf536d1cbef61d9167df051a0a

SHA256
564cb551e02f9ada18f9f35cbeb8f4eb18ab808a9b78c2b14e806db7f143c6e2

SHA512
4b0f6ee6d02a9013b45137d08389059f664b0ecbaac7f2ddd50a09f1ea85e72899528d6f657506e2cb5417e08e0bf968f6091645bc880f6ea632ad57d03d59a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt

Filesize
42B

MD5
4f7b964e5eac6439a63c057e7a1d5984

SHA1
9047b3996672aa780702cae90382d33e667b8ba1

SHA256
e2096c7812eebde520937bd4f6ca612172e20389d9839230f09be02d1206d396

SHA512
c32ef5e808016731c80e697b7e009ac9ae9ce2a6d560b81768fa60915e1ffed053e2a44fe2d73b32c4f56e01416ab62e6eec65ede27de1848e0d457434f89df2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ee8a57c9e03c4c4f04fa94a89248a188

SHA1
05723caf616dfcd404879cf51c8031bf7ae8426a

SHA256
ce24609def07452d446618505b2bd3ca893efb45b05707eab097486a89d837d3

SHA512
630f25a69b9850863093f7789dd78c8bcfbd98e45db553b879895ad0ffffb461ca6ca6fa99083d0ac37ce8221e0dd49ca4dd4d0ec619b1ed620cada9b90f432e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
91c30146e973c55eba12ac8361faf5a7

SHA1
2ea8387caa3838dbff3d7d33c2bf9b78656e6fc6

SHA256
72b0ea53612d515f40894f8c1c576149df7fc2a195f86dfcdad174b83ed4c53a

SHA512
2a85db0123caf3ae7c6c74b463377fdaea1da956c1d6ef2aaa3bdb5c757ce57f84ba1e7b3058e9ca6dcb2641c61e7c742870d2853081739a939d406ce5090a0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f66345ccccede45a3e8b0bf1225750ec

SHA1
bcbb6cc67d46ac1c5ddb0efc0de86529d5f0da0a

SHA256
82c4b58b7f9928e228faba093a978518cb6283f3ab133be8b2c4b616e6add35f

SHA512
a8b4813997840e3c8b37c0fad3eb49a94ed7ba93af4120ebce7ea8b407aaa6722d34e0d6ca2bc8f3f5a3ef8be434e79f8867f2d2c581b913721c0d71854183bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b18f1b4f8b3ec1b30a87c0575f1f7464

SHA1
da960b1444abb8ee083629d7932ec65d57fded3c

SHA256
9894fc6cb40e7d78f1c500c8ab6417f1dd3bbac959d974f8b385116e68b4018c

SHA512
ff09b1dc81fe7b06000538a93c5ac0f454eb08d865c39ed076b6113238ca4259c887e6ae80d938701c91f96eddab58b962fbc4a2a132dec347d4eb4c4139cbd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
00c9e196380db525d11d89ee9a0d0997

SHA1
08786e297396e5983c62c4901bdca49841489471

SHA256
e0668893255c4c2652424abc32ead26b07f18d19219e1cdad9b8790f3ae9fc7c

SHA512
765456d3243d810ae879e44c740a263ebdf6b1bffde2a6b4b1f15906ce51b9365fd17b675f9d1e9e9fbf65bae22d20642544da07b0b83f32a4ffe7aac5617667

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ba11149417d3165844bae069e6e04b65

SHA1
0bceac20721db2cd2185519f3a448132556afe8f

SHA256
8fd3134213b97b0b905b5245b76fcfb9140a846968471d6cfcf1201231c8b6f5

SHA512
4570ca78814af42f66319114b661b6de2db3d3cff830c6d623e518790ee71d375e671f55a8c77e847e112686e6eb377af304ec4f8907dceb289cfb69fd32df59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
25b93927404236a605c8511d3f56138e

SHA1
91c803f91a7ca6bc05ae597988e193b0bc182a26

SHA256
937840b487baf342319bc1b11c380f09b893faaa7bddecbb914999f7184f7d81

SHA512
fe82da42263ebe2a591ea66ccc2ff2fa0594d0ecfae4b537c07ec09b80c310ddbeab29a3678fbee6205a92eb5535ab433e39d68253713418b632e2acef524a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\184c4841-5b3b-4370-a2b5-85d952a1e41e

Filesize
10KB

MD5
c8e75d5c8b77e369797dae331b2ab5dd

SHA1
e65f7aaecceb2452849edc998542333140e1791c

SHA256
cc6a4cc4542f06f7b6d11f3e848499db47601045b1369d79b36f724644db3bf2

SHA512
d240a8c2f04a126ad354531418c417dc8d951b1de89d38078a3a298e0f779db00db7814a2b0ee8061f72bb6a1339c709ca3afd2d7108c2789a219abbbf61a477

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\900d34bf-e099-43f9-9641-4260fd4ebee1

Filesize
746B

MD5
bc8d03ea5e2298c891de5c0fb45fad55

SHA1
d4144a23e61907fedbc259cac08df05f6a60ed78

SHA256
427f7837236abfd669b1fa23559892fe617475598c59d3680ee54db55f8cd26f

SHA512
c38bf098e006d5288278c8752f6c520948536e0346d289f9a8182700f08ecd4fe33f20137a9d31c7d405822185677314edd16c64a626c27244ca54a960591414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs-1.js

Filesize
6KB

MD5
6c5a044e6f69a26bce8be8780bd76a8b

SHA1
cd73c525338e322efeca6da74285cb6bb4e2ff18

SHA256
8e255e081a4936430923e245de15a0151f2dd8f17feffdb58509e594083a7bcc

SHA512
d1b186ea5bd713391407ea54a446bb8e06236849a31e06e16bca23d21994df53fe6c49697047cd95d646174b696fc5f2fc72e7cee26a611d2e0a6ae3b1fa3d8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore.jsonlz4

Filesize
903B

MD5
ed0d88429caa551a119557ef34520b56

SHA1
c8e633a47ed5b67899fb044c42d189b8f18f1b0c

SHA256
b190905c9165d9a688bca8df13fd8ee7fbefb554d3b6d94bebc859f96a941737

SHA512
6bd052d8876a3127461fb4c135a2d6a464f2407ce3715188d5ac1fa167ea51bd5ad58830f04dc4c6835df6f556cbbc1916689f24c9264d74bee6f5e7a522c083

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 994187.crdownload

Filesize
3.6MB

MD5
87c21994002fdb86fcf4730901ac2030

SHA1
2e1727c11f739786bbde76623d53a668327c984c

SHA256
dfcd636aeddc16ff81f7665e2da61cd54d51c1d7ea3e457ff0d3b4b97d82ca1a

SHA512
e90c86850433293a837e56f784757c864ab3bb00602b0c6b8d3f4bcacf5f2f45c98de3d46016d1c3a68521bc956c260cbd7bb03ac35b8da339a4e72e0a82216c

Download Submit
memory/4528-1668-0x0000000000BC0000-0x0000000000FA8000-memory.dmp

Filesize
3.9MB

Download
memory/4528-1956-0x0000000006300000-0x0000000006303000-memory.dmp

Filesize
12KB

Download
memory/4528-2012-0x0000000000BC0000-0x0000000000FA8000-memory.dmp

Filesize
3.9MB

Download
memory/4528-1955-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4528-2013-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4804-2336-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4804-2370-0x0000000000190000-0x0000000000578000-memory.dmp

Filesize
3.9MB

Download
memory/4804-2371-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4804-2046-0x0000000000190000-0x0000000000578000-memory.dmp

Filesize
3.9MB

Download
memory/4804-2338-0x0000000003520000-0x0000000003523000-memory.dmp

Filesize
12KB

Download