hxxps://fapcraft[.]org/

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fapcraft.org/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
3088	msedge.exe
3088	msedge.exe
5832	msedge.exe
5832	msedge.exe
5572	msedge.exe
5572	msedge.exe
5616	identity_helper.exe
5616	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4032	firefox.exe
Token: SeDebugPrivilege	4032	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe
4032	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3888	3088	msedge.exe	84
PID 3088 wrote to memory of 3888	3088	msedge.exe	84
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 3964	3088	msedge.exe	86
PID 3088 wrote to memory of 5028	3088	msedge.exe	85
PID 3088 wrote to memory of 5028	3088	msedge.exe	85
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87
PID 3088 wrote to memory of 3296	3088	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fapcraft.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9510446f8,0x7ff951044708,0x7ff951044718
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,568343660287431135,1104605715373918710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x300
1⤵
PID:940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.0.220703229\592521881" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc74e85a-e3a5-4c9f-ad2a-993b7a672a16} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 1964 238413cf458 gpu
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.1.753538358\21744749" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20707 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8e63675-5668-40ae-a89f-48511593c6a7} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 2364 23834b6fb58 socket
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.2.454675321\462521935" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3016 -prefsLen 20810 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a1ebf79-54c0-4417-b3f3-0d714f36d7ec} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 3008 238455a6f58 tab
    3⤵
    PID:1328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.3.856137972\1549666019" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3412 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cbce61b-2594-4406-8320-27ffd296e413} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 3600 23845b8e158 tab
    3⤵
    PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.4.1540184126\749099321" -childID 3 -isForBrowser -prefsHandle 4516 -prefMapHandle 4492 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e081fd7c-97c6-4777-9d4e-7f2570453e8b} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 4436 23846e24e58 tab
    3⤵
    PID:2244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.6.2047446151\606599742" -childID 5 -isForBrowser -prefsHandle 4888 -prefMapHandle 2904 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53565d1f-fe3f-48aa-aaf2-0c50a27c50ac} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 5124 238470f1858 tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.5.232531611\15506398" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b96083a-ca2c-4b27-9434-70ece8dfb00c} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 5208 238413ce858 tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.7.753126568\1253852684" -childID 6 -isForBrowser -prefsHandle 5556 -prefMapHandle 5496 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8707e6d-e9d2-4250-b2f1-55832377c4d5} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 5544 238474e3a58 tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.8.2002424378\768015698" -childID 7 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e019b072-b513-4017-b434-a9f0c0223604} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 5876 238490fc158 tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.9.1373543891\1251707411" -parentBuildID 20221007134813 -prefsHandle 6164 -prefMapHandle 6160 -prefsLen 26206 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c34d33-1cac-492c-950b-e1c217354992} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 6152 23848f66858 rdd
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.10.301863736\29601874" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6084 -prefMapHandle 6124 -prefsLen 26206 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79be537a-9932-46cf-9f70-04c39d61c7d0} 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 2856 23834b71958 utility
    3⤵
    PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9510446f8,0x7ff951044708,0x7ff951044718
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,1637363801387382923,11964468680145309041,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
35260014bc717612386f2e6b9372e2a0

SHA1
7fbcc09d507b5317c8a2939ca398febbdac669d9

SHA256
5863c0127e85ea9fd1e5766d5ab3bcad8e35f19c8557bc0f87c432eb2388621c

SHA512
5bb4e3e76e3006fa2d691d3714f222fc849b3b9e81f87b0b1b2ddf061848044a129f719b420b9ef6f5e507030b69996d46295d8dbdc9e9ec694beaec117b964c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f38c7d78494e68acede466b30538226f

SHA1
a21d95bfc4eaf416d74535f32636148803ab1a9e

SHA256
b04e863465630c8ffd38e8b97bc26ccc9a317096501077e32edf06b642bf387d

SHA512
9e32d656f79ceb36c2ebbd6c6e2355e04437fbb2408aa710f2d4524053bee3536d69c7ca510b20a28fe245e8f82fa4f354db24b9c16eeb2a46142138759fb3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
34e2b730d65b81a2022d618dc464a76f

SHA1
c27e8b7d1a2a3ccacd6832fa72018c1b369c9122

SHA256
196cbb52cc6cc234a5a631c9d8d4d0d085c2125fbd8b5ececb24eaeea8b54af2

SHA512
1b900c8f9068d8eb6aeb1251372f08f7af7b6ef2d17550aa0f9f05dd2618eceb46e5e68988f434183048e8c6b8d4d445ced6fa5df23ea72fa2febe070c80eaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
542d3f6d84d32991dae7e1d2cdfdab7f

SHA1
caa99eaeb30ef00fa7c677354a8f3d2b6272597f

SHA256
b661d63776d1ef0ce87f844d33ff912c3acb577dd71f96a2ae73bf8ef012720d

SHA512
e2205942e39cb0935add7a2515e307b05e05e039fe087216febd6e355247419cee8ce48b6fe85e40ed370dece7d8da5f93b875e85417a36d8d61571d2979f7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9766e4ba0bfb81a16d873b5f26359378

SHA1
0a520b31cc09ed5c6faed99198677cf41c43b2b3

SHA256
da4c022931a2078a30f1017204ccdc5ac74e0df56e08c51f1ef092f6b99192a7

SHA512
c0421dc7185d286a3280f9e1f06c43f8273a31019bd76b520e506b121bbd52f75b795c639c57473330f4471562822f31861c6c654f9e0e3afe8161064af3a499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4a7b737a7d74899bb7072c8d195007b0

SHA1
da164a647d30a3fea21c96a051229eeb24348172

SHA256
deeb07a2d97e4a3930f2576f6bd6f5034f2163962cd931740a8c273aad49e337

SHA512
8a2606a8ac7f7fc8357e4f1d01818691e1fc400547c9371f1ace59cc7a3faf967a6f7dceccc99e7b2a1e0f21d516d0fcf97e7cff4e136291435a0e0310f25b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
44KB

MD5
e33ffc5f13636659d43872e33c862d41

SHA1
451c361b961a88c5a204184aa1dd8ace6311d60e

SHA256
155390a5c46bfc521d6435856ac5dccedba9f4a40b12af1e4970bd3400577280

SHA512
9186080b32dd82041e604a878cd865abe3ff56a9b362522d1c442ef6555adde8ba05571393e233c776339bfc435e491e992178bc549669fbe9cebded95494343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
37ac0393f557da97cb32d91d0a8e9b4b

SHA1
4951ea1d5ac41f10de536bd97dcb1b1786a414dd

SHA256
02d470bf43a07d23c460ad3484dfc43bfe1c57060480d2097c0679d7548e20d2

SHA512
24c58c4fee1b7e14d8fbca5ab132cae0f2f682d03945877e2b0641d2cb98452aa1f3fee5238da521d3e74869802800b0d36d0d8281e8f70b7125235603eae4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
0f83cadc148d2ad7e53c91f6c4ee05bb

SHA1
90035c5fffedf4b0f099465f6b929a030b46c92b

SHA256
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae

SHA512
c911420875dcadb64611550e83f9a525309eba69353dac17d3d40a8350a417f337718a24926df62f9f69136c94962110c897630e9ab7c0c9eb480b0775613c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
58KB

MD5
f0b9dab5e68bfee2bdd482c34bf9e637

SHA1
64bbd264d13ae584d8de979834bc5cf3d4c50c4f

SHA256
12ec37f95f3bdde3a7df3139ced15f91c279b291cc5375dcaad1293f1814041a

SHA512
41ebcc6287313ecf6ada956ed4d9a5ad26f825b009188f513a666cc67a30e92dbf08abe01302594fb04025915bd847e28e4c0d230a01bce444f903080522efa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
df4065b2b6e287d5f390ae6edbfc55fd

SHA1
c3ef08f8c006d06d8da0370b1d44c6ca1b0314c4

SHA256
37ce29fc1f841dd859869dc9c199acc8bc4e5328ba67c1cfc3052f6cb61b887d

SHA512
e712bd8ee1f036c73e1fd31d36a53b0c709b27574e0eb0fd7c16d1b0e795ddefa5da2a6dc19f0c4ab6c7c354508525e3b4be1294688204cebf49dbfd7d3c93c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
239KB

MD5
aad5f7743fb9c0a687d7adcddbcef1d2

SHA1
94668083b38ff6abbd75c133632c3adf4d956276

SHA256
235a531bced11b3e394e8772503ef50d125d98cdf48cf92ffa401bf17d8dd41c

SHA512
3b2e94e9a87f3ffa1d08c416e2dabd38c790c2e3131bae8d70bc1319db66d35d446568df7e90438fdfe1e468a0ca048f557a24b58fe95c8dc28d4d5b6824901e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
141KB

MD5
2a7e050c3f0f08b34e93e8c4cbf53d21

SHA1
4dcc7e947bcb72e39e606641d61edd6b29c40402

SHA256
ce383c4d944dc3b04e96aec8092e975e31509bdf4c28a76591fc254a415aeb53

SHA512
b44df625622b04acb8650a45b01df11370d3ae6d5b750edfa46c1f79c932e34e6ae465af39b24833c48352cc2a13c22cab03eb1dd52ef08004722157ca870668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
1024KB

MD5
1158e0a33d3e0b80583128786a890f64

SHA1
bc1f8b4e61f3a795df69ca4d9e354bbffb7fa63b

SHA256
ffcce06f4e920378736798f33e8922dabe2a19caefb0dde0fa9e107de8ad858b

SHA512
8fc7a1a35c53c7bdeb6a56fc9a7c2a522145fe52cf9fc707973efcfa57fb09aadccff006d914b989617ff8473bbef38ae8873dbee8209f3257385876d47db721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1024KB

MD5
4ac1b984ee2ce3466a3da415f831777d

SHA1
51fc6e8961d7f7bc5f563a7203ce4a684dabf519

SHA256
56ce27fb923492ffba6009a51adfb1698d07d1dfb5f59a68deadb94a95cdc177

SHA512
009fa494be47e3ba1a4002c3aa1df1c58d3444662295afba2ce1f85a1edc1a896a6b6e5718d8e4c1725992f8193270b919e40e342bf8c824b37e80136bea0b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
1024KB

MD5
0e5b581d84b07b561b858e450e79cb80

SHA1
88a5f92f169f89230aed943bd00fee65258da95f

SHA256
1bce88acc054d3af2f372b9aeecad80806f5c1079b907db23cc956e2ac6e6ca9

SHA512
3f71c504693a5cfdac1d799cb4b3821bdb529b3e650e9233c4fdb1b0ca0837e9ccbdf7bff67c4f6d94e1382d09564100422f607a0d2f930cbb37339581271e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
768KB

MD5
5bf00f4b0288faf4e7e09f96cc1e8657

SHA1
a12d6a8f0eb4fcedadb2e03a06fda4d6a288a99f

SHA256
00e5780f7930b4e75909daa16de198308fd5cd2cd9ac63b0d5b53b3bcac1303a

SHA512
c95f5a11abf33b3d31f5ccef5eadb001543d4a93439429f8086d5f3e80c665d012983f7988dd109d8775e4db8304fdcf524f53f106791e597b373201ec0903f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
529KB

MD5
cb45939736634700429533e08bd816dd

SHA1
a0efe16bc4bee11fa5be0761fef3b6dab69fd481

SHA256
f0afb5847d9e31c4bf0a771cc730b3b75df84173cc28265e555753767f3ca371

SHA512
abf05f78b6719db4cf898d035fa1a00c847aacb2c55e6ec23e5ec609513cd5640449b40488017f26bde7b1b34da2e3326fb8b6f7c36c8cb4148af24a6811fc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\408ae59b91960fcd_0

Filesize
210B

MD5
caad4a4d63832f2e0a7d5b15b581ed8b

SHA1
486f1caf82206e265424d4e14802b469acf2828b

SHA256
884d0e2ff06f84b3fc8d2364e6f60df7033350f78b866d7e3810d0aedca40436

SHA512
72ec62e9c83e3c9353ad97aff698dad63d2d0a5cb3eb47772f2d56ce530a4a78ea6af6158d350107b1edd6829e097b15594190b934198d81bb5d2a4adb7ba06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ebd43f3b144a72c_0

Filesize
197B

MD5
4b584fafe7a4cbefd0ced2a1f19fb7ae

SHA1
555c23f17bc06c6ab15831fc54f5c29c9bfb982f

SHA256
2843eb550eaa39e6bcadd4c935410f28921329a56d198322b6c0c963af727724

SHA512
14467c2db1bce4aac6bf1da42a7329466bc72cbf2c4d4a73631c4c71fa8d188b8458bbb3a5777d27c5a395ecc38740a05317cdc395283ebfe3602aae35410527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a973466b9102ab9b_0

Filesize
223B

MD5
191a7ad33e82c2b8f85877a8cc1d583a

SHA1
19a96ec7f305abb9bc61cb8f24ce7296fa4eceb2

SHA256
68669eba424acea0c4fe74fcba911954944f4ca15dfb62ca0deaa81a85f66fb5

SHA512
cfae520218c509bd49d2d5d1cdb65b9666ccf8c2b6427abce5fe329ba3d3bed1cad66b34edcec4317a63019a282e6c0f2584a9fa82bde3be31cdfc12a82b764f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
581f13c3a4988aebc2406a43aa83bcbc

SHA1
dfeeb58702dc20ac3c5cc73986147de835e361b6

SHA256
0aee62a3de2dccf93f4e1156ad63981f4c1c8a8dc21002c4d623571e5118118e

SHA512
d3bbe025127029ec7d92ec6f7df5f79c5739edaad262857e13ab0ce740fa79148398f69cde7603d58c470092243016456a45134f1c8aad186896c4eae5ee2657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

Filesize
64KB

MD5
2b65c5d1ab0aa3f3f57c635932c12a5d

SHA1
b532c837537438e591d5d6adbf96a5dfe5c40eba

SHA256
c111777e9b9a42cf62b06900b847283238af63d15033c40577cb10aaa58c084a

SHA512
7d75089fb928c23c0166a74bb2baa3c1245bb23012d30ec2cf1fe71f8412700d354d4b9b8070309b23a5b003e37727ecd00f9ffaa018ffa5bb67ad1bed58e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
12cf8df10bd0bb3ce4373dbb0e58d778

SHA1
df2ba117b3986448cae0c5a8715e1ad7591c47a4

SHA256
81689c7f85d44461717b662f2798fb91be1f56576ce069f6ec6f57a3774e7480

SHA512
4a08480e9cfecd301b8089a878369d35183ae2ff9658d6fe6ba2291da5c4c60cb84d6c44edea2890fa3b9154e28393a308450da215322050a532e33cbb6c12cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
fb1b4f6db43cd3d2e5eb72df9df26db6

SHA1
1fb6432ccb7004124b9269122d5b9649ef2f9a8c

SHA256
67b77c51040bdb2f6aaf9395f56cd42aaa37d67b8c74c08255e1ac00aa0c8801

SHA512
7304dcda0b35ca202122b76aa876e8738a116182f140957a24777fd7098174648a3cf5a78213f299a45d77c368fc3fd9cc9078b9099c25b5187ad8495f72db61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7db4cf52d8362372787405dfa072167a

SHA1
d8e1c16c19b261f1ee1dc14c51d65577ee958c82

SHA256
3eddb15609d0cc2c6ce1a87c31bf38251e2ac8e8d1e1cf5c719897499ad06b23

SHA512
64b5c205104ab3cef66a4b35c5d9484c500ad75d0284d11e5bff8a5c642c45c26aa9efeb43ff808999ab92951fa34a43c912528ed516d3bbb66cdf24c2c39add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
482B

MD5
c59ee568281bafa2ee9d0a2b57eb9245

SHA1
25fae71a29dacc256ee2b26071d4c5b8b443fb0f

SHA256
9ab56cd72267c94393513e97abd667448fbd908eadf1b40d65209b29e22ce4a6

SHA512
afa5888be5a769b7fbb8e62a5f605415dcf9d4f1893189a17b8d8b81f3b7c73bb3dc294b31f1c8be5d838ee1af1166a9e10d7793db5d4fbb81b10b2d4e0476c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
b4209d2501a8dce0f3bd55179277963f

SHA1
1c57cb5000b4c0776c2568144114d7916c3c6646

SHA256
e82ed0133af1b57cd606357d4d8b704e53cb281d27a928939865dc771ca42d2c

SHA512
d40a830978ff47568c81f2402e4db76889c70f3714a274d1675bebf61f2fa2906ae47a26e8642a6b5cc266baa7d88e23836a4e08733c42c26c24652e9106a29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
0389e02c804c371956d7a46cefc95bab

SHA1
0d75b8b777abd5680c8c86ea803e0c0563e4f6be

SHA256
406020115530ec571cc50a229285b1e43346ace3492cdfaffafe0a400e8071ca

SHA512
77835f14e3c70771d58570076fcf9573d3430f22b7f62e6794fea84d82d21e485c781b935520daa27f376c8556214371b31aa5c3ca74f871c8e25ef6df5a49d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
454B

MD5
c15cfe796a5fea8a35bc17c2370eee34

SHA1
67be5b524b4958244b4ae7500b37ef41c2a7950d

SHA256
54344dec6cc8fa68266a5823ccdfa6080e6a1ff4af89f43b635e8bb9d81f3c9a

SHA512
412ecb2d59283da630465a750685a2a28c9e3841ef78f7c48423ac680999adbd4235f0fd9b0f27a4460b23bb4c9d5970dd9ae4cd3372e65cd59aab02effd4240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45805e0fa90b602c0451c3574492d24f

SHA1
2a4d44a1a37d7a1acb2e4a5d1a6059e367dfdc5b

SHA256
77819f12831a83af5b1a6adbdbdec530939f74da2f3c3571d412ab87de895f84

SHA512
f0f7ddc7bad7139117614e545b332b8c068aec29c95db86ccdc15a3eb7e0a232f6c1237e9c410d509d710e6fe8de5f496393ef56f63111eff634dd8ab4293275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa3df59f3b7c927d60e87fb4ee2233db

SHA1
08a74f9e4790874fcf0c486ea39b4649f51ef04f

SHA256
e5c3c8ed30d8b3bfd502f7671e2bbe6664896318359a27e60f49b68809f378fa

SHA512
1b809d128e414a3d823fbe81e80b4e2dcb74d8b941dbff7905458fc41448bdfb53e2687476e8d693761ff6fd4d6676d45c614fecbd3c2f4bb95d1db29e3ca5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a12871bf0841df5eb54f8d9d7bf4578

SHA1
eb541b6f8a5468596f47e61a047ff5a3f902a6c4

SHA256
9689afedc917f795c1f9c2223375ec00facfabca395f0a12cd54c957035e9d09

SHA512
b95efecc8376d640252de841aba2dde0a0010e0284b3751ee9cc7a007caa4fe65e2c00fecc9f79609c9bada92e568e286956cc96ef2d5dd32dcdbc5016c8c703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9821641a72d496836b1bab41f35d7838

SHA1
c2e7309d36eea1a7ff5db02c12dec1a36fef1b78

SHA256
6c0c2cb1e08bd73c1a79f731eccdb377e5c043e9617749628fec10cebab6e54b

SHA512
a7488bffc65e237f7f39bb23059343c3e39e490afb3465dd1b86a7695e4d5ba428a91ed6cac486fdf909f4b982ac50809418d11c00d989d2b7f98750d65b9e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d09845e3406ab09ee3ad2ddda330f1a1

SHA1
4cc9f906a6869d863d9466ed222f54202fc2383c

SHA256
18f8b7353872ed7854ab3cdcae15c39f8d9fb4799231bf781d0b22bb2ce061eb

SHA512
f478d7392ebded8b31711e47d69f172b101549a1911deaeb36d681c0daf5521f70c41f6ca0a4d3e321b295f1c287645160885005db728d9b5b4f98f8bc10d88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f33724e53e259778ebc9c2cc34f432ae

SHA1
a20266cab8b70ec3da5412041fd0206394708753

SHA256
e5b5069c01c926e6c22188b6392573b01b9274f370c3fa61446a16edf9a0b9a8

SHA512
c403785d3233c3cdec9989a1ed104695be1ae5bc52922b9d4698b42227daaecd8aa727525bac9de1ba38246a50107d8889e2a148ace5548dd00b960470fe3b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
d8927b1d869aeb69f85af868b6d2842a

SHA1
f477dbc6f25c8fcc005cf6299d0d283cc6a98523

SHA256
59d1062971e78e2e32a7f366551ff12e2dcf41c904e3e332374e676609b0c20b

SHA512
825d53bc872059310aeeda61ac64035238b2e7e2107362a1ad2f1d98de576837a904f0769823baf43f2a41b5c24994217471bfb9462bc87b9814e4a1714639db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d52dc2ca09d662937e3e669200ec0cb9

SHA1
d61e36c11bd13511e35c2221ce2d82f509d38e91

SHA256
288af9448609160db5ae774bb18de8d77e367e51f21919a22f85fc1954140fed

SHA512
dc294f662521adec1ae09bf0e53de9de7ea1f17f8cfa5ed42b1310d0127709e2755d586e6329fcbdd65a10654d5157f895809fdd95bfdaf2c72b704d70843eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
9033f14ff43d785cbeb3f20152d25fb9

SHA1
d593a5eca615ea7836d4647131bfa4fc666f4345

SHA256
6776dc773df67e386fa85458810192a0d92ad5aa1b25a26a06f471d7056ca5e1

SHA512
cc1d567eff0edaa5bcb8b21a9cd54b28e07d23683029b2654d892939d36afee75624d9780d7cf5db9ec467fa4583e67dc79241643d4cb41b50a8fb3fd9d71be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352314018011261

Filesize
6KB

MD5
c8729ab76cfc3bb9231e567c59a26cad

SHA1
b0a880297bbeea78e25a42db5d81739b7b231915

SHA256
9224aeab35a4bbc4e7e9bde96fa43aaff56bddae45fce28be168fdbe14725ce1

SHA512
b3afe2fc0e551fd49dd1c7b93487ac122ed7f565142cfe94b3004ec8bcfec6c5e328de6d265eac8464d4eadccebf4fa1505973a31e8a3fdf50c270a32be0bae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352314018165261

Filesize
2KB

MD5
3006d0c92ecdde18185bbd0eb6d5ab4c

SHA1
48d784fea021de193dc989f171fce17b8a846b31

SHA256
5394582e9389da310bcb3275dffe93d6d58e72771c46a5261c8d6e3c0b3ce19c

SHA512
5d73d3284f1f8922b354e5d1375c7270542e9ed93c91c6299cfdd646d4e34a9a97f714ff79d308a37d5e78cb5f0425a53f31b9b8061fe202cd9f66b2e65d6a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0a49bdba365ddf10743a34e002fb4b70

SHA1
b5bdaa607ee914c6c1f55ebe0e836a0e90753e86

SHA256
8c4081be3bcf47637d98af79a601f0ac1004b82e5382fd24268ad2c06aba09ac

SHA512
262d2bc092520ff238a81e0d48c6fa5dd098ec0cdbcfdf6ab0b1734062a2387ed50a7c128b8abc88f2fd20fee9b1c82cba7f71fceca3f5662f2e2398b8a70ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5deeafb30e26d2e4cb0d20af986a4f4b

SHA1
2990d9a8c085e7976b387f5e5733b16a9076b985

SHA256
6b82d78e34a2a3b2ce339a7f4ceeb5dd8f0fd052a4ecee377fc89a74db37eabb

SHA512
482fdcccef5a004aad7d2bad3794e8e561a4823ccc5237eb7230d6cd8220e610cf8b4d494923199bb5cddd6c125893b98148477761f5894462937df227d9bb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5b810a56d984ee15d85aad8c3b67c58d

SHA1
6ee75b930aa9aa0be0ed27804b961680ebd4cee7

SHA256
edb843059ed86677166137995a5bb63bf750408af2951d667b296680bd6e945f

SHA512
193724fe68c22f597fb910ab957665a097ba2decd0b7d3b343396e4ca2418552c6b9929a030e6ae886c96d644885af7f37fa4a185aacc6e3a43d147a52fb3b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
b272485ea022ed959a44bc12a8ca2a00

SHA1
4e6175be413d2f3de5f20a128a25b24a53774910

SHA256
68d53d56182b6b553a95c10acbc5682705ad8728a69cb7cfa949977ee282391b

SHA512
72640e4caa762eb061c70c63050f997b966cf5f45b417ad092bab16dfbd290dafd6473c3db9cb71f734dc91f28845d88f95f86dd5ab5e3d6824471d1e687ecbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
67746afe687cf7b89b1a2b4a76d2b819

SHA1
b300e7d4f77e370f6fd8349eafbde77ee5ac7154

SHA256
3473b3a78706bce431baaece2cc5317789e3422abe594b06854761b6b3ce224a

SHA512
60f0b22db63964776c5e7e18f4d641c26c5fa91b78ed4280c686fb685f588973400d16a931b530e2556b8b04c46eb9989873b136a0d91bbe2d692978b0122721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d79b8ffc5c46c509e3127ce3a39c62e1

SHA1
630d537f4864daa8290c706df3ad1b692060e65e

SHA256
926eb4fa4e096a07169b41d742e599f8a70840e2e2333e351616ff966b80cee0

SHA512
729ffe9606e7e0fd51869475bfb0e1128f56e9428b85a76a73d2d880e5a4bb6eea471783d6c9633cac7796de7eee7c452c9c488507a6785bf48ba0711cc9f688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
1bdf7c184eaa6f2accafac513faf1410

SHA1
137dcdacf32df3d71338acd2f77105f643aa7db2

SHA256
5afc95ead24a48bb85dc562ac0e7ec59db42b0f4d17d3b21c079748d42dcccb2

SHA512
c5ff5c91b30ea0f0bf10a60cca16c02ceaf648ecc1af31abab21ce071797d65e4c5750e592b2d765b3007ef3b4df626888e7369fd6313c5e2540a99d5072a479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
183b9dd0507b3760b1c4377680031eb0

SHA1
5afe412c8d3c69d966a826935904436ad88b1fa3

SHA256
0490b84714695dcee514010d1b970fb7f852c746ccb263cca940a31c1834f604

SHA512
0134164949377b600f4c078693d5102b36125a5a8ef343ebf0f1c4e49f24f7271d246354c813fd6f160745422ffd4e2fa5a82422d0395d44cbc763c7333626b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2f049bfbe7ccf7d098626088ff246291

SHA1
8f192ae3ed459d6e4413dce7d8813852d94881e6

SHA256
254e857749c8fa5d0d45df443f63c41d7fac5a8967ae593311bf4a514d8f9294

SHA512
b90ee04f2be6e3526b9153dfe2448617ad68b1fb2a0f1230f4ea7fb1f28913a4a8ad4093c0e45984feb1bd06f9b50f44b8c3ecb2e1d2b664da64479f9e95cb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8e3760c3bf08806f09236cfa3ee752ff

SHA1
8c47c8bc897d39a911bb0586ae976a0f85874ea3

SHA256
4ecf9b4846838758978f36d07ecbe133af1596f4e1f55b8e4b2ff680b2a15cb5

SHA512
d586f814e37755b6d2622e3e64b8eb650ef60354f36e3704d813f3176f057838d21c0c4b5c27cf1b20fb1a7b6b911438ba39cf4fec080e2ef6cecc0daef66c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
51b09e74fecf03f71d44eed981c3d4c2

SHA1
9cfb4ba5fc362490bb6d08e8f7ca7f30e4f36e7a

SHA256
1f9cad05d2db34c034284780224e18c215790fd9df8d331316d95bb41dc14d0b

SHA512
048c216f312f2fb2bccfbec176befdf1472300e7b0c04a3bfd93a92a3fb54d4f50cf1712bc2bc97c795f0bc9aa444cb3a60add6e6c1332fab34e00a399d2872f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
143f249e534bc1396483563b9072cd8c

SHA1
80fa636784f4f77ff5ef60cdbaf755f0a23af4af

SHA256
4bf9d9d1b4abeb22cff720c8ea9192c9b703f492612e585c4fdaa85843a0f5b1

SHA512
0f099418f5e06b9743e74caca4dc6c3d51ef813c8f01f341dcc76527fd66131ec8834355edeab335986f71472f3d6e5a9ac14856825b576801277f7c7450720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1276f1ab151814c12347dbfafdf6f4f

SHA1
f9a19ae826be7239593dffef31b08e566492ddb7

SHA256
f7e0b5d294361c001c72cb95209c7ded35156f9d875c2bd8c818179c43777da6

SHA512
c87904e45de74e75b4ccf143b52b98065fced420e500afd0d9567ff2750a7044dc701309f02b2fff4426d88efc853958356520abc13966174b280fabfdc35cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
566f962bb6a06e3bf22a66d51999e181

SHA1
80fd56d969ec83e07903dbcc8970f64ed4041719

SHA256
f28d09696b5b231663af4794e025550f1353e48eb7d05812dcc69e55e50d0106

SHA512
ebd8bad414af1d4aa1bac8c7f3741a08a56aae4f93f0b5e037575011c6e9c61ded514a3830041ca7225c8c891e78647f3ac1ae250f2ce142852ead88d2f9837d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80af7dd25ab9ecebe0f923de870bd88d

SHA1
72462ca24ae23c8ffc78e0e21d1be239e5949968

SHA256
f01a97504273c0e8eb3c4c29f7c569bff7e38b4f12e67f57104a4b2172387baa

SHA512
00da7612cc6f6821e03ae3768f2101efbf592a75a1e6b5c9b368c53ac03881a5a806d319bfa978c0bb7a53563eee168201a80a24ad908c7429dbb0469c033c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
6d0c931e05e08dc245ac3fe9e0df0585

SHA1
d0ea1653e7ddf8c87dc2858eb308adf6f59ec963

SHA256
045e712281fe3d43549563882e0c689ef49d80d14b49448bdb0ffc458fb9d6fc

SHA512
17b54cc4446918d72c2af6ffaf38b09fa3d560a65da6c3aeb138e99186fcfdb1be0c62978a59e25f73f73d2d61a6e2a778b8a292b190819db74185a5eb0c419d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
e0b7aec0da06f7e54955bbc6ad646316

SHA1
752143cda3f2abd6bc9dfe949764ee9098e00ce4

SHA256
d878ea469befe82c4e520315459130683eebc1414e4141c780aadc502a074bb0

SHA512
15faa40c3d5715ec2a33058b8cae47d4009430ecf2f953eb07a99761bc0c69af299ed0f240a08cda64c6e406f10a07304c2ad9a0bc7240e42f2df099757b866e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\768F25973AE7A50BA49270D12BA220E2CC68FDFB

Filesize
143KB

MD5
a370aea1b9b8ef7642dd02abfb981f66

SHA1
7747dd759f94b4926d689c8f6a10f66099a2c9e1

SHA256
c5a2d4bd04844c1a4c260b304f47b1d1d81ebaa3a3b8b2bf7442b11897d13329

SHA512
d7f821a8f210860723829e29148a8d4ea91445e9872bb4aee96b86f661616f818df677022a615be0bfce698d33ea8fe004a76bab5fbe9b114e64286c4f778a08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\A29F8F018F1C11387CA9562FDB3E484036F575B2

Filesize
46KB

MD5
17e0027cc542955b6284cef9af1e1b13

SHA1
7aafcef08cd464ca1a822bbb78a82b96c7329b57

SHA256
6d451aa0924d5e6e8515c8f407dbb0e0d80169857e6864bb4c2ada12529c2bb6

SHA512
5dc528c2a0afb90eaa0a40db969839e803d05f981bdaf0dfa1185ae5613c54604c5fdb5b99d6a8aca7c8beff7bde9225ff06893bb4e52ba244105bf8b45cbd19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\B51CE24C456F8688BF62A9C6F8BB8EB36E96DFCD

Filesize
52KB

MD5
920b3b0a6a421761e65529b55ace201e

SHA1
72979ea6e9d97fbadb3c22fcf044203f404198a7

SHA256
6aaf25a38543f09497f357303876437b7b32d8829fd4c9037675d8606781af71

SHA512
14648b547fbc21b252b86fd991e41576d60a1274d31bc7ecfe3cc231e9a3aeaa92b4f8399a203789cba2e4f356f22bc596a6f493cf38f3a3ab60452e0091ed85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
55d6a54ad546ab7113cff46c7722b4a0

SHA1
0f60b1914343fe8db435954a2ebb59d45ab0f7b2

SHA256
808d7793d1c48ba17b5334057079be9980b4db9538391bac71486f24a3a9c237

SHA512
68b388aa6dcb87da04c84f604f1cc6b79eabed33565c56dd7b95ad2c5ffce565d4930a689f7601049395e902fd2162e5068c3c71f17a3b779afbcecc3b3ff600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\b1134227-8525-46ee-a0f1-71d6bf0e7f79

Filesize
10KB

MD5
044dd3e9201c00d650ca7e858b991ba9

SHA1
4f1d8b9c7debaddc32ac6c5920ee9611f5d5ea94

SHA256
037014e85af0c560b7d3617167dffc755a6ca2a4d5bef6bcb07bda087e5e4c50

SHA512
ac6dec63ae18ddcb159285f205263996151667196a4d366eeac9cee3f0bd80d3984e3c2303fceb35a15ae346ed0141039734333831f159bb4f70309bcf3965f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\f08af2b6-981b-4938-96bc-e69d03763038

Filesize
746B

MD5
17b62f3550c3249c44b3d76ef88bed41

SHA1
422a8d44d6e80958b8347c98ff22339cf5b65270

SHA256
d159b3c74bc8172d6a959be558e9ec97dc27d5509cb341ebe10ee1e44bd42520

SHA512
f7ae00632bfee094c570e744eb22560ee6c4f13d611228b3dcea9a811cbe86f22f2701c372e4e44435824cb275614fa6dc9be475cc61c77b7c0573cb771cfa9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

Filesize
6KB

MD5
6a5685a6961ca35fcc4e5b4f11451db5

SHA1
310dc21d226d76b0c1cc80daf6b9639a67113a14

SHA256
32b5684b54db30fcff59585f1814a26afc53872e8191f87bd8afb6d00eb7b71b

SHA512
cc7ffc30a3a66c9c95d45bebd26ee396767912ca8b5ea764516c40c8117d6adee28107c6efa0228b3f0cf3a74529c6f48dcd41cd473f1461c88c1aa8365e9983

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

Filesize
6KB

MD5
5dd95b5dd3dcb1e28b2a3a3eb839a6e6

SHA1
afd7bd7abc189daf61f3b9ae892d100e0f5572dc

SHA256
82ccad6425aca24db84985bd3fd0ad1a4829d866b562b7805a4acb8645f75ad4

SHA512
563b4d9349b5908fef7ea6e57e153f3b2650c7b8223930e1179523e736156b5eff48135ea6b5e5f9580fae36ba8202bc99803395ded88b5e5477cf68ce1eb55e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

Filesize
5KB

MD5
54a019ff649f4244d08c83feb9d6839c

SHA1
9eb00ee4bb9999978efb6e2a873f2f747ce2b59e

SHA256
ae111da99e32f0719ef674941eb55190cb0d8f48fc2e8616547ec80aea1c02be

SHA512
fa98c242a012adeaf3003528d0cd3ef3187f54a69735c35e150af90b27785315020c7deebcb0767457ed74ddf807d5e6d53bfb33ec46de53c80a795e3213210d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

Filesize
6KB

MD5
758da43e8cdd7421531e6396f8467cfa

SHA1
3df98d6fec05fbb62f2398beaebacdae762ca825

SHA256
27a9fe242932adc0b975fa33f08138ccec79b0a9eff0fe70f0a619e8e8fe3357

SHA512
a9b60d147e013a62e8c511b97c5cd7cafb89b727f1d19abde3c224512dd28ce17fcaefe22a19d458a8de7eb05def8d49534992e02ae4936e2aad8b4f4eafddc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

Filesize
5KB

MD5
553b096ecaa5a5ca534cbd8a0e570d3a

SHA1
16372744643cd184d416c85c1350ed3ad049da43

SHA256
b79fef609ccac994fd9f63ff29656d658ad0a90260753653eda964da1c5345ae

SHA512
2da57e1c1d2f5db19220eae4a59e573469fb8aa3a791ae69f35857cf63af9c2e30830162fe9bf25f410ca7e1f84ee53935881aadf7502c7b71fc6d581f0a3416

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
145815c18168a062dab24bebb1fdce9c

SHA1
8b827debf41130f6014f64c6dbca7040caf3900b

SHA256
59864ea940785f33e250841d298d6e9b15cbd1bc1d1e08803018053abd0c393b

SHA512
60090dec7b5f5ac736f50eb65dcd1e4ed04918d9a46851715a79e5d33eb9f14e2a44fc1da00afadafd64c38b20d1c099133c5ef12fde427a649e659b9bb546fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e51d0dc318bf0f956e5a72eba3713df7

SHA1
b5c83dffc581465f701f4406c5314549712aa3f5

SHA256
911ad4d28202bfda4be863f76148a06174f72e02f18db79b648b9780c5cc38f7

SHA512
9a5aaafb9ac8b02eda6939b12a3bdb9f3d448431275dd85d4a040569555f72e1d7a6e7a1cce68cfd27bef3e947ede64c8e1b914319ccbdbd996e0a9bc129652d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bb5521103079d34bf4b40b9bc6ae2391

SHA1
8018a2b57e2e9f4c59d9909fcbbcd7f21aa63941

SHA256
2321879f852b6941ba788e29be9662480c1672724efc698caa727b0a156a22a2

SHA512
9b1a624e2b03273907830d868a848bd3013a623e47cb0088539df885c7c3e701db7e55c650bc0acbbbcd7044f3b16845e591fc37bc7440756e7dc840cc91e23b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
15f246c86f0e059c8440909db1297e06

SHA1
26f1cae507746c64fdb0f63d3be414596d71abb0

SHA256
307a7e2dbe1743d9925bbdd4a744fb73c057e285f30a90b42e5302274e45e816

SHA512
b91421e7acb4f65db97450b1016bc11e17f34fcdae43f93d147f26896de38d0de28663533d00f38cedfb91ccb1bedbf323e14088f2d2f599c7976be9eafe82aa

Download Submit