hxxps://gofile[.]io/LOwIP7

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/LOwIP7

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{4DF79971-B37E-49AC-A380-1006BC4D82BB}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5536	explorer.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1304	msedge.exe
1304	msedge.exe
4076	msedge.exe
4076	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
2188	msedge.exe
2188	msedge.exe
5632	msedge.exe
5632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4336	firefox.exe
Token: SeDebugPrivilege	4336	firefox.exe
Token: SeShutdownPrivilege	5536	explorer.exe
Token: SeCreatePagefilePrivilege	5536	explorer.exe
Token: SeBackupPrivilege	5460	vssvc.exe
Token: SeRestorePrivilege	5460	vssvc.exe
Token: SeAuditPrivilege	5460	vssvc.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4336	firefox.exe
4336	firefox.exe
4336	firefox.exe
4336	firefox.exe
5536	explorer.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4336	firefox.exe
4336	firefox.exe
4336	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4336	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4280	4076	msedge.exe	57
PID 4076 wrote to memory of 4280	4076	msedge.exe	57
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 3816	4076	msedge.exe	85
PID 4076 wrote to memory of 1304	4076	msedge.exe	86
PID 4076 wrote to memory of 1304	4076	msedge.exe	86
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87
PID 4076 wrote to memory of 1756	4076	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/LOwIP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbac7d46f8,0x7ffbac7d4708,0x7ffbac7d4718
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5741479346088159322,3614475851626984603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5116
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.0.40897085\1942129177" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4aaea4-2e29-4daa-b9aa-47c9952366d4} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 2000 20d528d8758 gpu
    3⤵
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.1.1043254614\531940225" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {665aa222-353e-401a-8113-6c30355a032b} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 2380 20d525fcf58 socket
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.2.871935926\537340178" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b0d7d4b-b138-42c3-bc07-e541b153cd6b} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 3328 20d567a9f58 tab
    3⤵
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.3.1612329005\957412635" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebfaf69b-fad1-41f1-9f13-80eab7b6f3c6} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 3612 20d45f6dc58 tab
    3⤵
    PID:872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.4.1106783110\2013956670" -childID 3 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afaa9f77-e7d6-44d2-9800-48321ef5567c} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 3872 20d57a98a58 tab
    3⤵
    PID:1136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.5.393514018\1236087617" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5032 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ddd8a62-5957-405e-af90-b75a25f70ce4} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 5048 20d58efa558 tab
    3⤵
    PID:1724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.6.256369145\844782390" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a5f8c9-f372-4957-82e4-ede1b440219b} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 5068 20d58efae58 tab
    3⤵
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4336.7.1960616775\1178928896" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eae75315-a49e-4e88-9659-e4aa8a70de44} 4336 "\\.\pipe\gecko-crash-server-pipe.4336" 5172 20d5933f558 tab
    3⤵
    PID:3284

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5496

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf5b70b59h8478h4e7aha505h2e20a2bb1073
1⤵
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbac7d46f8,0x7ffbac7d4708,0x7ffbac7d4718
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16379569879009707117,4315208150957162354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16379569879009707117,4315208150957162354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16379569879009707117,4315208150957162354,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6080

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault74b3f1d9h4eb9h4460haa17h241328702e67
1⤵
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbac7d46f8,0x7ffbac7d4708,0x7ffbac7d4718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12737078803736727495,3389377818933613214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12737078803736727495,3389377818933613214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12737078803736727495,3389377818933613214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5c32cbbc838f121a4de1368328b86b5

SHA1
a473ab4cdfdc04c1f04b94870f544c9eaede720d

SHA256
c775f1af6a4fe521cc6c599d68efd7a580b916372b96c549924094af329e6b3b

SHA512
5d8a2b48d7652389cd7b73b458a8153d5d477794dea0e3d89648ac31445717420f5030be70ee422df1693d9b1fba3df4ab687df941350997549277cd9d24f9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
180f8ab1c865e777f1b0ae3fd9509d00

SHA1
161b0134757cf9212a2c860b0945449b32dc85d8

SHA256
93dab961ad003d0a3d3622cb87dc0d08303e4833885f6c0b1be96f082cb0abcc

SHA512
e27ca9febf2455de0b4299c01e355301a84a1eacc5ce6ad239eaf45957e4ec2fa97db2d4511d83fc6159a092f47a46b9e8679a8943555d889bf8ac79e7af7148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7defa0a4-fb59-4259-8c17-4b3201fd6bff.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
10f11a82b0e04b421c1fb32dd0da4357

SHA1
acae32a913e4cca9efd565367503553ada530689

SHA256
a44433afa08db3317cb4798804f61ef11af509b7617db79887f7292fad756e08

SHA512
7bd18507e816e5521d89e1054fad40a0e188f0ef688a595585643e84b7718d618f6a8597a616edcb5b0ea4af873b677fb9ddb3ca0c55ad1fcd8d35022f6d97c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6799012489371d52ace71d7d6beb77ad

SHA1
a7725f73fa011a9359a3bee7e9a0d66a2d3e398d

SHA256
b5f838c0525b7627d00a8f8da8b0e6d61b2b0fa88907d0421e552023ec2480c2

SHA512
3f66c3c9607d62ade10483c2672aee0e3b31da85fbc843dff78449d7d6a3db6602d60803453597f45545b4ab7529faddd6f67eef476e2331b4bf80b42cbc8352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
3b21d3bb7ede4989d96e65c4f76951be

SHA1
9b29459526d3ee0d280d172aca3d51ebc2fb6831

SHA256
0512f141a8f6b92070709d132b3e844ee63c613caf0bf595b0473c7edd77d311

SHA512
c9b1a13f40d1f5943d145878ad988ea7ed9fac8cbaa70ff7743f35480a8bfa4790ec1e84340601d2ce6437df6065086cb5faf0e32ade13c2119601abcca0ff55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
cf58aabb00580637c74238eb57c39a9c

SHA1
43dbf41877d685aa414c79c99cc77c97d50d04de

SHA256
b7b467ce313fb0a04e01699ec6b53bcbd8f4bcb4f6b695da7eaef5e652bbb1bb

SHA512
2e83544a9744774b84a527004623d123ce7541a74f031c4fe6b99b20b8485796ffc1b70c78e891f876f53dc1dd5e8a12976fd9405869a141766dd1f7c2611ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
597B

MD5
82e9c7e69c474d7fb8dade231a7b4f45

SHA1
935df5c6bd0b3acb4eb3097613eaae67c637e8e6

SHA256
2a6822e8881a28c22650d496af287d0a6fc4d3443703da793c735cadb2e0d267

SHA512
40836f10823d5bf9650146153b8ba1ca4a8c9911f35af64eb9354f2354d5d92ac34c9ed28200199ef3293ff04a14056bf9c6d91314b56b5b1fe99d31beafd6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
677dd554fc8dc918c8520ab9360b80cf

SHA1
d32b3e745e955c505e439aa172110ba08b30c00c

SHA256
f779817dfb16f4dd9c8121bbe499da85dc00cb5e1b5670bdcc41f797f51e7f2f

SHA512
40ff7b8b1630e572b8101de14193537197482e04037b720543fc8e68d085ab7cd4e191a7420a6affbc75e2b81e883d263533b48e6506daf90c418fd3dddc3215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
674B

MD5
51f9c76102a9fd625415b82e07a5fba2

SHA1
7d9d80ea5430e866b666a76314afa64764ba64b2

SHA256
7957d5425778e6b0eb7d24306fbbcfa1ba5e0c70b6a38805822adcd1eaa0b09f

SHA512
67195fa9fe2d5fa313717d0269977f0601782c404be72c6052f8995b35f56afee08ac59bd9c2e3718dacfd3f00d7b777a31984dad5e84c8b9602c1ef0eb6ddef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
674B

MD5
18da7fae6940db59e1ec69bbb58d0cba

SHA1
d36d9d50f6cdc95ee08932a32ebbcf6004c66159

SHA256
e78f61ba3d4d7c4036c163b6daf83b48bd6fd623d43996ee306310c9ec315da2

SHA512
ebc2896307228939f9fea67890f63cb487599bdeb132f1dee30b6c4feaf855c535d5445005cb5f390e5baa979a11fa46bcd0b30fae725a0b620ae74525cf31c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a63ad7e0de84c121d702f187166c9d2

SHA1
9448caf4ec3c98c733581730e69c5f03ae335fcc

SHA256
e367d9673e652885b884248469209245844829fbf1a41fe00b555a3a787928ef

SHA512
137c7c62b00007abf95097fe6b4a17ffac3369d0fe5d612463432c35c3f6fd18040415deeca1d9a4d1997b1d092179a3c31806f4d5ff81ec879d4fa7d91e1880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44bea4a38e3977fdcf7abc33e9fb6a7f

SHA1
87f4a32341dab6e4545cc7ea23953dacc7b574fc

SHA256
d90612aa68d45544243002a7aece494061284c0ea6a244a948e177215ec97838

SHA512
8245e8d1b38308f543db961f8a8a575ec7f33f2730a117e92da6513141cea19d587b0508cb9bf2d29788525a3edbd1babf2cd325e14def2f17c63025e97ffc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73b51925f20f595a86782a037b1c5255

SHA1
8de2d00aa6050d10dd69fabdc6c790f06fb35106

SHA256
a4eed64f3c0e389579188e1fc66ef147fc894d0cde2828af1148f224c97b386d

SHA512
2d18d0a6d3220320ebff796a8679b7e718e9ab08e6c63a08f658ee7e297fe3fa3de73160370cb1e12688a86142cdd3e02a0517a9140f61d1ac1f0542741c6fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
208ffebda345b5e8ef85cc9d82c34de7

SHA1
80b632b5309f2f0758ae81274b62c142017e0f51

SHA256
8d3eec090f18c790ff353f7cdd122506b821e0640bc406bbe565f1901ad89ddc

SHA512
c80626851e319886f6801319571929981d40a20a281a62c0e07c1dd90302c9f9bea33e6d19255f917694c979b38dec94995735b1c0d01054f9740117f1951981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ecb7aaf1c2e9baf8f071495549bd6aa

SHA1
f1075062c8db6df6f635c6f42be6fa2b8672a765

SHA256
393b275780010a83d5d8847c49057e3fdd4919e182765cbf73a50ebfc43726a5

SHA512
54aa5a41e2b67204655ae586417ac1cbc411da25424cbd830dfdec3254120de6d12ea15362e53ddfc85d814e7de87d85e4e45817af74ca373a7694e85d9a1b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c95c9bbd5bdc70077af0db1cb9dea967

SHA1
beaa67c7ab09e75034266e64efdad74986a7a32b

SHA256
2650b4fb8668d479be6ff43e1d8d70059689c1a966a249b7f48bdfbb280074a3

SHA512
a66da8442d6d12a64f6978e9887ab0f03ecc91a73818935a7fa124ec570e98ff983f6fb3cb4e74d7088a1713eeec68df22fce24ba1cfb00bb76ed6997bba0084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a8ca64b1d456eade65299f247c349f40

SHA1
f7e3c24afdcc26e825fd7e2cb8ad3ba5844c5feb

SHA256
81cc5ff2c4cd8db955a4e1f0492057db91c2a61ca19b613b33de4fd55e3f5dfe

SHA512
e3cb4bb947f6f951292ecb182918b3bf577cab53fa3fd14613d10cda9f38ce2b21c2583a843fd0fa5a7435f61314d6ab85c6af9557c745c7676f397ee7aa108f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
6cd3caad8cbcf8465adda8c2b9ffbfdc

SHA1
670a1ffcee3c5c0ca501989b79f2709eda431476

SHA256
2ad14dc140071bf70ba305c4a3c85c58f4ed34c287d85c6f17509e6cbd340678

SHA512
a1df4454ca96f8782b796dd11d999c3b4161da8bf73b32adad799f21342eb43250d86d2fde43a12c90b7c62ed99af2b188d61fb0996d00bdb71bb273f87dbc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
8362a3cac2bb8164e1098364d5a38e6b

SHA1
1f134237a5fd9a5f3d73dfaa4a0d960c12714efd

SHA256
bba2836be0be8a6ead280e1993526b757f85ca6a6c152b4f874f5bd74b08f1b6

SHA512
77df680790d3b0712c8872ad1fdec68ae7621f9aeca2784e582892f669a88112a7106ac8219ba950ef4efd14c3c8b0f9cab06304e6ab8fc83ca644db76dad201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b6dbe3763aaf32e3d8ffa30ec685f7a7

SHA1
ee94a7a71caeb278cdef3000c453dc6d5f4fff57

SHA256
351c533afc635aa5d8233c5d60c3a67aa1d6989614fe50925f800309deda358c

SHA512
7c1eea4dc07f24e121333106c569eb6996be76182901994835ca9a8dac780b63d7a977f86bfa2a2b6afdb2617b81df164877590bcfe173455889402218125b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b96cb77e340b4de5a72c9571afe7b8a6

SHA1
77a487b275acc931651befb9856dd42c5b13c9e4

SHA256
ab1dff27123288bbd93cbcc3fb09c1ab125d3471be7373fe61704f2d08f6277d

SHA512
8003f673f44110495b0f9bbf64653fd5bd5bb5c20879c23bceeef464fe43f33d0b32536c000ed8e677e482b79b7ae68a2ffff054ad09aee8e91ebd905c60d8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
2c1bc737bd77928d5c66abaff379b0e7

SHA1
cdee65e3012e35e5067c95bc8b3357f01ac1b3dd

SHA256
5ed2b0de04c57e36025615aa3d1f6a330616db617ab9344bff7c62657a8ffba2

SHA512
6a639fd3a4ddcb48642b9fb4eabdd82ce2dcb698d4fecede4499ae18d2df3d1ca824522da2df4ff78b30e2f8be53d234dfbbe53377da3e39269f205b1ecd8f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58629d.TMP

Filesize
370B

MD5
00e23a677d1adc48277d1d7a2efd5796

SHA1
79a47fecd278fe13b0ae9b8991ad7a09850c593e

SHA256
fea27cafea672c31ddaabb3402c98f8b61e095422ae078caaa35b275ed48cf9d

SHA512
aa07ed5f0849faf8a838d8e1ed908335a26f010976f0f77178f88e588865e529fe4f630d8d014657bae579392a5226e1c23891f60746a7d46121efb62bb4613c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
dbf1909f662d67f7b845ed64c2619058

SHA1
4935072c44c9c16c16e6146ab7e5b6038e87206d

SHA256
8b838793aca04a5dff1983ac7e74e182aa824d73a047d19bcedcb261a48074cb

SHA512
3482f1a7663d38a75627dbff5066391104dacc15c7e600c636b2fd62bd2b99f2d14805c2855bcd856d23c55a3d81b4450354240ad80aedbd0a7dfc946f392ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
40bfe8504f14ce25e9b4bf6c07354f4a

SHA1
0bb12474ec15cb1432df11dac55840fc91a4b848

SHA256
eb9b4670f6100768b93d0f2a04e68871be8d0ebb01ea281959bbb9ce834e8c72

SHA512
ac4dc2fa85898f58aa6a4b12d4e00786488c6b67eb3e9bccd2f329625d67476501367bd1ad3060ed637b0cb58835f4809199f41e2eff476a35d68d470ee4b362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fe25ba8fe324e1589e01bc854812868c

SHA1
10c9c90a480c9e0da3b4d9057c45b9f3c5d07676

SHA256
8230cf2c466c15dfd2ea109380725a60f6a1f99fb39047a4e425d96f79abde34

SHA512
94a6fe0dc5cd00e8cdb8b424b5daa5b21582e13d2104bb173eb6e990c49b064fde3d350bf0966518cd437458d6be4db3cc0042d693a7126def4444a808d1d31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
220e300bebd9c8d26738cb4892364a65

SHA1
e028d809f2496315ef53bb5e4628d1138e28906b

SHA256
eaf611cf9c1607d0e9c7629ef0035148e32c9ff172c7b56ccd1b57cab9726132

SHA512
a20c3e6dc5b71c68d1e6979013fefd466b60455fd761a7f6761567438b992578f5b1b8a0d3da82306f6267baa53a2a5d43c0218eca49927d7dcf28e916d066aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b0b68b69475a5771ec4ef236b3fc66c8

SHA1
d4fcbd5a566e6fdd4f854c340c33a10e42b4b678

SHA256
a54d451cfbc939ef35a2eccc3276716079af1093811718d4dc75a860b9a3fbbb

SHA512
5f9af08e82ff1a870103e8a4f57a2e68c1d65910307319961dbbb8b52438fcf16c17d3b870e42100e45ecf5320a7868ebad065b15ac3dfbd62df4be96b5944bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
25KB

MD5
596c754665dc3ef9437ef542eb4b130a

SHA1
2fd7ba914e8df3314850a0f0085d5388e7d45811

SHA256
bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500

SHA512
d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
df06f8ddff0a739947a7359932fedf36

SHA1
4fb38e5aea57fc5f2538bcb43fcc1278baae277e

SHA256
6cc50c9bc1a253f13881235c8bd8685aee9587aa7c79909278da4012e57c753f

SHA512
3428ded5d7503aee1d1a145d1c71dda276a8bba668e8daeed1397fb23e276d7abd2b6d85606ff8a03294bfb4164e86c696216376fe1bd0eee7405287f0415f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60f6a8bc512b78eb532ea10ba4379429

SHA1
7ee9bfc6f17c0c479184280835bc0951f2c9e836

SHA256
d793e431cd12774248d87fc01c405388503b928166a30f9b1d63901b345e0764

SHA512
c7564a31b87139fb201faa1ce9f19d93780759b6bebd078e84ee88b35e89024e4484036c187360a306f6a064ac68d437b5e1af308b7b3b9cbd2cd3402034332a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7aca03eb47127d2c9f7436f81a249f40

SHA1
b7534ddb3d96d8e2f8c57d983d9aa241e643549a

SHA256
5bfcb4a915bf4a0d802fd3251fe17d872a2375e473da7fb6d03b68a5105649eb

SHA512
6b2cebb051833ea34ffcd69b61d7e09c4ac25b07a5227c53450842a951c9762daa222fc6a839cf8ae61c8edfbd0d034d0d9f78c5426c81d05eebbf8dbda806cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7344c0587addd6151d7f599797dff52

SHA1
48b732f566c5ba2e9532e824171aeb91f6d46e05

SHA256
74d6876ffbded34da4c7cf698e02ad39d5c1da9a4da5cd6dd7a1a0ed94f9930a

SHA512
3c16d220df9a97bf52741710b782d6e837ba3e556e9b1b1b8a2927378424802270c66efab572ee2b595875e79b2e52b9ffad87c31291c9d756ec8d1c840f162c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6968b81eaae6e1f4ccd4b7a1198ffd22

SHA1
eb15779c27ac2165dfc0fa672af3a8c8c60d4717

SHA256
d73592a7154c4c556a39e282914370515d07ce14b836ecbd3bf18bfba45343c9

SHA512
6aef1e678addca47f7ae4935b6aa7e7e2194538a5b2df7392c21eba42b60d127935a10b21d9ba0633957372eef728444e2af184c6aa253415bd97e5e32c7a585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
44cb6fe3973b3da997a0f09d7b934658

SHA1
67b9aa423d409962beda5f05532d76e24970dd11

SHA256
8770a4990359db7a088ccb63b3da96207971346b484bc0549752245e68066e06

SHA512
bec3bff39080777383e59a12417e1564a03eaf161d2fad5dc4bf3dd06e094db7e84d6e2d15f50060985515477ea9f3d54a6cecb8066f06a58187982d8b0cd4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
34ee1ae8c6a8d81876f1b94db834fc95

SHA1
e9fecf3f3b8079c864612b088d497f196787d47c

SHA256
ca879b2d0058c8fc796c201ed125878ba03f4ba4c496242d46fac81f737af89c

SHA512
7ca43d91892b8827c8f148e710a3383ff34946430d9579316c692bedf9a53c3693af8a68692a01cccfb4af5b1703fd500165cc9f53c2db46b1dce25afe8ff12b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e181c40acd39a3d183e7f63462143b45

SHA1
8a9adb78e5ceac0827d40ac602b7b3ceee46fc0a

SHA256
a595ba21c54a9c27b27a1930d411073082688cd899984b7d65c850c2c5a601b2

SHA512
101277a068bc36c36c4f7cda707129e048f3ed1a9262ec9140e41b3aea83591a0f718d4fb2847306ff12d06ade0ee10b16dbdfda3c9cf149a64f35096e58d42d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\e9133bf6-c982-4189-b900-7e9d0574c263

Filesize
11KB

MD5
2f33cdfe087eb66fa2f648bfacf0cbae

SHA1
91bf671782299bca09a8295860f42ab7ff98c1c4

SHA256
8e59fa41accce91d338b2d9939d2efc976c55887a246978ae4eeca1e3a8aabc0

SHA512
04915e5d69b2e63489db8689e492dae48ae6af975dc7e3f3280b6f7c3db0c1a3987ccea6f9e5866474349b1a716a1c8aecafee2d8847d2846932558c8034c3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\ed306650-096c-4fbb-9a37-c3450d3814ad

Filesize
746B

MD5
d8e1c78d46bc51f24851ae44250f2d5e

SHA1
b1039b30561eecb0a2629b3d6c291fd5efee1175

SHA256
849a608553687002f36827efd2558894e9064d9b3642418958151c00efaaea9e

SHA512
170d4e2fdd95f65320a0bb13f8c564bca096208d0ddae70d32e839c6e1010f101d7942f300fcabee95d1f85d6cb2b494ad8a58802967debbd7fde87a4eb0d84b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
6KB

MD5
76d4f3edbdae6e0c61c77d24a08e38ba

SHA1
538f51ef76ef255238aeb816e7a81e9c2ccf3b6b

SHA256
a0af8269f6e30e126d442e4bc2249551d3b95acf1f7b16e9703227e406eb52fa

SHA512
428335695a6b59a72d81410d0cdbf0d73bb0e2d0f1c76544016a07fc9661b62962cae6531a39d5d5b937079f03fc44b72ec83246c7e2a185fd79f3c36e7fdd19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs.js

Filesize
6KB

MD5
b42d8e9a2d9c483ce5620934dc97b2a3

SHA1
353fab00677eccfeb43a89785995411bbbb5e470

SHA256
695ef3fd94864ed4565339bde9a438e4e0a8ef7112421458fd8baa44c69027c4

SHA512
3b15ce3f16c4a257a50313c89fb22e19617be7f1c694b73d0e2a138310cd5cf6c1bebf5317eda5bf47717764d5be097469b588278750b1df45efd500bf1e9b58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ad2e4ed04ffa0a342271684a214b5e4b

SHA1
1eab5405d129d511ed38cd0f67f4bffdebfe10e3

SHA256
8355e90e8dd80b42b23864351283e87ecb14cd7acc76dd431c095e21a56c4dd9

SHA512
3de2b0d58e6cd7e3229db3f1be3d5257d0819ec89884efcc4a446fb70d98ae0538d3486c83993bcc134e3a01c78047ca368fdbc09e912b4a331f3f945290a7b5

Download Submit