hxxp://17ebook[.]co

Resubmissions

20/02/2024, 14:57

240220-sb21ssab21 1

20/02/2024, 14:55

240220-sagcpsae96 1

20/02/2024, 14:36

240220-ryrynsac47 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://17ebook.co

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1888637039-960448630-940472005-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1888637039-960448630-940472005-1000\{5B6A49CD-AF30-4388-8733-0D30920C5C8C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe
2100	msedge.exe
2100	msedge.exe
3496	msedge.exe
3496	msedge.exe
5548	msedge.exe
5548	msedge.exe
5780	msedge.exe
5780	msedge.exe
4456	identity_helper.exe
4456	identity_helper.exe
5404	msedge.exe
5404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	64	svchost.exe
Token: SeDebugPrivilege	2576	firefox.exe
Token: SeDebugPrivilege	2576	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2576	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 4876	4880	msedge.exe	70
PID 4880 wrote to memory of 4876	4880	msedge.exe	70
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 2024	4880	msedge.exe	86
PID 4880 wrote to memory of 3776	4880	msedge.exe	87
PID 4880 wrote to memory of 3776	4880	msedge.exe	87
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88
PID 4880 wrote to memory of 3032	4880	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://17ebook.co
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1d6846f8,0x7fff1d684708,0x7fff1d684718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10818771667498181873,2296833996722722077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:64

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.0.268967767\511217396" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1612 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6702afbc-d4d4-460b-a83f-9007e8a7bb71} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1964 23ac47f8e58 gpu
    3⤵
    PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.1.172793037\1288296491" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {391f317f-a1b8-46a0-a9e4-920c0a6c0778} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2364 23ab7d72558 socket
    3⤵
    - Checks processor information in registry
    PID:4044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.2.1861058279\2130684358" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3048 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd06cbd-cbb6-4b8d-b951-757d383c16bf} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3184 23ac475ad58 tab
    3⤵
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.3.806668046\1898110302" -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75130055-50a4-49c5-be50-16048db3971c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3556 23ac87b1558 tab
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.4.1948046500\464979698" -childID 3 -isForBrowser -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {258e3cca-5a7f-400f-a014-a80b1d2d647a} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4348 23aca2b6658 tab
    3⤵
    PID:4200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.7.1204543865\2085657513" -childID 6 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3da79f32-bafd-4651-ae5b-dae5aa2e34f4} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 5448 23ac865d658 tab
    3⤵
    PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.6.389921660\1276848486" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cb9a67e-458a-4f40-a91b-24c64c52f3f3} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 5240 23ac865b558 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.5.347758214\506413342" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 4580 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01664157-e06a-454d-a9ea-e03cf139340b} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 5084 23ac865bb58 tab
    3⤵
    PID:3192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.8.1756763987\1125252995" -childID 7 -isForBrowser -prefsHandle 4932 -prefMapHandle 4040 -prefsLen 26508 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13aa4ee4-cca6-4325-9ce8-1ca85b73d602} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4388 23acb9b5e58 tab
    3⤵
    PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xfc,0x134,0x7fff1d6846f8,0x7fff1d684708,0x7fff1d684718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6793133158341583117,13892776219246081069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1d6846f8,0x7fff1d684708,0x7fff1d684718
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17953206063144449982,6184892953398736924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
0b338a5fb37f3fa30e23db17c42dfcd5

SHA1
7286b9b02e0c62305316facd05df9b55fdd7e292

SHA256
e9a73b2b7d495904d5b244a06ec3cc9e19760870d05a5770dc1511bdad1e590c

SHA512
f2a12b89143bd49a0d75248a53b1046982c3093c598da7e1d3c026a25574f2ed51d9f4fa855f7fae8477bd611fc026052a8f590ae995529e717078499dc0171d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebd667e8db80b0ab07f02f3dc844252

SHA1
461bade20eebf59e30e8c3620640d6df6db79249

SHA256
d04531e41d70e7832898e797081335b3f0314b09141a01de921ff679dba41b0f

SHA512
75f92d1f4ab942c3fdd3b70542956ea246f718aa8808a53f33d52278505f4f783e4c0458e5093ea4f459e72faea431f926373883eed2ec7da1109bd7efc6fb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f621c7614503377ba83f2fcfca1c303b

SHA1
c7ec737f8e0262052e038691e5b38db37bdfe56e

SHA256
c2d2e04acc5e2cd129dd3211f73b498043051b74a2f661c1199224b37b681b26

SHA512
203e5e582007efb7d11b0442e85d4e37a4cc1332bd6367cd74b0d4b9de0d0df85757bdc66474f62309bf530841ab7a5e4c0d43c95aa416b7175129e2e2b36c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
639fe1e284fa5ce5eac19de7ce6821fc

SHA1
71351a9608987ef41f15bb913fbf33f058bef278

SHA256
4f8f3b3cafb09485dc63efec62a8dd6c9c646c70d485e4ac7ca0e68becabdb06

SHA512
8086995dcceaa502842144824707f353de76c223e6f282d283fb984974806b5505a6418db74ea4e36cf70be8ff47c6477525b3d15d858cd4cb079bb356a94bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bd1298e3ecd61ac2625698ee3c40ca9e

SHA1
8c6458c21491d21a7be61b8a8937649357fc2f54

SHA256
4a6f2c7566fda4bec6a747180289b48bcf8d4ce3e0e771d404355fec230e1a24

SHA512
e794a422ad026a4f3cc487df246e17b98738eee6d1df1e983d4eeefb2a02bddefecbb9c05d6286c886befd820fe88e6ec9b395ebf80dd68ed01725dd02dc90a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\83988918-f6f3-48a6-8785-430cbcfee49c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
5057a14fbe4a6894db79a9d77f337eb6

SHA1
cc07a36a7655010b5879cc9448b9c9fd1cf5f7e7

SHA256
c988a1818d0d074ccbebf2832945fac652505944c1865dd2cde7f09467449404

SHA512
f8a714fd18e1e10b0dea421305f6f9e779d68387954762eb29662f88f88259c064b15600d1ea0ae3b433c15006d9c1edc02a62dc801bf36f75309c09766e5ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0dfb7e553ef68d9c9aef91d5bc718338

SHA1
20a759d8d6758d6b3a9d96eab2cccf6495eb3b76

SHA256
5235b3c1b3ce63aa2335fcb2796c81f5b2000c0703c28a87bb282ff2bbe8536c

SHA512
a59932c77451937dc847bb252596ef45fff5167d18041c31d94ee42b3e88c363ab61a0b3e3d6cec11e46db570ac12068bc3abdfd8f1d33f2cb5463e72d6e42e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b704f703f9affdf53bc08c9dc4f1b939

SHA1
9f83c9aeb394acbf78e1f14bfba52b4f950cd4d1

SHA256
a83e65f3f4a342c76adef21111aab47dc1755826b9b5ada90a6e98b7e138f125

SHA512
91166c3368dbaf3d791ef6eec928a2101bb0052ff75770610de97fff3c35e861794d5f8d5efb184d0ce8ab1b2d8802608f8aeb3cb574e2cacf7d1e2b6a7dbd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7f4ccdfa4cb3233ce29291b53feeb341

SHA1
e0e9f0228158333146af98a641e738d06905bcaf

SHA256
fa2bd9ce9d20c6e39c1867085e2011e7a5eac4c19a2c16249f24248a257b4eb6

SHA512
241201d24d418b18ee6b5243c7d5b3f863a6b606dc8ee3f2acd8ba480fda633fca3ba672163c46fffaef9322d554291570ff37499f6857f027e9c800c9c557f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
a51c6e155037b098c886b24b52ce5fa0

SHA1
8a30e1816df5177dba85abac79bba6dcad8aacd9

SHA256
61e5765c1c3e005163594e238c18fa765a56082987a1a2ad17d634058fbfa4a8

SHA512
e07e7faaeb1b36c9859568552157b62df99482b4c430f85ce94b71700563897040ddcb5673323f7fe66630a1dd278ce2ce0a2e639d34378d109f2f673ec65193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
263B

MD5
874d44f7856876dd15250481acc32268

SHA1
96436485e09151a3fbf8d19f7dd10ce13b69d732

SHA256
24cdf3ee4ee5087b2abc49abe773726f6a0af3a878281705c4e31e939c089a23

SHA512
20ca56ca96f6ba022b33871919d03d21577f76884fa146547f5d203179d4703040e6c4f08cb881b04b28152e1b8d5f6fb8168745d463f18a1a7bc39db17ed563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
270B

MD5
54f19c4d700fac97e6dc708dcbd83fae

SHA1
c8ae6fc7576f8bf4050eec1acc25a363821d9c15

SHA256
5a392ecd173c5de1160865b4660d81bf34214c750373385fc914c6422bbf3455

SHA512
8850f09a110a292a46cb8e34789f26d37f50cebf657f5d8cf2dde529554b8237619b1ca8d1bcf973aff9c49f0563febe9b99448eec4849807e523f02283ce659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
d6ce320fa75e6978665f283de236ea34

SHA1
d5a44e93a882385ead7255d2b24e1c5ef2c1399e

SHA256
64b5442307facd79d569863fd253686a5fe68902da46f4cdf014217549c7ef84

SHA512
3f509b32b07ba2b4ad14ce7ad12dc594a2446590ea7a7fca9b4a892b43976975348f4d57adfe5ce1b72e53b840af5068e6e7ab46f6273206e003abf32ea9a0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
10675961c910dfab08810b4c507860f7

SHA1
02cebe171ef63b8750a2e19c3ddd4ead31a7ccda

SHA256
183fee77b72665edde4b21a848da9dd93e5bcfd8878fee32cbaf428b3652fb14

SHA512
29a4eb62c914cb4ddcf2b7dbf3977a14c088e7de3c51a040689f3a1d95e25ca9ade20b4ca0d1500c54f18dc1c4b64dfe7004cd9bd4016f8ce3435698e4104e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13bc27976abecc36de0470305e3c2a31

SHA1
85c9581a032e0e17b9cc25240644753e7abbb757

SHA256
28ee3de3e113a11255ca9a22c476bec7f7a8a4c32e7d97f588bb1da78f62c45f

SHA512
e65320f04748b856ec8047491c2808b876250944bc03a55943aad38ae99b6499fed33d5ef806f627dbe99db99352a7028eb336bfed177eb7643ffd9374c7187b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c1aaf34d0195ac3c47443387c75b88f

SHA1
bb0a228fe0e8842dd11c64d8c555d9d8c804f281

SHA256
09c884f99be383fffbb97e433039e787dfb2439589dab3e2efb523dcf8d6b434

SHA512
bbd0c964dc62d377c093127fada59be04a2383b002176baee33c08e87741f2084963e9989afbfb655b6ac7b3cf787020a3bcbfb1a5b935fac2c07476cb8d553f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca574b52ac217ce0272e9b7dcff89290

SHA1
e63fc3cf2a2bbfd3db9906ffae39e63620d796e6

SHA256
674227f6428ace96b93c5cef0b97e58906f08c13b43ee5dd2b6abedf3e100b85

SHA512
d289fb30d8d4242f2ae2eec222f8c995505f9eefeb81393cb4f25dac7c8cc656d45339755fd1e6f594d943edc6819bdc549cb59f1b1db89967e156363ee61583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9ce27b1c3a88e4a46946cf9a8964377

SHA1
e596262d5ff4e69c99069fa635a3e8ac29969a8a

SHA256
4f9299ed0f8289f9156d97bb2bc42ab81361788ef77b8cfb2741435f49f39938

SHA512
bb30b6b57a2bf223e48b67f807c1f3ba9429440f1c6ee8d23b3176356599aa70b5929c6c4da75faad6e65b7bd76602ddcb6f1778ce96bd40ebc7b7651f2bb80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2a07ef1db5608efe7d2bfaca0ae7163

SHA1
91b4f9e747107a1770a6af416f36b23d0072cb88

SHA256
3af40131e3de0d9116f09ea41cc86d68e95a8d9ae25758f8a66e56ef2fb09622

SHA512
b1916b6430a190293b02e29b6688e793193d4f0a62d339e9e3c8811557084e200ff65c56f90d7d06ae01fbae8a46563fb69ec0b0a9156c9026630c83d42df9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd300be8390a23f454182dcc7f932c97

SHA1
aa1bf159335b65d2180f62cba2e4e6b8355ed0be

SHA256
bb690ac8da49e6af700e927f582d3286d2e3ac15b07380588daca9f372cf88d5

SHA512
47d1056e714c61cd645abdeb84cc3455a4bbbc77175f444d599277d76c9b98acdb0cdc48d94cdb1813b6e591fd99f24c63a4db2961254a873cec2461a47f934f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
e8fec8fb3eb168abc1801f25f737eae0

SHA1
0ca1d6dfe46ca8579fe80fb118811a36a8930cac

SHA256
c5ffb30f0568759e03c8018693f0cfc3bc39db38146b345f22f5827c44ddb742

SHA512
5746f17ab2afa8efbd985bc50b5092b956f25668a18704be7c44250b8c938607191e0a42fb45daf8becc69884195d2dabdb1af7a6f92f63886439815ead84a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352914518267655

Filesize
1KB

MD5
59700ead1f740a72b3ef6076db989c9d

SHA1
427fdd539c2ac256d54674e87feeddf876478f84

SHA256
21f7b2b99dcfd25791eeb193cb388d67da91e26c35c29a03d236d64878c1d8fd

SHA512
536160e59973566c6657f004ad915f470b2da3d2a39cc6e338a2a9759655869375ba778d61a7cd87d101a3ffde1cd725608ca3d00e28176fe10a0af27d2f70c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352914518445655

Filesize
1KB

MD5
db673a3ba1f24a317b2804ed25279bac

SHA1
a63bb61d0ffb5edeefd827a69cf82dfe879baa1e

SHA256
39e932c4f8a67b851f749d43881018166a2295a6c255a1218bcf1c169d9302ca

SHA512
f1c1ea465ccee5eb7fcd6ff0bc4c2e03f8550d8d4aab0e20ac32a027b09ec7c29babdf28b06542b61de96afd1c58544f23cd034fe93df0b4b2c47c9aab3001c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352914634842873

Filesize
2KB

MD5
6c20fd46f9bf2868f5b275989a959304

SHA1
e08dbb257ab32cf07e8bbbab7119f3155525ce8d

SHA256
678a55452d126882b5046d058b39c5e3420ee6aca332ed2c98487f029435d407

SHA512
df33368d5993feda925099f32a0910c2d6d7f8ed0552355129b04c70ba60792152faa56898cae9df7576536161a682caa309af7fc6b35cb6a8d3ee1356b0cd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c899b6342b2f920b77ef5f50901290d2

SHA1
7942cd6e2d2638e66555eced10324292e7df20ee

SHA256
d2e04f43ccb1ff9b84fc58b33f07a9d45d6ebb163a6df5a852336ebd8343aa96

SHA512
a01100bd423050ca2389af4446d825e89151e6a124c984e94736ed5e85488de9166f7585cb65533f987ef01bd656e94712bcd6333f2313fa8e22576ee7157d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
cad731600f05da7a4c51e5c9ac267e6e

SHA1
d518cbfe8aa3bc476495ae7bb338a0c773aefc84

SHA256
3151340dbaddfb0c4274a1dd9c4b19f7ca7de9ebd031e2804bebde4109e63897

SHA512
87174609726805e48f1f3c91ccac828264468cc46c276020642bccf1be38da75fd56810ef512172265a9078b8ae43f8370b90c76e52a7c858204e7af94854ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
95245b6f3cac350d17824eceaa861d9b

SHA1
3d920fb2339bccdb113ac50f43ec137cfb77473e

SHA256
a7ac140f421bb1ce06c19ab126bc672805007a95926c1e492f189454536d7cdb

SHA512
ab7a04d9135e20edbdb1ca26e657b9187d021d33738fe6d5e40fec3a8be87ece67e8081e902ab82eaf43db8fdb25cdc7e4d32080ca019e01cc9e6a722fb3b6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
644f8816f0813230b696bac3df149cf4

SHA1
e2485f398fae82d1e9af709226de24f30c93d8e4

SHA256
e4f5e08dafb0a1877267518b46864f98728b0d324c3aa0c93cea027ff28fd9da

SHA512
f072366036f04c68a42a1c00fab0e5b3a479db5270a335d6e243aea32643d070a722eb02675620e84e9d36c3f2940626b0b962463be0e839b34c5f9c997f6af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
44adaffd5a95b2288cf93f4672af2e31

SHA1
57ee57b8e863fbe974849900dd7fe0c57b94f44b

SHA256
44b99d74f1de1debbc65e95c72ecc356786c056494c8b4f09022e9983e8653f2

SHA512
95cd7bd0e2f1febe77b5797cffc55ec69c257e8e530f19506e9549dbd11827579828a458ff4b6f38d40793b30ce3ff5a8bfcef70d9d7cfbe0fab419c802ff442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3ea87981d5e9506d67d74756586c4207

SHA1
95b1bcde8e85b1a87f4d080c9ec5294c1f702111

SHA256
8df330e2259d5a36a8e6ec30f16e4b8d3a79997673d3ab555ef4ce807d246ec7

SHA512
9b5c0c3adc1c9c4307c890aaaac169c52a505874e67e8df21249adc416fd24dfebb204d2a47642af3ce0110dc9a4bfa6520c2283aabe768346018c514f16f558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
310c6a7f015c21e337f996a0cc1778d1

SHA1
898d072d868921e08039222293382b23bf045190

SHA256
f4f7b78c03a318f57d2c234d474f653ab0f33a283a26becf2726c0b49840e6af

SHA512
8bb91a562bd3130b05a30d094d8941410bcb0d4dc8b6e0baa87cb16dfba300cd47077980c8ceb379aa510c4bf34d0cb3eca441e5a2ec595fe6198d97ad803955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d9656cf6e05f8197c9e12d29af3d186e

SHA1
8d18a832d90f9490b99108a80a2f1371c79f6e1b

SHA256
2de6c01e218963de6f11b11708727532e8960fa03df84b508a639c1f4dccb3e6

SHA512
5cbc81e3df6731ef70ac232dbf2b61635602074b3707322fdfa154b9ed6d1f4588f437900b82f0f72365b4841960968483a29d6438ab43650dfbd784a85ccbbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
683afc79731032bc0f7881d22acc0393

SHA1
aed2e8ce7bca27d1cc1afeaf8b012d7233eff33c

SHA256
3abcadde624e73a2f6442ab15f8d21ffa0a200284a287ff19bc4348defbfb952

SHA512
7fdddad72779757aa25d48f9f65eb819cbbb2ac13134f24d2b2ad86b8ecc73118f6c4b1e0366e88c3746c859f35e237630c34f765a0aa5ab884c9f879cf87e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
4d53adb34f030929528f971792c959d5

SHA1
92b92a3f4055f0f7e74be44ba50848db3577f851

SHA256
ce7b3e30aec835f3adeee9ad455f6b9f4bb374d68ee45bbb4d566f979c1090ff

SHA512
434af587e49e9faa873dae86836b4a4b759b995e4d02557a6e0b92d8b6f1fa3cdc356a0ba0b933bff26d2cf55b89df7f3a6ab16ce62c20d1bd73520778134312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
e5b0e99eb5592c5cea1784b3ab21944f

SHA1
59ad902cd0fc6f22de80e1dabf1745331cacd3a8

SHA256
2371b78f03ccc39c58a162f16f39f0aa96e5ff5bf6b2aa81153770a950f2e9a1

SHA512
f765efebe7119f2427ceedd7d1ce559d22bbe6d0037cac24b29eff36a0137d2b12cc5f9ba78553e4c16f8e0ea1d1d371424973b6c715103f22beeecc558a7b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
599B

MD5
7fd779b866b53ab8202ccea25a265cbe

SHA1
bc5a0c215f0512d65a629e5338fff9175bf211ab

SHA256
0e6fc27d3335104b249331463a8833cd1aa65d1255aa7850dfac226b8fc73d6e

SHA512
043e36a665253af9762004c2bdb2fc484c185c9ebe5bfede9dfa1535e5f2c5525c886341930fa4f367d7f8f7437a8229885d103265015f15f678e27553771ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
02c9c892ec9ac347d496e87d5b1f56da

SHA1
8a2d2306c6c3b2e4c6097b182af1b92e3bf10215

SHA256
2a87343a4489538f2eae1cf472f997633e9a2704d5478735db21ecd60005aa43

SHA512
5e472257342a0f68735a5b303065617c57c1798d8d57be615b8ebb555f3dcc671402fdd65092ef3179e23388f495877165b999a1e96ca97a6ce5eb4b8822a43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
ec2bb183226335916871d9194f75065d

SHA1
d60bd24670ae4d970a130e4a424483bf748effa5

SHA256
917f664c084533166e0da1db483b1590bbb027685911650806c296da100d5a1a

SHA512
dc3ed8896127e21f25fd64b98c62e2b9f180ed0c75ca3deb20c6196e349b246be955139dd5fb2ddae31fc1952cc338d2ec600ad0cf4d5c8477994d79854d428e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8dc398863231eb25b54c08616aa445f2

SHA1
3ab11abbbaf80dcb1a8a766734a829df049ef3a3

SHA256
51eb4f736b6571aaa0e9f677996974db0faab5f7e0a0c2b52c86967dc8f88db4

SHA512
2e88481a98dd5d348d77fcf589090edc310d973539d3b7b864dc24360ca3b24c30dd6940e6a946f50908e3b5b3a0541d386954b34ce58c74fb5d7920dd16956c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4fd447e3ea742294af6a1cd61a8afc84

SHA1
b4068749c14cd5978b9e6b42e15d943b1d1b7ee8

SHA256
463677f70fa35fe8ce9764653cbf0b7f477f09de99063e8248f9a8ff35130ead

SHA512
8e9c8c160d6501f912d392d58a670787408c9db0ce12b8315dec17b891d60cce258b11cfcf6f4a4d8dd3cc55d89ce5e78b36aab981e9a9e72524f3b50b1525da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
1.8MB

MD5
2b453996de5b01525687a00bfbb1061e

SHA1
b9b8b61d7ece370ebbd6e58976a1922da549042a

SHA256
f2f0bd581733c5522d8e4b81fc8aa200341608c69140e02259f25d4665c6d3b3

SHA512
f060291ff2fc642425ffa6ce6f73c68dc40e7a458cdd3b83ba684d766d6315722544ec555c6b24fe5d771c2ec86cb57a43997e51c252f0687cd9c7c5e52e2661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ded6c079b377d1944a84b7478cec8ba

SHA1
3d49e18747479add2f8b5e167856e1fee9aa56df

SHA256
e76b27cf3cad3a901c3a865b51a46f0722b56223fc395c941b4c625d1feb69fa

SHA512
abed259b769e2385062a9d87218929a64946b86bdefd75d778e1973158ab6059f54067fe255ca9660e5e6bd2aa5ad398608610674956bea547eeae3bb4aa8367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
542571691fcdfcc87d57b9282a1581e2

SHA1
1ebfe03d06f4a46572591341ffa50d61b1b05d00

SHA256
370f2b5117188c05cbd9271972d365aca9019b7847f20ead6012096123d2676e

SHA512
7dc3f539eddcfefa6159d43757a912e61a00838b4bdccdb4e0359ec06cbcda2b4406c4a07113ea454201aa92fb51b71d63eaff541b6a14616fa19fe501ad98c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65bed806c5497de24bc3568b1f8647bb

SHA1
d9a853af7ac23b180bbae4197b9cc3df785ae412

SHA256
36083e8dfc792b789049b67c0f8c2f5d67faabc3d78e8d125ebdfae393ae4edc

SHA512
966377b924a234eec879467a7757806d0f919bfcc96dcbe652de50223b8b63ec8e9353f5398315a0d68861534d922373b95cc97d5b3d3dd33b907b196f53907d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
e86ee5c7e440c8bb970890ba3a8b3afe

SHA1
53b637e69f0239afbd1be1716f0d17a798663efb

SHA256
002f380a6da033d2c99ab0313256a4b7de6669ca65afe6d94b3b62ebc072e7ba

SHA512
4f0f981a317a04038e6499133bf6f19a5b74f6c0001e23acd86382d2ead4d55350872a17cfcea77ab60672ae2e9fe625a865859df3f5b16c44908fbca3846555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
37d1a84c0eaac0f2c80976b0f34b1c40

SHA1
640e106d9c67f8171aaffa61d64c04935b7007b7

SHA256
7d575b41915eec7e3f341f315e7a284316b3d12d8d30dfc9a49989dcfcfa8475

SHA512
e5019f8a5fe4b6e1a912ec562b9bf149761d71f5be5c92cda3c237681d37c37928567fd219e48b3ef7ddf6150f4852a5d23935249ec3f2440126efd4d4483b46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t62fqf4l.default-release\cache2\entries\26F1182AEF22F7998025C54DACC15E6223C9087B

Filesize
57KB

MD5
b5ef48b64e58e7ad976b99785f908631

SHA1
358ff9f56052ba47d9e3b8251770087b00022af5

SHA256
95f539e7ae21daf406f46375d96c06ccc607fa6e24d353500d820d186d903945

SHA512
5cbb3d03ae6caf8ef48c521c96463e0e757fefd036309c2cdb1bb0e49d0b897c2e48672669c28fb99bf55651b6174e7b7fe12136d24c10ee01e5fa77679d28ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t62fqf4l.default-release\cache2\entries\4DA9C528416A77B90E10C4E946B9623AB3D72891

Filesize
203KB

MD5
9988725a6e0083267832e4fe6b080173

SHA1
bf564d7340914821acaf43bbe3a85d0a7b1d28bb

SHA256
f13fb1cb5088523ca006f89a1e6047154ebaac81bd5d925b257b0c82fee77a22

SHA512
be251ec935c2dcb4bb47f6c59dacbf48b80a4111b014d4b1659dbc2aeff1672ed7b7c9a274c87974d02c21b8a3577d37dbb4cea270670370b4a5848ee1b792c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
5d46c530acaeb247e30570b6c6426fad

SHA1
da13f5e657aaeff5e8227040d5af0a403a404034

SHA256
b974d59a2af60b47361d6dbd9275c526e442d0066d15155469df078caee3ddc9

SHA512
dab65d7ce0ab626b9224fd59e04e6ac913181cab88ad0fb066e33b32898de594e4496cf322607d4de71ca0479881d4d6b096311454da5f8507bc7c8a83433ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\datareporting\glean\pending_pings\b584a58e-cabb-4f2b-8caa-182bd4df0c13

Filesize
734B

MD5
24859857787cfd9e2da754aad1eebb03

SHA1
90db0555c3e611bd786d3c5fb75f5d571f2e2a5f

SHA256
dff3c0bcc32b03c82acca521b011508dff8069423e6b8a1076408d5891429b1b

SHA512
cf3b3f274c9e99ebf76cec2945f0faa0e422eb54b1abf3a7269036d2872b450d73e30e90ab5661446b9ed7a94109b8e5889ee129cf422bf5af6086d23a60173f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs-1.js

Filesize
6KB

MD5
fdc11c81eeaa4a102884501def417797

SHA1
362ddb8541c142123417050dd56db903d9048cdd

SHA256
ddf2196b80c17f2896bb365130bc28a9f95dcde1e09847cd18b8b72d064431af

SHA512
5354d5a730836f67125e300f58f676035499737ff0f305a3b6c3b25b5cb2ff437b4d377333ae8d9ecc540021d6cc794c5da273caaf7cd1dbce09df886432890f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs-1.js

Filesize
6KB

MD5
dadf8888cd00a84eded03037493ef542

SHA1
93ebc23a9fbd8f68c5e8b583c8c05fd02dcd5880

SHA256
14d536d41fb479d97c6cb221bdb27950eaf168e32abca6dbc7cb7554a23bfb11

SHA512
a5078af2c2fa8b0f9b5c9ffeb859ce7d77071c9452c020cc2de2221eb8c6092449c6f73efe04f527679d480bedf52b2b0238fb267aefd0795e853282ceeb038c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs-1.js

Filesize
6KB

MD5
ec349308bed4afacd82deb0e89bca31e

SHA1
1ea893fe8d08e1daa589f07f135a7b5392b1906a

SHA256
87b14186426f66207070e2ed181d494e383b0c2a45ff1d398d1fb63ada2b36b6

SHA512
998b40b04bc0f3c70289a4b5588d1fa2e0125fbd4711334ac67dc8e96af2790459607fcd0e59127d0e4388f01db48d273d9e5952f1d64876c132850e4835e82b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs.js

Filesize
6KB

MD5
f52a0429497cfa3dc7745dd795083aa5

SHA1
1d9b871db438f8c42d20c0b8b14783e0f5dd4290

SHA256
c6846176e6af95b458c50896da54c8e504e855936a7b6a4f679dba38cb1cd8cf

SHA512
d992f808bd1d47e2260de3522cc678bcc63359ea6d1352c38e99abcf2715b64686c639d82b78032a833dfab22fe36963d0f9c862125675565d783e8504d5ce70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5bef606752143bb79921a095dcbfa44c

SHA1
b54a6bf9c37108db5fdeeb076e59fcfd8142b446

SHA256
318304a50fab2fcb77004c38684bfe108713aabbdc36358d0e86db38fb027f99

SHA512
c85d869398eb1243c029f1d83caede9e910166d5e71901496c4237749d35472c4124b669bf2e863d7b6e4e84fd2c985df8efbe6da9623699f044aaca55b9f03c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f567c9cb49fc1ab74a55e6c0ee3d6bb8

SHA1
d0f2c554ba8024de76e54659a6d210d6e1454826

SHA256
769e48207230ae7835961359c35f8b5a2eca8c02d263347951c20b4db716181e

SHA512
c5ab153da28c4f0d30011e818ec6413e037723b9e3edd897552e7acf6f1e23baf4c9bd2cd1e0240239d3ef6fee99aaed424fd3a6bb7c5c531f486ac1fdacaf31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
42d3da61b32643b039c82dd38756325e

SHA1
4c98f2224fe7151f4b714a529651097d36b60a88

SHA256
1d2af3238eaf1f02eea661b34ccf240cbcb2f49e40880c7a648fd58a54a6883e

SHA512
6384a772b67b83451b66a8fe80ff322362478e75f8e415af406ce9798ddf65b51771d97f45f2f8831c347eddb1e0d27b8562d90acb4f44fc82bbe84e636e79ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
3582a319d302acb6ea384410cacde338

SHA1
0cd266ee73ac73efa251bf21ef5f9ad6818d3969

SHA256
27d41d9983475078e28b91be6856d327ba47ee1e9a6e02fe78bac371bb7eb03f

SHA512
86cfaade15779d03ed449641c93859b70df8530e7af13e09114e36379a750e6aa515c64a8a40c4e573938ce8ad04994ae3e39ee73e561b04d08d0a0f939e3d69

Download Submit
memory/64-153-0x0000018935270000-0x0000018935271000-memory.dmp

Filesize
4KB

Download
memory/64-146-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-152-0x0000018935280000-0x0000018935281000-memory.dmp

Filesize
4KB

Download
memory/64-151-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-158-0x0000018935270000-0x0000018935271000-memory.dmp

Filesize
4KB

Download
memory/64-150-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-161-0x00000189351B0000-0x00000189351B1000-memory.dmp

Filesize
4KB

Download
memory/64-173-0x00000189353B0000-0x00000189353B1000-memory.dmp

Filesize
4KB

Download
memory/64-149-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-148-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-147-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-155-0x0000018935280000-0x0000018935281000-memory.dmp

Filesize
4KB

Download
memory/64-144-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-145-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-143-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-142-0x0000018935650000-0x0000018935651000-memory.dmp

Filesize
4KB

Download
memory/64-141-0x0000018935630000-0x0000018935631000-memory.dmp

Filesize
4KB

Download
memory/64-125-0x000001892D040000-0x000001892D050000-memory.dmp

Filesize
64KB

Download
memory/64-109-0x000001892CF40000-0x000001892CF50000-memory.dmp

Filesize
64KB

Download
memory/64-175-0x00000189353C0000-0x00000189353C1000-memory.dmp

Filesize
4KB

Download
memory/64-176-0x00000189353C0000-0x00000189353C1000-memory.dmp

Filesize
4KB

Download
memory/64-177-0x00000189354D0000-0x00000189354D1000-memory.dmp

Filesize
4KB

Download