hxxps://steamcommucity[.]com/profiles/76561167383487122

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommucity.com/profiles/76561167383487122

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2248	msedge.exe
2248	msedge.exe
4708	msedge.exe
4708	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
3104	msedge.exe
3104	msedge.exe
4800	msedge.exe
4800	msedge.exe
5900	identity_helper.exe
5900	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 392 firefox.exe
Token: SeDebugPrivilege 392 firefox.exe

description	pid	process
Token: SeDebugPrivilege	392	firefox.exe
Token: SeDebugPrivilege	392	firefox.exe

Suspicious use of FindShellTrayWindow 56 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
392	firefox.exe
392	firefox.exe
392	firefox.exe
392	firefox.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
392	firefox.exe
392	firefox.exe
392	firefox.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

392 firefox.exe

pid	process
392	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4708 wrote to memory of 1828	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1828	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 5076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 2248	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 2248	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 3564	4708	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommucity.com/profiles/76561167383487122
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99c1a46f8,0x7ff99c1a4708,0x7ff99c1a4718
2⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5408 /prefetch:8
2⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
2⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
2⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9006182695587716180,1194013765680871720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:2644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.0.1035009210\2034446456" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {354d43a1-8f49-4e15-a1c7-22202b22646a} 392 "\\.\pipe\gecko-crash-server-pipe.392" 1976 258cadcc758 gpu
3⤵
PID:2476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.1.333446869\2012109252" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5939d868-b192-4a47-9685-a48ba46825a0} 392 "\\.\pipe\gecko-crash-server-pipe.392" 2376 258be571958 socket
3⤵
PID:2368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.2.797366075\675569543" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2828 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d6b104e-4c8f-4f96-bb14-759704cadfd3} 392 "\\.\pipe\gecko-crash-server-pipe.392" 3164 258cefb0d58 tab
3⤵
PID:2616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.3.1531123252\1112757142" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01abb2ca-70e7-4efb-8b20-6ab782b57a57} 392 "\\.\pipe\gecko-crash-server-pipe.392" 3640 258cd626558 tab
3⤵
PID:3512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.4.1997501679\985747074" -childID 3 -isForBrowser -prefsHandle 4236 -prefMapHandle 3844 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1324fe-6d53-425c-b199-20d1750fe5db} 392 "\\.\pipe\gecko-crash-server-pipe.392" 4240 258d01f0558 tab
3⤵
PID:3980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.7.784557221\1487778419" -childID 6 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6abed60-443c-40f2-a0a1-ef7fd4028e4b} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5504 258d118e958 tab
3⤵
PID:5044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.6.949318573\1532914163" -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78428053-2590-423c-b0f5-764684b35365} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5296 258d10d2158 tab
3⤵
PID:3928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.5.1123057377\659546972" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5160 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1ea9a8a-5f9f-4a65-a054-171cdb84919f} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5172 258be561f58 tab
3⤵
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.8.1891858719\179455013" -childID 7 -isForBrowser -prefsHandle 5904 -prefMapHandle 5896 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f36d209a-40b0-41a3-a0e6-be58f23f4757} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5908 258d0bd7e58 tab
3⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99c1a46f8,0x7ff99c1a4708,0x7ff99c1a4718
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:5252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:5684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:8
2⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
2⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17262357839167569540,17356509156423935616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
68326d97bc813b347a87685651967f1f

SHA1
b304a2a51c5d89fe0b6543b0cdcd2fc257794c93

SHA256
9c80201f9533fed040c088a2231a1caa2300b897322ebd9fd1a7ee25d39f71d5

SHA512
4ca4aa5ae4168875fb30eaf6c67016219bd99e824c4c435d3f341d9d7f148f615f8f7084758a198ac40b2c57b4d9eba05d4b223a4503b8cb43fc7402c20a4f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
85195ba12ed6f6a4460a2178439e8d46

SHA1
4de6f6c6b14a7c8f9e5e935be6ecb666f2c140cb

SHA256
133adb422b12dc50ad48ed444459f3f9c11d5553b6e6e615251ae2907d314808

SHA512
42216efa2f89073424c1bc20279cc0e00fb46981fa606aada2ef3e191d5ad176da60e077949cc316521f3743628b8cd49efe132a9713e6b3e81f7c1c80d1834a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
13f54dad940859d4046396e7baeedf31

SHA1
67f333f9a4c27f5007fc9e23cbdc5b8ab6fdccbf

SHA256
d5f40dd2ee8b22cecb1903421322b2fe6752c73cb710cb0d5c8f66c136d9843b

SHA512
662cc12794c2c96dce04594bf183738a7922f4941937a5b5a60d6bfc6953b761a78a6af5e73dccf1f94777c0182e89b4334806d10404ea71726413359ce03bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
143092ada9de2c80d68a950b650f2671

SHA1
44577ee3824b5bfe4d4e1fb59edc3d74a0728253

SHA256
a70edac72a528bd3661edebe2a4737c09459de8cffeefc30b1085eaa5dce0342

SHA512
fd48b1e996a68b550e5d4fd16de0b3769491f72f069032874fde98182783f0c0e5b76f5e5a9f6a1f3ca4ba59bd5855db6c1e747fca9e74c1ff51a2655ac8b7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
f5cde6c520a1224205680acb52f0c5db

SHA1
c9dc7f6322ca994a2f3b402c3513186addf137a0

SHA256
b666b47913bcf087f6f5dd402e7aebfdf9f299e8da36a7327fd271dc70412eca

SHA512
6e8b5dc8b14fcd7cca4e3df7208ceb2cc9287fbd085aebc9e9253e5f77305447a6c5a9cfbec602d61f7658492a461e2559711f2c7503499984d1325436bd5228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
47d88f392a0c3b56c69f1beb3207942f

SHA1
33248bd639722af769914f6ddc9e7c6a235e87ed

SHA256
6654078390dbd085edddfcfef710a2f7522df141134dc55bfe755cd0017a2454

SHA512
26fb60cf33165129481818161b50b1f3e5d2eeb562d21090337289f0cc40c224a7e46215849d6b65cc8c6c96acc50685087d72890d550adb424c931f8738a636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
e867e695e1ddeb15c2fc53ee867b7f5a

SHA1
45b9506e7099eb773375bc716247952203490175

SHA256
1234aa8b5969a2c53c565649f3b00442bf20473c2be8689f4a4590f5d9acee1b

SHA512
9b26d895465ae05d58d0b6866afe2bbcb86d539283773fe3a69280f68f3514c4ab580e1ca304b9768def016e44da05ac3e0fd0c1b95c85e7296bfada6cf5017a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
805735e55001b7718fb1709c00332a90

SHA1
dde130a8032c9a47a79450ce5daef870c2233e79

SHA256
208574d77c6e5d9bf2d767ca9cff2285834c1be3c7f40b9817d041c5108d3ea8

SHA512
e686246092561a02d80c2b1f7ded7d9f808d95d3a666c665abc93dc354d0ff0448d11db6086e2271eee15bb4e81610535f6d6b9e6ca1357bcd9cba26820bb5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
f73d7c2f5d363b018ea4b5344313d3fc

SHA1
1d166e1f2f943afa5bb020487bcedec4b0f622e0

SHA256
bc60ff4b6eb8e9598b42d29544ae55bb731c4fa1ea3764c04c9c594cc546241f

SHA512
391188bf4c3f446fd012eb025ae20334a176eff26b70e3dcf23529107f2906c381e0e946917e19a2b749d1b3d471c8689646b87c61fe7a3b21cca9260b4de9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
092fc846b10914e8fae92c4cddda5267

SHA1
17bf69e2482756b1033088f922ad50e769ea075f

SHA256
2068e6810a5a2552bbc66544ec1a11b658804e0eb003a9da5ca18591d9a0d6c0

SHA512
0e1479c66c6dc9d5501caa1df5251dcdc5725547b6d62248f15154a32d08e1de4dcd64271f0faf14a23d5814ffddbc556b16ee27401cf69ab6521ec732595b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
12ec163ca3f65227c37aebc0b85b16f4

SHA1
acb0f811f11f20b87a26d16a19b6360c41653b41

SHA256
f460d20c4f162b95ac6358871375447a985a5617e9e25c3c31943593d878aae6

SHA512
fee253f45b55599c67ca3b8247c90fe0486ff4b1ef84537b83b6753ef33ed1ab989c621644b44b2990d2fffda05211d943770d0c18272cbf7c63a2f43ae3e091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1014B

MD5
95ee205344a495aa4d0c38f4571d217d

SHA1
ba732252ce55f604b3b17aaf7ed92866bacc7d8c

SHA256
24ec681030cb9ae56290858708afa1aa8b7a94837d501540f8e1e417a1c0e635

SHA512
e937a21e1c29969b768ecc9bb1e838022d75f87c0b35f6db439fd442be751e0ded27a279e5a9df41dc713c6471aba4bbcb5c50a95adb5037084cd741b7f1a3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
2KB

MD5
71e5287295f18e77240ceacf9e791e9c

SHA1
be58defa0e92ae264c862996bd7b40eea97a136c

SHA256
059379771dffbfc9a5342cb47c4733d3c34c02df83aa263b860b32feb3bc9434

SHA512
eea70637a1564a630b37e3c8e04fbf90fbd1bdbadf1d6fb01ae4c4d62324d6bee3932954a38996dd3e9cbacce0827243ccd301bc5b79da20b7e9cb908c425b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
db5e0fbdfd84b9689dc448c1f9011b9e

SHA1
4f2f590d1d9d99a3d81874bcdbd5d994b8fba23b

SHA256
b5f4b0e14964dddb4dc5e37e2efd93849bba62a78ace173b2f7991a7ecd889c0

SHA512
45d03282269a3d4e9e5e155c88f0a66ad2a86d6673b5781c7cdab9dc55f0755f603f0c24f24efdcecbfaf7d5d57ea03c0d2f44449ca86f099735352b07a07669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Filesize
48KB

MD5
82a96b336f148cbe3832f400b230581c

SHA1
ee0b017b4076790bf60e66f3d8fa30afd7cf640c

SHA256
737250e55f74fb665f627957d4b9e6db389174ad99dd5ea68ff609dcd750693a

SHA512
95570a6e62f869e896460dec5a3d9b5add0e4a43bdabaf655a47e3080429e17b44ad4118ebb12706c822b7bbc51877be38012dfee2fce4d8d2278801e26601d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5ccdbd2acb7868e7d05e4c7605efc0bb

SHA1
9b3c0b828d8182306e4d3e9faae709c7383532d3

SHA256
aa7694c9cad28e103bad4aa6983a1b222f87717ff3b8ca35ea0170bdcb5b439b

SHA512
0564f6d8b45e71e63cc9c819f0bf47bfe98836947a27ae360adedd26a2855e0d77e4948c54ce0150dbcfd1bb57b8e23bac83678d3d881cf39ef0c03107742f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
a1d2f98dc85e376478ba0bc59e1bfac7

SHA1
e0a584ccf80e3ebb17b497f633ada1f823c7d001

SHA256
ef27a6fb6b9af841e26e4a00fd706c202bc8936f56cdb2443cfb20ad889d5991

SHA512
faa3dd408b118e34ac24c0b5c37282c9aef717a4af1903497347e07a183a43008cc92ba18f8df06f4eaca3f4f35c8ec74cacf30cf0987a2d368e17a9c9e5c646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
495f18806f4e9b6abecd419c9eec6de5

SHA1
7e871d8a4d119dc8461812e0676fb98e323b447b

SHA256
7844aa01c9914ca5c2764f8309158b979a40a5a5200fa286d9df090dc5350248

SHA512
7f95e7fa8fafb7552043af4cbae86e4bce59c98b3c015fb0a4d59b37b2e4e78996e199c148de8d0f1b882318d16608b6616df2fb3300c89a8924f22f6bfaaba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3736e089b3db8e0177b05e8fef09acbf

SHA1
68b8882cc6ce8c7fa13af784f297a9cb12f0eb35

SHA256
f16d31c0f43cdde043dbf5f5845f6dcacc9bde06067adb48f702818a587cf53e

SHA512
53ee05b78ead6887dce70781aa759214f1a9f753b9ab985a19b0e17be1614f438fc765c7679617c7bf019b2dc9c48b63545fd6900d8777e88042c7df7dd14fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
72fad8cb6cbf5802799f9c86f2950fb7

SHA1
84c430447a93cd4aaa3e50128a69a4b78f93a3f8

SHA256
c7667c7aa320d459013141b66ee93bf7bfabbad28304d11a59e5f8646727922d

SHA512
388c81bee397d0314dedcee0251424fcaf70ebaece6e049eb7d7f8a06637666566fb2882e8a13867275d3a58bc7fee527b0f6416c1991bc824050984212825b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
99b806651790405c79dee5637bc745be

SHA1
b77a92ebb4b0ca01d1cf94b01831474e43dab844

SHA256
c11f69d04b7bcd624dfebafc4acde560d90ec88f82bb4f790615cb88cc195178

SHA512
03cd5e064070f1d3deecbfb853d0054bc51e2622d62fee9f2cbb6a08b2eac6b066c0ea9499aa3f067b2a8b526f4e3134ea79d1da7cc27af3c9d1ef0178dc8bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
14c10b5a3a0a7c0ac2d0e0f707166c51

SHA1
a1eac6ae53c90ad0b764125815acbdf297bbc81f

SHA256
5ede4372ee65d460d8dc55e6dbb6e9ed802725324bfb694bfdb0750f86515178

SHA512
da10a1430ce7e4769605d68686f3e92766ef244e0f1fa0e33e4ba58f67fada15a0070d1e53a138479f9de23190ae46b6430c5db20a923b36b85cfacc727a96ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ea2e2d782e95d0b4c8a410409ad021db

SHA1
650e0da527c6f3ea07286dfdc5a0e6fd48e42a89

SHA256
e9e57f2788ea328d4694c2391d5f131120bd585d627bd92f96927d38dc45fa83

SHA512
8367514de795949ed7ecbf8f689b8e09b4eb86c9c7f5e27d94421f22a0cf359221992ab3c27f162394aaf8e43d823bb0143007c51d2b57a06d44ce63513eba0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b1fbbc626c704693d7a0e35a115d4dae

SHA1
deba462b9dbed8e4aa3316fbc26d7891ad9cec8e

SHA256
f03a653c642043f5dd76fff81d61aaab8c86a1e100a2d3bf765e5995d78a6b3a

SHA512
6ed0b81db79e3a66183fecc39bdc0369d7f95258d747a161835b87fed550852f7989b8052c3d96cd8d7af901f5d250ffbbd7953849385507d6c1fc0067874cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3e7a34767482bd8691f0c7d4a10cc5d4

SHA1
5f530bb548e8fd416871b8d926cc59dbd5bbd942

SHA256
f8e4a068ed2fbd5fc8fd07c868df583ca987d3bb5d7afe9b273115cfc01644c2

SHA512
6dbb77143539620cb8de860eab2a6c7e402291fbdaacdfae92c1763607ad1504c33827c94bdf317aeeeb5610acae51973bcee5c65869147da3461dd806bce2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
f317b66d69cee58ff099da376c47f64a

SHA1
3f41770a640b0322f2ef7b963b9a53f6db892ace

SHA256
ed19d3b2e21225d412b61dd750220fe974a7b04646a7c3c5036ee50545c0a7ec

SHA512
6797c521c5b7c3aa2f6184f321ada1eabf55a8993f99698d76110a3c970af96def472620728de0a7a2b3fb3e0513e921928c8afe7fb7fbe4f1cdb2824d067410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
1ebad7439534fcce6765cb2911cdb27f

SHA1
980e0060e63d79d2fbf2a225fac5ec1b08f3e868

SHA256
db3eb4cf187b7ba987f6062d4bf002bb72d1cdefc1c5e969cc5f0b5c0856b74e

SHA512
63ad3fc3bdf936c4a7eabf8a677fa17acc1cfedde3424acf5d1bbc855e9a3e52f3c91add3f5ef2c6ae14e85139219b60c42531e17a664dacf3840cd89f1040cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
902B

MD5
2a47934e27b5463186d148da1be83d7c

SHA1
70588b5afe3b8b3bb63bcc1d4f5e23d80452ade0

SHA256
45806bf41ffe2546fd8f72241ac5b6bc7d4fce84d5ce1a4a8b742682ee569ab7

SHA512
f649b2b739af471aecfe48b9c85b8ae47b9210655b8a419795c084d42845c1ba24c36952e2fb3114c865e3bb9b0d302af9e0d92070ca3409603d19ce5f1dc854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
2687cb778672f65d94f91efac75b55ca

SHA1
f2cc3acb15093d7fac50badb6f88c0f3c37fd4b8

SHA256
d198b1de8c59a91a5bc8d67f66444e831687fb1034e83f42bb610965eab0b077

SHA512
55c611e278cba4d319744a0e2a1b10953501e0ec9147fd6b61f5165e795b58a70f365d5adfdfcf4d81d9cd905968467582d327b682528ff530146dd7330a74f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353500643212667
Filesize
11KB

MD5
ca48d1d2d6b3a5f9ea737f1781e9ff96

SHA1
9278f70062ffbd0bb9198455bbcc211b464ae1bd

SHA256
b221d4e8d7e92385928f2932e9be3e89d800b980868b33e842ae9ed60b412f7f

SHA512
e4be31ef0fd9f6aead4aa6a56f1e1e2b40085f18746a1c3af033ce2c819f5d7577e534520439f6572708d046f513d20e4661e9ab3f6ffb7e6255aeec3add4a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
51f7c6522e4be9a6e9cc4b4846f3178f

SHA1
1be2f492626008a9db3379599f38b4b1699af109

SHA256
3ae17b49491c9eabb8aaea2ddcc997d479aa6fe335846cd0208f828ba31e1842

SHA512
519125248a835fef10265b948386ebb53b174cb8ed22a71d4ccb0dcb3cce0c6edcad6f4cc4dc3c2a9d69baf0ed40cfe7f115f3f87136dbad7a2ef770494b419d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
60727567f839d67a96e95beb8f667df9

SHA1
a409573c27893568728fa2fce848df46ac8b3167

SHA256
1d7a1a5244df75bd4a3e8516aa4336886a54af0c5a9b227208605e99314be885

SHA512
a962ee8e088215a26b08c2906ee01218a14187da8512dbfd7dc43d1cb5d781bf38338b2562c95c8e9d7b746ce726b4197a62102f9e957f43b9d3373ddc255fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
4c985522462b8ad14bdb2f3124bf9578

SHA1
c8ae94fc009c24e969cde3ba2a16b149581c44fc

SHA256
e8cfbaf5edf1a7762c04dbf16d1f9d7f40481729e6ac0e681a0cb0f74c7bae7c

SHA512
b3db1dc01a42d178ae80f5fa1ece147d2f34ea6968e8945f222f5c78b40f572f82288a7c5b9dd2ee0d04aa5402eef977326559ab69bcd497b296aa7650c80b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
a59e95bdb1893d094e1c712295ea2bdc

SHA1
57bfda321a189dda4b44a5726adf47b331232a89

SHA256
9b8e272d0274a1b22102204d7c04cba74207282b0c389be6715e48de40924de6

SHA512
759ec4c4ca0e57890a7aff0b0f56d9921b1fc5bc8f346630fe34aa55176dfb55913b403a0fa864371bdfe0b2608821ec3b674f1b68506ad167c1efe9d146407c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
72KB

MD5
a1303597c0a1db288e4c848bb60af821

SHA1
268f4d40919f8c4bf81dcdb0aeb5c828d35fe89d

SHA256
303e65d548a682eb2a4d2a5fb6393ad8257abd94818b615256d93e8c9bd12f1b

SHA512
1d2b1c736a9c1f0ad5b90f5e5a91ed945ea82682f4a36ef7042b21b152f23c82257ae2334ac1f11f37e963839b3670e27e9b7255b1bd256d8b86b211b46756d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
206B

MD5
1edf547ce2327d4c9916210c70567aa5

SHA1
4d4e5d545e3767b38f86732803b794b1206f93cd

SHA256
ea4e929a0e195d6dc4524a626530dd21b4a7334dc856a0f07370df0384fcd5a3

SHA512
75942f4fc734c48f9021dc1a8db67bc813335b2d7dc97a3598e84ee948837e4b9355579c933db80d84640eda0bbcb0f59fde5ca17700d843bfa9cff1b88525a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
90179cb67eb2a8fd3f3f2f522f0b3f10

SHA1
efcbc61d2ae1897beb8256ec0d752a135f948b25

SHA256
6ef2252b4c96b323c955944cbef1b28337a1a6cd7b8ff2b9ccdbe99c8d14f178

SHA512
6a86ea2f8eeffbf2ca745f841a10ded8cd23794b10efc5f249404b8cb8a6c7a0e8e182643a77333ab786fefb1c16d8c4daa2f2bd721508406baf4867856bab56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
d3078eec2f1996080783046ad3e58c16

SHA1
bf662f83e38d0fffaf5671a3a8e92245db81eefb

SHA256
5e2539b2839f5ba46a6a338509c3b2b481e742a2fcd31a56d036013884dfab6a

SHA512
643a17d8be12e4c2385d9022efb96dc34c0c253f8446f219caa768e840225efc9cf729bf14fa917b7d154850c3aaea7f1e1205ac38b5d1ac98dcd1ed24771c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
3f142c964b260bdb0171cc04e59d6574

SHA1
ce6ece29cd8903d6d87a98f7865befc4f64dfe30

SHA256
6c7f2e10cc85d3c2e92ae6894f26bbbefd0e19d5f860a93df5cc033ca901dfa6

SHA512
f466a59ce38d9b67a1b0f42e660752433e93b43f7c073f9d869d2d46c6789b7f2624df63ac546b1b335d424bf436ba0c019dafbf7682f59dab4bdf1f91ae90c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
6effdcf3ffa08db9fab03f810d6276ba

SHA1
4311e579d55cdf9c01857d0416bc830320e7afd9

SHA256
99bf9e3ab7d133d538b2589511a805dbe0addf4b2029ea42c7b48b21b22208e3

SHA512
25af77e3e23323833601fa121e6d91a6a78820f2b5dcdcaddc9714cbb40ff017927ab4c688a7ffecb59e3ae14bd92927cfcbce701d55e364957ebe78342b5439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
a806f48c891e4f68b491a11d00a6471c

SHA1
11bbd0c78faa191c2ace76e18d16bdf23e1575e2

SHA256
cefbcdd5ea359b20cb45d368a4466093c8d5a1da9e265bc18c52a63372274ab0

SHA512
01e65827540d011594b0b30cbae338b2d8cf6c562b23566ae8ed0ea11ce903b577c9120ed897a6a58546c5acb0eeba13942f5f13b71354638af2a06a46091ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
0a19234ef701a2260447284e5946e961

SHA1
c728442371d9e36fac674a894ec6342fdeb29ffa

SHA256
68a1eeceee4dca2b04db25c518b94e870ed0a85c9153ea6a30bc836eb0eab512

SHA512
152ce174a993ef0727a1fb74da571405606fd4cc7759641c7537c79e6c3811cad40c84ba332355cd5af37545fc870f7b4cfcb4a6266b5a2b4d7ed4950472cd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
Filesize
19KB

MD5
224859ff4912ea771c591c6c0d6b8c76

SHA1
bca46136f55b29816ec41e0a72f6925a865c2c2e

SHA256
ad78e3585c8ca04d3cdaf44c8eae4b16325c72c08385445d9015052732aca099

SHA512
d74648fc75b852c78292392214c7b3471fd3cd0d320adea1f7ff50dca716b44137f39f4e6ff0cc42267661f5380535adf06d1ad592b0cce6c05d8a9b463cde9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
Filesize
16KB

MD5
ee2f789c38df7f3071b47d08d1255910

SHA1
5f83428a1f2a02faee5291f91dfbfaae9b051281

SHA256
d987cf80bc7f6991ad4a9191c060974bc464398cb20ff39fd709c9ea4a3082d0

SHA512
7c6e009c2f945cf83f2415bc0118a3c818fb26632f30293a6b4bb44a90392fd24e2fa0ebfc23a0aa7a678135eebd649baea5a36a264d5841bcf0e4d289cb8647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008
Filesize
17KB

MD5
9d94395346f6683bb6b116c66d2b643f

SHA1
62e3103ae9b8d5eca5b64a2feb18d77ce925c864

SHA256
8eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982

SHA512
7eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
Filesize
16KB

MD5
4b4432e5b52736bf811f0b99d2a4ad45

SHA1
e9dc0c4b936109902138cca51dc4307f7bac6730

SHA256
d730bda38b999e036ddf955dc244957b692c6fcf687977cbb7ebf6190d8c75cd

SHA512
2d2fd022ef17df8ff0842c7c718ab0a58ff14bc7f1a711e525252aa95960349fea2dc7c27f22a6dc88ff4066be41fafdf90af477febb76221c33efb7c1e5826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a
Filesize
16KB

MD5
916657b1904462de4fd9ddda8acf9d97

SHA1
ee32edf403ae7732a39154d925f20b96f28f24ab

SHA256
6220d4d16f2dc838ae215035cb67b832fda74852f0b4e52195a2a29cde0f9977

SHA512
a4c1d241ecd7b64edec45f27963e35ea809f9f75d8ba9c0a7b5558f890fb7ee0305a8a827697fed58ff993804b3ece3e5e5a80b6b24ed3a38cd195f26c031a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3691f870f4f899879709ee112a4df201

SHA1
33cd2648a432d65dc00191af5a125680e2198566

SHA256
e8925d20e8fc4bbb0f21abc72cb1ad8bd11ac25249f96bfca7cf704ff99da3af

SHA512
cd618b74b74415e56c80b24bf5775a8c24825d871d34dd178bad63b35aa8dcade6cf1d93928c57a86c5e95ba4d03ae9a1bb259a36a990d9603db9b455eced471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
bbe8d050f3ca20a804486d20091e61de

SHA1
483668ea85df7358c3c9530e6d551450eaa4ca68

SHA256
5e9db11ce9e5bff1df4cf11aa5d797cd5a2eb4b7b481cdef1fca7adaa80e4e4a

SHA512
0f5afee522a18d181dd4264a0d56b38b97ad8be8ae7b0ba31ed4d843061374bf522db14d05f8405f7ee5325e0fd844a40b004df43945281a6d33d04befc51e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
f78d7487aff70a22f9daca99d285c229

SHA1
0df3975f9e50dff5beb45a870e7a3899f6bdabe5

SHA256
7a102fa4cf65a907d9611f5dd5eb50cadb0853147e6f04e45fb37cd3bba37931

SHA512
78e1e502d854564d3eec6b4f3b46e8ea68628a2ad3b9a8b451ed4a00631c4e007a98ed527a70b8c9cb10232853648803a864b6b22d79f0aaad6c55aee38a2d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
efb9b2e83c2edb99ac4a30163bc7ebb8

SHA1
fb7591e31ae7c69877cc9d2791b86ccd6ebde874

SHA256
f252e8d461dbe174fbce1b8944b8e46c5a2d19ecd10be18d95f7140f09b6e513

SHA512
b26f6c2ee0fbce10e4fe8693082f04794dcbfd5e8044e7e6f2e21e0321a229b8a1aa0572be1c56343738293db4739f9a44f91df01dc658f7fb74d18956d0eee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
1022ad83e8afc1d5657dd951e50368b4

SHA1
9358e6d86b4ac54ac83eeff98c950c0a8086bf7d

SHA256
17848f13ab1ce6544536d8cb60c77c0410a8eb1639d86d7bd31013d639715578

SHA512
9fedcfeaecbc8d5f9ccddee566b99974423f9a4d9fe259666d76b851049055286d21c43a2b6d5b5062da69114fc10af3cd711d19b018841a83d7f8cec8ae365c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
Filesize
13KB

MD5
11ed16d0ac79727a71f261338fb7dcfe

SHA1
8ebf30fbcdc93cd0e607caa10ebff73032d0052a

SHA256
606f6ffc0cfb993ec0fbc8bac76c56d7c4785285a9cbfe0329a4eaf6d4f973c5

SHA512
106f2c60cf799e1f359e68f5cbc206078d849e7120393bfaef34ec67acd3d307b62b94b55eb64298f376ef2af9187246ff17908fff7855315343feee5540c11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
2.7MB

MD5
921cce7ae0d2cdd77bdeb8aec26c2a9d

SHA1
98139f75cfa3342bc730b7377475cff5b14a69f9

SHA256
635e71ed8e453f3ade55ef104c4ca55b11e04ae626b83490daa9706f85bb50ee

SHA512
a3e18f2b1708a6c7319b2a1e87fd1a9234f289aa0e5478a2541fb176c1ed9f2f2e1b30b26c57cf33b1de1bda9129150a55b9a31e24efb5b1665923af8319ea3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
eb5069089549bbe23a13b1c8f4247e04

SHA1
ceac0c29e9d6fffe675e6ac424ee998dc9f18914

SHA256
285d2cb71bfcd0110578d44311195e8b1b15e925df860f45c1510ab2d355fc8f

SHA512
d40ec54d88335491008036470e1c2dc60750273bcb2a0e1f8ff2c1bb47cee2669d6cb2f3d72f3463e385037d698a2f1cc0a47dbf3565aea940f991ae7f39fe7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\84466756-c159-47ed-8956-836130c93e6b
Filesize
746B

MD5
4bd2166f49c0cba2f48664b5ccae4f01

SHA1
62cee8fdb6a8a538603ba2934a4c536f2f7bfc3d

SHA256
2ad28790e585b9733ba4ff78b5aaed2f0a82d760c1dfc76ad8c5f3493b014ff6

SHA512
e9e02f7155545e98966708ccb14e032c09745502a3b57caa437733f1c6fd326eee27385a4d0260636fbdec9812a7ad8f43f055c096ee5bc930e9c06ce68612e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\d47c4156-2fb2-4ebc-a767-e0387fb664de
Filesize
10KB

MD5
ec885edbeb33692695b2c10b6882f9aa

SHA1
c80e068b9eb8c5ad747fdd6a5777dfcda4cdef43

SHA256
214692035033125651154d591eacc62615c4a44f88b5d3eba6dff1be23a3089a

SHA512
838559ceb8ed2c5429a2635d694b1d67cb05cb4c4c4aa2ffed22011a0b5c2973d1c6523f9cdc900559136623dc453fb900a606c0e26716471d93ebc178aa68af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
2.4MB

MD5
6ba73eed03672cd18f13a22966116689

SHA1
ca3ffe97ff0c2f23b621786d4bff7283f7703384

SHA256
48bf18b5a9b570027e702ee3ba58c64cec350b4a9eb578d1ace572c5ac60f2b3

SHA512
fe9e9828b50a26ae4f5c5cef3be6a0585c42f7185c58e09c51488df656839379e196fe3b7c5bcc9360176415bf3e78fb9a62db0963b576af1536f3aaa90571fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js
Filesize
6KB

MD5
ad04690360337629daa5a15a53d8193b

SHA1
b977b5bec82c42ab9a8015b2e97ff90f74717be0

SHA256
f316874fcb6027b5fc274ad1ba3ba1b6c7be90c3b15dc03476c61f805bc15a79

SHA512
51880a5498f97d0e236efe38052696545255cbc4fb935e839a219c3762f04b834f83cf0a6b483903ac3d3162724eb272ac650d2e5120e4de0a2a23dac36ec651

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js
Filesize
7KB

MD5
b2dedfe2cf375bf2d9ad4b945c4128a5

SHA1
f3e2be6b3eb1009f59b32c96349201b400f3fc9c

SHA256
5d4a764e2411f48057a53b9401c01b7ca1c9abde52f2cedf854b5c9058147906

SHA512
e2309b04625023af2d18f6570cb27d187079c3834db9e50073d6212803d6c036163fa22a9800568a2e18c82eb53fe89e22837b496d58e9d6994636cd72f5cad2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js
Filesize
6KB

MD5
5a17050e094878a1afcd53d27bfa1e85

SHA1
4371fdd871b9a18f3a1f010e75466d7cde493afe

SHA256
086585a9f2b9aa07cbbaf655ede60dc5eda08aa2a02754e0e68988da4781e93a

SHA512
876de72f745cd205700fc89025ec7cad2f8d93b62df97d5173d78a6d5621c84db1456110b75e40867816e6bb824d6e09c57a9f952fad320bc5b3c05572a1c824

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js
Filesize
6KB

MD5
9700e95a2c40886ed2753b846307a6a5

SHA1
4c4263a71d2e57028d448460def7c30d3c9a7290

SHA256
0e4da86a030cf0f9d096086be4780269738b6604a7eb7a4bf8f1cc5cb8f0484a

SHA512
ad098fa8cd4817c0b09badda728c1d09e312a77833a56341ad1107d5b4f4db571083c063db8669991d6a337d40ce7e31e6c3cc9867478ab8026039eafd1b0d20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
5655d954c6dd0825cb17fec43bf6ff03

SHA1
2a6aff47c2be5370d1c4161b917fd2a3dd26d07d

SHA256
1feee0dd8077a2658e4de9ba8bbef7865a984baeeae0c5285ab248d1479c768c

SHA512
5691832dde956b6cb0e8908c02e89c9d75376e85d1ffce05da8ee29a08cf1b558c5411c9a8a52f2d8ceed64d357fe3e50275cc510c6cc67dca031763416a3bbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
116144e7d669ee7317c910d0204369c1

SHA1
b1200aec149d986382ba8319ce1326f5da3bf7b9

SHA256
5a41a1e21b1acf9b0310c65e73a6874aa54e4ce31c7d305a65579f2407d89944

SHA512
555840d260c0a0b3c85eef8992d456d1fe5cbba8a168ce587758a56614b84a8323d6eb0c8a80c2c0894c56fdda2036ec2092cef96ec4e36bc67cbcc442243a3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
d2291f79593a386327b7a6d4e6d72025

SHA1
546cbff7a80827598d6c2b055274830f6c04d993

SHA256
a2e36729bedb971c12d11cf197fe3fd576988756f3a04594a37d43e336300077

SHA512
177410483f2eb690e378f5e055db36e00f64f11171fffb98c76fd0357a491a341743d3071f06fc8d433cae280b047f708ed8d9e00c17021a00785f32ce21a174

Download Submit
\??\pipe\LOCAL\crashpad_4708_MTLHJGYUYGTWQQYJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit