hxxps://download1076[.]mediafire[.]com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232[.]zip

Analysis

max time kernel
131s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1076.mediafire.com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232.zip

Score

7^/10

agilenet discovery

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2040-167-0x0000000005850000-0x000000000596A000-memory.dmp	agile_net
behavioral1/memory/3036-193-0x000000001BF30000-0x000000001C04A000-memory.dmp	agile_net

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de4dot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de4dot.exe

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875082837025079"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{001304BD-1EAE-4C5B-8A93-8CE070D6146A}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{7503E049-1760-4E63-AC59-38D398EB7F74}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{625CED38-3487-402F-BA23-FB837A0BDA39}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5764	chrome.exe
5764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeShutdownPrivilege	5764	chrome.exe
Token: SeCreatePagefilePrivilege	5764	chrome.exe
Token: SeDebugPrivilege	5568	firefox.exe
Token: SeDebugPrivilege	5568	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5568	firefox.exe
5568	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5764	chrome.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
5568	firefox.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5568	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 5192	5084	msedge.exe	85
PID 5084 wrote to memory of 5192	5084	msedge.exe	85
PID 5084 wrote to memory of 568	5084	msedge.exe	86
PID 5084 wrote to memory of 568	5084	msedge.exe	86
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 5296	5084	msedge.exe	87
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88
PID 5084 wrote to memory of 3008	5084	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download1076.mediafire.com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232.zip
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff866f1f208,0x7ff866f1f214,0x7ff866f1f220
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2616,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3500,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5040,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5564,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5888,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4236,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4236,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6420,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,10019599902189163096,6784112465021508547,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:6024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ff866f1f208,0x7ff866f1f214,0x7ff866f1f220
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2564,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
    3⤵
    PID:5288
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4160,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4324,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4160,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4876,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:1088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4900,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
    3⤵
    PID:2976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5780,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5264,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6388,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:1
    3⤵
    PID:6176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:8
    3⤵
    PID:6184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:8
    3⤵
    PID:7024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8
    3⤵
    PID:6420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
    3⤵
    PID:6556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6892,i,13048178071270328199,7835107566399104875,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:1
    3⤵
    PID:6852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    PID:1804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ff866f1f208,0x7ff866f1f214,0x7ff866f1f220
      4⤵
      PID:6324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      PID:6536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2112,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      PID:6544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2428,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
      4⤵
      PID:6892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4300,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:8
      4⤵
      PID:4888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
      4⤵
      PID:6476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,13139789861613586428,11286180534414746726,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
      4⤵
      PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5132

C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot.exe
"C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2040

C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot-x64.exe
"C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot-x64.exe"
1⤵
PID:3036

C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot.exe
"C:\Users\Admin\Downloads\de4dot#2\de4dot#2\de4dot.exe" C:\Users\Admin\Downloads\ResumeUninstall.mp2v
1⤵
- System Location Discovery: System Language Discovery
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff84531dcf8,0x7ff84531dd04,0x7ff84531dd10
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4468 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4756,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5764,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5884,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5888,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5892,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5388,i,14198531694445915541,9328221573877922114,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:6068

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2004 -prefsLen 27099 -prefMapHandle 2008 -prefMapSize 270279 -ipcHandle 2084 -initialChannelId {5a62c157-f4a4-451a-9eb0-3fc3bbdd8408} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2452 -prefsLen 27135 -prefMapHandle 2456 -prefMapSize 270279 -ipcHandle 2472 -initialChannelId {e2fa31e8-79c3-4c1c-ac68-d63dc3bf4e3a} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3768 -prefsLen 27325 -prefMapHandle 3772 -prefMapSize 270279 -jsInitHandle 3776 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3784 -initialChannelId {f054e780-2198-4534-b7fb-527f67a01919} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3960 -prefsLen 27325 -prefMapHandle 3964 -prefMapSize 270279 -ipcHandle 4040 -initialChannelId {3d2d4ec1-def2-4d46-8d5c-42753d85760f} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4504 -prefsLen 34824 -prefMapHandle 4508 -prefMapSize 270279 -jsInitHandle 4512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4480 -initialChannelId {b7c501aa-4b5a-4e07-9949-c05214a85b52} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5028 -prefsLen 35012 -prefMapHandle 5032 -prefMapSize 270279 -ipcHandle 5008 -initialChannelId {d3a9b39d-401b-41b1-8b01-97764b2eab72} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:6340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5264 -prefsLen 32952 -prefMapHandle 5268 -prefMapSize 270279 -jsInitHandle 5272 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5280 -initialChannelId {2759e2f1-4787-47ab-b417-ce087cf27129} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5296 -prefsLen 32952 -prefMapHandle 5396 -prefMapSize 270279 -jsInitHandle 5400 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5468 -initialChannelId {69f7983a-4d7c-42ca-8ddc-4f13d48d7a37} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:6404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5640 -prefsLen 32952 -prefMapHandle 5644 -prefMapSize 270279 -jsInitHandle 5648 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5656 -initialChannelId {5c605fbc-c2f9-4ace-b1a3-bab8df986aa6} -parentPid 5568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:6416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RegisterWait.mhtml
1⤵
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Desktop\RegisterWait.mhtml
  2⤵
  PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7530f32f-cc9b-4896-88a0-45edd862d632.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2870b9b1d52a27399d7bd749a67b5e9f

SHA1
ae6783bdb4e68d9fcff69eb49710182788b4ca6a

SHA256
45306294298e3feafec462c5ef1df6983f48e0930d4e49a794720fdd0fdf00aa

SHA512
592f3d3bd1612afe758102797f6bab9a289ad5ff4366230c2687186a29f06741d109ae75628fbfe05de72aa3efb7fe7c392dac1ad9681a0a32ce12b1d51c80cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6666a89e5acdc8fcd20663b2f82aa72e

SHA1
4c9964686f226be210a78d5496e35475acb6176e

SHA256
dccdcef8afbc08b49a2a57b1dab3048ab6997a3f1dc2ff0d34e23aee3128d572

SHA512
86faa788ab38788432685b732d7c435be16121ead45ffc805b68480c11dc515fd1003f997dd6810749330d4669e6c71de4d9156238bd4e36b9ac4649e418fe96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
dbe79eae86c6f50cf51d9e8790104903

SHA1
a42d38990247c898cab5c58ab036ea60cdc615e4

SHA256
a2b3512f3d6189922ebb7e9b52a8bf7cba720f2d755d671745e584fbc3965395

SHA512
32218ff8a70059aa794c70954b0598731d1284c2ea7d200b325b48153d9e43bb6be4361ab6417df14b908b3e4af8f2313d8bd674182f2f22ad7f6bedc9000f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49aefd0b7972a36d40b9a1392879050e

SHA1
765a1acf40e70ef2184b2050c7c397c44d82718a

SHA256
09157d38baaf88b6f859a92999ca237a89b0dd2560619be60fe0cf03bd885101

SHA512
be95063261464b03e71871990a31c2ced08568668c74622ffb32bd048db5f9e8655b445633f99d0512fbb27599dd361e587c7427c4cb95ec3db8e8ebbbc857a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
d7e8014af5a6bfaa38bfc469acd01553

SHA1
2711660410c8c967017870dc8c7a94160126ec30

SHA256
9d06e5a6100360052ff130a82200f538459221db1e06c4beee440cd8be0eae1a

SHA512
3b21b4f102a435e724f9e3738dde40cc6461b3e8456a9342443c4fc4a562b37fcaec147e6eabc8f5d0ff817c791c67a863b812a6acd00efcdc0d0e6c3ab919fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dbcd4e076b9f4b78dfec112883a86064

SHA1
c683752d9171e448c42a86426cd699fa59b040d5

SHA256
defb53130e91e8d54a1ff514ea7a726625028ae97206435a2a6926681f070df0

SHA512
9a3603a6d4cdc33323f85688eb375607a42d644f1d212585c9a4823550edead6f5a098b853f4c4f466715cbb82fae198662e977a9fbbe5b03d445f93d4df8caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c8f8.TMP

Filesize
48B

MD5
a3fbe8f251fd51d4f149fd4668e5a76e

SHA1
9973a08f9170bb1cdcce694c8a66f938e6ae7266

SHA256
a7ebe0531b3aad1eac0f253dab3af13d89eab31100688524eb47026060f88ab0

SHA512
cc33e329701b185cee27fd6257fbc89cf88e1819585525ef4a65231c3cc7fa5831a5ee6ca3e229787dfa96508beb10c5789d990594461ac04a92297c66d80ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
052212f33e40cb3cb6c3748effa78444

SHA1
e43c828db8a3afb77a03a5994079776413532d3c

SHA256
fb02f446ecd65036e8f75f624b0e6c12e6e9785ad82f756ba1fc585bfd61a2bb

SHA512
70d203be0b0e8bbae6927640ed5d1aa60e3169156b3e2f0cc7db47986676c09e6f5c680dbb9143349192673c929817c4e42897c78bfabd369071f8d1e9f06fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
0faf29b4532c2b34e4aeebf6f181fc67

SHA1
e7abe5b0a4019485d473fdcfadfc7a91cc4422d3

SHA256
f93bd566eef94908cc2724260f47c4e458b38a1e36c9d19f9c57eeb1b1323ab8

SHA512
6f5979c268057a9a1da117309896acf7603d302f2e87bb6c08895b7dc32c50fd3a7a5862dd3a41286b02339a897887d7df64eb34d2c3cfc49f372d365618d1a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
f1923c9b616c747b4dd52d0fc6d2becf

SHA1
2e5a2d1d05ebb084fb19fd4b78dffcda18858993

SHA256
f2bb783b875e5f81207e59d485f9e8f9ad234c652134463bfbb083b3cb9f88f5

SHA512
3650698086beb2582912eb507f9a049965773980445b1866e38e02531875002727dd8f50ddf6781cb57a54aad99f5f61ee5fc89f15bb47864207fcf0336785af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\de4dot.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
69a83c53b9e7f8eeee06f9466f4cf981

SHA1
21b914acc0aac8b23206a195ec5cbe6cc4860ee5

SHA256
ac835f5a9f5cb31513cad5e63c7365df2f0fe64f66e097eeacc31f528aac972a

SHA512
4b26b9f5d59b7232b07976419b8472a2257eaad8bf383a2a2b4522edb6d0870920bc6760c24e918cdc53d25e9484176e887ea58ba2cdf8b041d49874485d4aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
24f5d1c6d9be5d55f587c4fc10b918e7

SHA1
e913349f15b998f88d3ef5feae258653b42c0ced

SHA256
a4f0e7563948bda2f113e43fbbf1c065f3da91f7ead0d10955ceb9afc6ad76e3

SHA512
f8aefd8caf954a59c53d45e67fac6e937e9ba474084e39bdcaa6ce9d0d8ef8f1864bc60c1b3ae5a8fbec47748a1765dd98d4a2b14858208444cab0eece5de757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
29ce881dc0207c5857950a4b7cda5de2

SHA1
2a94dff714cfa74df09df4418cc7169c5fcdf59e

SHA256
c2d7ca3a1634d93057681139a94f3d751ab587fc99c01f58b45536f0a5edfb15

SHA512
ba9d4cf6a3962aea84ee5ed15bb39b63836eb8f048e4e73686b8d8e7eea4ee7114ffbad78e8ac9831c24abaf040cbb7cb398276c5eff975a06cb229fda5d1ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5526f831ea7983d6364912cfa28589df

SHA1
7622d0590a5b9acf1be6251295f32a4fa0c3b5ad

SHA256
011ba2f235b4ee304d693bb31b55f0fe7d108f424a818696513a5d3e7970a90a

SHA512
210bd80c958e35262f002049d8bf963fa5e7ddb650fdc5345af7d8059cc65a8290aba58a3f6adf3028be0a3ec299cc77564b8ac4de0253d2a184dbe0bfcadb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
4d33e31e93d82613bbe2c3641aa16c4b

SHA1
0328c593cd6f494ccc2ecf9444584cc13e353ece

SHA256
7321cec69b66766689a58da10a8ea7b2bcb38b8076f72980542cc3b2700be9ef

SHA512
8508a4995a8a7b9652ab92056229a42d995cb8d26fe15fff0c6c5544dd6e881e37a13800470a3982fb061db84a7b9886a4572aa4c68c1fd1940afa3d4dce76e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
776a1eab23260f0bb355cd1a6845796d

SHA1
f5596750c8a18b238c9373a33bb8e182697cf061

SHA256
cf17a018c20816f51052dd48620e11ed5163772cb4ab5de391c48a4479922354

SHA512
8e52794144c38389d340cb49956e4fb2f2d13d42501e8425c4f21fa8840080a0673e174cee0535cc8f9d18e0b8bde3c35e39c20ddcbeea363a38b04d99a702ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b3ad5e05c9def3978bc491befa1955df

SHA1
a47b79f43f007347eb5e062534bcb2a7fa9d6483

SHA256
5733d4d1b95a066156b4227f6d133e94768618f67fed385d874cc3217b6c205e

SHA512
fb19fe9a4926d543c67e251326fce65d3cf6fe7f80e7e70ad6c22ed2dde68ed2277c5c01df5f47d88a6b1457531a07198c1c0ca2d116e4051daf631623b6206d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ce3d9cc510d88e383625d3f284acf946

SHA1
6ace3f9e4c582d608bff6518309a05594ba35c99

SHA256
34ba3100d8308a92f6e500caae33124e84d5b617d78427937b453b76aa470a25

SHA512
f9194b5b31c349d6a6ef58c60b76065e7a14047b4842e587a68af2c5bc9b0724aa4cb5989d141329143910d2df14a3ea28dc75536fc0f8e21b2d085bf59f7ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
5d5beae872d2efe67ec417c08d90be88

SHA1
2c4471373fce106f8f24a7652a77f6bd8d68797b

SHA256
fd661a1ddc8e36dbf3e159040424b5287bafc5780518145fc4dd6ff46d37ccc8

SHA512
1e2a896edaa7f75821ffaf4f344675fd8b42b1d64d607d929a83f9f3c92f86ca078debc3e5d1d5032898477dc6c1a25e5cb6bc6e4cdf6fed1d7db4edede7b54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
7098901649a9de3250c03c52d9405feb

SHA1
fc7d67043b02659b2e85e969d43d7381a043a61d

SHA256
546d2903a705ea87935ae3397ccca224b4e0c01370980bf85d1d3a94f483b14e

SHA512
d458f9141d729214a898cc0c58c255175451a06719c17bc8ce7cd8fba25b8ee8a62fc3293efa39a6c9f91aa07e62f4c9adecd23fc93b3a57e8375b4c0434a08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
c1d7e18a3bf223463def2626b896d52f

SHA1
772406fe8c2b923b75cdf1ea1f31b5df30b67876

SHA256
b11be13f54fc010b84557ec696477fd9d014516338c458142b75381ba487c666

SHA512
90b7d0ca3e0ea9d37513c2d9dd2d868d09afba525b814e5256ee3527381240aec610904c1553ac468aa736ca6b93ff222a57b453ab1628d4c36bd0f239ad1ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d5126772558860c2c1ae6c03a578b179

SHA1
d286803edcdcdd1e1fced296763e3d4220874df0

SHA256
8ff9ca008c9d2c6bf82e06a977c1a8d01418cb4623f0e39fcf83023412f3d5b7

SHA512
acf1089d77f5941913f6ba1749805124650bf2ba75c0fed31ebc1192dd7da79cb86446d5a79642e135a849310d5c408d949558f1bc826add0937920c87f8bb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
f1e8c49be825859aead07132891064d7

SHA1
9c34fb089cbb7eeff5778188015c5c561a6dfbbc

SHA256
da2053b5fa05a6687beee8d64b8692c0d02247658bab2a3246f91d1e297b5dbb

SHA512
3d53869b8b68ee042cef1ad0563d7c490045689f58f8eb4b30dbb48233d152fe1b2e826298f45502ae8186ea49f44b359dd431a95f3156cab21b9845cc45080a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b0d5cee77c800eba7cbcd7c6ed94a3b7

SHA1
4590f09e556babb80ce00b38bb7274cf6b3ceffa

SHA256
42e9542eb60377fd8c9e29cbe1dd2dfe393ecd96849e37ae60ca73ca55325f93

SHA512
6216e6a5f466fe60ca824633b8222b87ddc7e66a03d8876d29eaac9bd3299f2c3e7f64917ac7e816f99a6f92964a06bf75e6d3f18e60a9113fb0acd9a61e95a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
16eaa0cfb6f8680449b6814708f848af

SHA1
7a67ed3786641eff344f273e5c0d6c2963302dda

SHA256
86f9f0e1b8ccd15283ae92d57fc06cfa7231e7b2ef8e8ba4739f3516ed0c8967

SHA512
bfcca0d0e783f8c07580d50f1e116b10dca781315f1f31ed1a82c22f5ecdf24f4569e9933ed791d0e8b382ca0e8063d0a17c37b9f48443ac0a3f7dc4605d398e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
811eba0a7ec8028f862ac1ebb375f782

SHA1
82b3abb67b33251f9f22280b264123ca77284da5

SHA256
2282d9b7ad5fbd1c310da2ce66f7097cb7683d53e4a14fa02fc58ebc8c982d41

SHA512
3aa8e08ccf59f808aa2fd818011d88e3053220d203bc43e700affc321e46b6ce71c7487f13afae5cdd3f7570f8cf115e56c10e9a55284bbfc073d34036d6156a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
76087af5e91f24a29e1dc56e2a9f2c91

SHA1
0a129072fd8e44e70ec99d7be2ff518e39440edf

SHA256
642c92241f173e6f29250f378445092eb4bdf1910bd5841482112b1aa168a465

SHA512
2d61027d0d8d5cb44ebc22ffb9c6b0360d0f09d170403ae95eedb6dbd551e695ad37b688a92d629735e0dafa2881218877d0b1fc0fabb3a55152d7f1426751a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
735f78e613dea5a2411255ed346085f7

SHA1
110ad5c48f7b4bb213256c6e33b7a83734914800

SHA256
80444ec9a8635fdcc85687fc1d73cf29e7c9f506a5632d055f993040a03ff334

SHA512
69f62e5598ddaa9178d73580e9cd1b8b0c7043db7fbf1dcc5290433551e27c0e8d417a85397079afd22567723b4c0fb83fb1333feb5832a79c8143bacb3ac95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
24e2051023125bb5f6373b63a063f42b

SHA1
57b276d3216e2c9eb25d6cd925f5a32e790bbb5c

SHA256
e0e76d5ff1335769dc15f49280c00573c4eb2fc1bba6b271786e6ffac6210d48

SHA512
8f82268adfbb6f7100fec2383e787e7a0b1742a07439a17bcc6667ac875b4ee078478a877bd20fce400632cbdfe19f7aa97c95060f718db6fc793d186783ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7e9f15fe22c94aba594d45a75eb28983

SHA1
447198679d6f16a4383b39930ebc622260f122cf

SHA256
0a3a442b823796d3eb407eac81879bce7483debc09921efc0ab56446a10b3b47

SHA512
383e64b524dcd3e753ed270cf3dc4927f9c1e63906727b33484c0417b45a21a7899401c88a79e6c0d555c8977f6b6c7c85cf68de5e36a2439ac06d5d0e3bf29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
178eaba0f6d3dcfa8dd42535357f3414

SHA1
d24ec0629d3dfc7e4998f8764c987f7d28db5e24

SHA256
b36784542d9399c5aebe72cce965b990cb608b4c1310e03dbc0c712c01c02fcb

SHA512
03d287b3f033c15cf8fbeadeab6f4308f878671056be6a6b66269ac95eeee6b76d3889613efd7fca9322bb788a37850085d195cf981fe8240a1f6d0169d88ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1f40df2bb404910aab422012f3bfba58

SHA1
6ad2aca2f8872600748e58f3345a8120febf1c94

SHA256
1154a792fda3a3b7ce14d2305da65bbe04e7018880252b41a2d594b04206af6f

SHA512
4c4e62dab124648c6879690a4f916e471758e43ba953b7705ca027dfdec7b79a135fe60cea19a9da7fa360839bccfcbca8d012679a15432d6f43174ceee33a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
20c6eeb47532e85aae85dc1e56557d17

SHA1
3ca05853825f2baf073c7b2212e6b3e6040652b0

SHA256
08dc11f58a08a976fc199bb223e4a6a30b6d717ba0dbf0dfabb7b5fd9337ec50

SHA512
287bf766c99e759c160e43b221606edb42b10a5b2a7d59ddbbc82861c520e262a113bd336359aa81858cc8a47aededa9d2adac3771a6f84612b243eca3f239e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe591b7d.TMP

Filesize
2KB

MD5
32b1bd09d0124c48769d19c8ee5d3895

SHA1
4b6c42bf7cfef026264cbdd3ea815ed0fb5f4ab5

SHA256
cc7c62248557165b10f380a2acf2c451ec3a53715273527a66b314051cd462b6

SHA512
e7f7cb088d3e3a84910f8f382ca37dd0b36281722282aac9700f76ffe521b9ee552fbfe94c001deea90216626d40077446e7d3ce867ac7b9f9ce908c7f95bfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\94e628cf-34d8-4868-a473-44ff841134ba\index-dir\the-real-index

Filesize
72B

MD5
950ce2bf80bbc447e00cd5c897afb1ff

SHA1
e587b611ffba61336d27d53f6f68da77fe2d9732

SHA256
9496807568b9f11390ffeac7ce795b5c67dc711fb1f94a0dfa575468c622c91b

SHA512
fa76d73ce54c306b68bde79879d25ddf7f065f6d60e20670cd6702aab0d87cb7c193ce3347247a68e1a6f75c76bf2f336a6040bf551f545cc76f79cc187f8523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\94e628cf-34d8-4868-a473-44ff841134ba\index-dir\the-real-index~RFe591b7d.TMP

Filesize
48B

MD5
c4363f65a3e6c866bec0a934cd24da8a

SHA1
689ae8e4c0a2959b2324cbb6925c790ad084149f

SHA256
6a918c5dd5acac7db90f6f3cf01a4d754b47a8eb90112088b068234713501089

SHA512
9f0afcb59874ebd0ded8cd3cf95e09c01cd49f2f8f9969bd374771e6ee7302ff202e6e6bc1bb26cc47a1402192612c35f3a2e7d09a9e9b4b3150a1926dcdef62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
e3f4aaefc0ef915da493201edac026ef

SHA1
887c7086482b0d75d8c643b8f72d9d0107452efe

SHA256
69bb69c759e6d0a5c98941c5a77e462c12fc9dfc58af3ad9eb1df329f39e1b20

SHA512
c24a20e02027a26012041e51742caae601da282f7d5d119b1fdda8dcecc84af3c7ceb375b282e9d2abbe489df3723505cffe45667a009c6962058915cfb4a104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
d251100a2d0efe99d3c29d77404b3722

SHA1
70bfaad8ff88b9b9ff8a630ca696bede2b2b7ff5

SHA256
0747d056d023dceb773ec8197792f4b474c09e1b454b3d7fc0d268e1f696640f

SHA512
5f01fef0ce75768704f7c9d03990640907b2226d73e86d6f139751096b2fb9a323bfa083a84ba205d73fa4265103ffcf78895b790fe2ee7ced52a2558dc7c9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
58aa98cc41d2e75c7f2aad8d463ee3b8

SHA1
496ef2ba2f5fa53f8199f1689b08adf066f503e7

SHA256
b5905027a2a3a083458bcd7a8ea78b4a564fb2ee0b2dd2bca5ba25f934b83b74

SHA512
8da326c364f91352a45f7fed8148da02416eddd17a8d6279c6f8dac722f200f01a15f0bf62e4f50cb7729ed8fc52fd21c385e65bca572f5c6eca22b01905fe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
48d75e6a0cfdeb35377fa97c6d91a0b0

SHA1
cea95c7bee9b9d825f5a3bea36a6365fa73115ab

SHA256
b832e4c83e0cc7fd8f3638f7d82b51eb0ef4f2f11fc2e3d9435d7a7a7b2f85e3

SHA512
7567402b9e654a8c70f19e87513be273950ccd788840d021d3108b856cc7ac641305443a822c51ee407d967f71e6587df1f14a7bbbeb40d54a81cd450f2b3516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
53eefac1371918e6ba97b204f1286697

SHA1
23436d82953b6c7f4532c05cb3b18bc2b5fea0be

SHA256
e4c45ef7cfad39372f6118aef9d582025e02874ed422d5f6248a063f74fce30f

SHA512
2e80337ec54f1e3f014808650be0d409f60545da2008be4c51abd9317a0f3a2cb6197f676cd9d327956ea4a6273c9cc1635c3f8b5df690ef62c3d4462eefafe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591b6e.TMP

Filesize
72B

MD5
e11e6e311b1483ccdd5e8e8129e455ff

SHA1
7bbe69dafdb5c30a81af4b39dff67a3685fd13c6

SHA256
2087bf20936d0077588cc6a89f8770799ac3f3818c667f0d0841eb1f73905c02

SHA512
307a3b8a45eae09cd68fc9fb5ba987c25da773613a263cbf2840e29c6f81b7a0e670f8eab26ff14c430e005b9ba74e993bc2e7dd2cfb761b896946d5d9ceda3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
13797794dfec1654eb8a2d1ebd19fea4

SHA1
c20fcb48697918cc82f5a6ea8e74750077042999

SHA256
a71b62be80e49c244d962e808d32378d024cba8a865fe8ef7380b03638964948

SHA512
84dcb758b609830aba7390e72ada9bceac6159124359bf351ad6a349d8ec7e84286acad618e1b91a19d9b5e572f819a33b3c9ce2e04824992f87243289f6863d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
07dff4960ee4c944ecd439e2a8421192

SHA1
6076c25e461d559fe9d3f24f47690884c2da51b3

SHA256
705981126a30e7929387f5124b4365cce420ac9abb0aecb8f95b9179c41918ba

SHA512
6061f42eb1ffe7ccda7fc213e5013356cd90ec83c255cf0c0411a88622be2545b7c0b6be15ee22e2a6a9da7c7d8b24cbe79c1cadec0df09a13577f176ea8d887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
33764b6c59eee1c0ec21b68bdb46ffba

SHA1
36c5ec61c891e709c069d496d9de079ad9c26541

SHA256
15943953e28296854f9ded111315e3de96c0c453e30f2b1d08f5509f3a03355e

SHA512
ab7e1d66e0ab9143b1ab0855747732b8236a0c696f3a336589a847eacdf847e822b54a44eb3f49bedd6e1cfc57728dfc905f5d5d7b15d6833361b8e30386a05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
4c066ace3c50eeb85c52ca9c7be1bf01

SHA1
e4d0dfc117de30698ed5ab09392b8ffbb4363499

SHA256
e711694964a2cd07d62f5d2c225010e51e6fbe98e019afaccff84b5ac9fe6548

SHA512
9d12cf5cb4cbe9cc756a1e0e7fedf0e743113e7d4cd853bc26bc7e5636c02916f25579cd949f76db367e90946a46a355da2253256c14b44b0921995e74834b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
2KB

MD5
e8f4dd69583a6194b66cd9c1d1d8ebd9

SHA1
379cc1f050707e9c62af4921cdbc9af1878ce7b9

SHA256
e41db7fb2e331648df022017aaf597e69e68e3ef719cb68af6984f844a0b341c

SHA512
cb4796ce826445f6badbafbbbaacd59ac730a26df6989342e0a50318549bfc773be4d55aff25f320ce6b234b1cbe77e213271cca7c0dc1eded3218badf3900e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
13KB

MD5
bb2731c455c24b305addce08013f38d2

SHA1
b32211695e16c41c74a5a0aa1b7077de975b19b6

SHA256
6a10ac11e17273af20d1462de4d7adb7095b5519ba38a7c02dd4b21b07d00bc9

SHA512
69fbb09d6099789c07c8f1a4123b5399bcbdec240534595643f38a6d02e3bb27afad159fe2e6ad1d9fc817cb5aeba4f4df94c6353d46eb19926710d8aa7e9911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d9cdba193d50f9f67a2f34a9f8a96ee8

SHA1
dbf3c084020649789ebaee432d9c08ca929768d8

SHA256
e87e71240238ba912a8b1d2f0c9dd4baeae966d7032edf267492bc13c019d66f

SHA512
de72f1f17da985cbb25f1362b34efb1dfc5bfeaf73e1ab4708eb3281d5b274f76114e44c1b0ba9e4a5ce43ffd4e46cf6cda7b33e5da3fc045441fc6841ac0b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
97ba8d3f47e12a43cec79c44cc40dc16

SHA1
78991d4835e2b1fb3c8cde560b365b2f3107611a

SHA256
6d635e280d718ad42b604293865e02586d04473280ef2699e88eeb31486a4667

SHA512
004ff6941bc8bf802a8d4704fde78ca91cd72db14264469814b4819b553e05d5bceea5fff8555b69e019b30a408324e1e8bf6d46514b0287009b821c201577b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
5df6367094a12c08c234d0581461bd7b

SHA1
6e937f72c895fbde91860001acbb0e450137f0be

SHA256
8827af4fc4949de73d4dd17fc5a80fce0a8be72ab35f247da90c18c52b2ef775

SHA512
cbcd920d28fcfe5e6c80bbe51ade46df0f081860a3f39e284218a41e3c53e5783cdbfc2c726927e83ceab0dfe797627d7d78b99757f71afd1ff20237e995eeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
ded2bf733d28007cfb0576851abe9240

SHA1
4df44f126f4bca5e9c0f02612659ef5406f1cebf

SHA256
b649a88df8a7613b81ed9f9d0254e76ced2712c0d6c1e91874b36c1b030d9f76

SHA512
e7163879169dfaba910dc348d008c99c6a3ea2544f80a6b921d8d1ff924b79eaa94fad952aaa8ee0346f4ba7dc05a45db5321354d5f6f0bf7b06eb815c267562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
6c6f0bf31f08cb5874a26eba3b4c03f1

SHA1
f0db0f6fc2ed4e5688034ac1491fcee3909659b8

SHA256
1169782badf8c9f479d16e94a7a7a46f118748a3bd5a5240e997bf697f268ab6

SHA512
4e4a1ef8b1f8278f3be6e1de88cc462bd92ce62422ade2aaebf4f99d3a981c84d6d0438fa51e6cfbb34d7e78e25a6b6e28d639e6fa2fe6183da1c012fc011956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
052e99efe284e011edafadcb519eb8ec

SHA1
9fc0d5a30c051532037ce77eb806ccde1628180d

SHA256
d465f241930cac89260c99465c780ba72db44390e59bde2215c2e79915fbfa5f

SHA512
bac340a6f99003dc370316f55a4c413ca18502d0d176554f3cb177a507fd91e672ea068b5efe83ea410d1ac3ee2f33ed73e95034ce91dd11efc995fff894604e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
9286397a944e473f314870a26bb8eca5

SHA1
977072b4334df739c0789248d8811ef3386262de

SHA256
c46e982d273086869b00af45c5f12ff42ec03d9c97ec24109f47860e6aa30e24

SHA512
c09f8aaa4e36d3da378496e05850d3af404d97e8e743a538b64f8a17c3be6ec186102e6ddba8c6a11920e8a3f040d18140b6b8eef73ff60e8c1f9e62e5734215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
999c8d591d6a3f6a57b41dcc96628b9c

SHA1
8efd13a6c01e478bfd83cf338d1e30a54c9aa9a0

SHA256
324d47d2ecbd937c7a6dfd1120cbf58b22f746798541c049fa94b12e63c82454

SHA512
81086d74c26f3ce52e03340dad9221113eae9dd358da5aefb2f51adc4104330a69b6c5a42053d524045a63776d82ad118168d9450ba4625f466691d6ca9853ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
4e9400293257910306a143a035b1516a

SHA1
75efb0e1405417649e42f6f92adc77b09ef27daa

SHA256
fc1fe21834af64a0beb45ae29c5c2d7514fc9c0d2cd0d9a9c10abe8cf7c56dd0

SHA512
792cd2b4ef369c0022c15421e7e445bd6ffffb008fe83408566e27f9d8b320ae69ebc7a4652f06a308cb930fce2ea6dfff4eb0bd488901d80ca663313920ae1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
e49ac891059350f4819a5d4efeb94638

SHA1
222f9104a1d7f9dd5396e77371f5466706db3b24

SHA256
559a8022bf91d50677e017a9a949c1924887dbf28249742545937482d0103f3b

SHA512
d34e58a4af6e3c96442ca7f771be1f03b117e0d4f0fd8ff60660fe7c4b5b6ab87b76cb6847440d5ebdb125e9c93e37c50e07cd695dbbe727a3cdeab630365ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
938bdd1d621b835a23fe39b21d796656

SHA1
7b1a08c56c200a168fd4472db30a9c53e656e778

SHA256
af30c255ad266a0be4d97b853ce6126fca5fef7043807e42e3258871f82b0150

SHA512
3f6cc96a115f3d4eebfec4c3664b4c225713114d207898503e5eb1a43cd836de90328f10d0eafa8e99b28b290aa1613d9a0764ddf0494c42edd1c2e693e6be48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
72c5ce84f5d8726c4796c41b135d1a93

SHA1
e42dde878893dbfb10eb84f939a60f2774ecbb62

SHA256
000bf480361d9b83255ce6d6f4bd42b5ba75a30509bef962f5912e5feed44f2b

SHA512
50e6f69f888154ba48eacf88386aa64999234f37e806d7f61f455a2f660abbf2ca4b5649e5e2ce6ea8bcc59476073056ef329b712d06f55ffd26e7c6d9873027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
1965e9665d98ebcc80e57a69bfa44fba

SHA1
a8c0a7512e28797bdc2f6ab4c8a254ecfb3a11ca

SHA256
335c2ff9e737399bff5f137c9d2975d6bdd37ecced1c95496d63fffe8516e69b

SHA512
82be5c692644b1058641136e0943468978a9c860007aaf538e87cd7d7f6e7c96072af4ae8678876b3d247f07f6496406b09cef389fce260cd1c513201d772854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
a145e80f17de6ac85f59e4dba8e67013

SHA1
3797b64d9a0c3bd06af00e6a74134727d585208d

SHA256
c1a2f48c10e3d289608f7f35d928188b16ca5837b151eb3f70db1d177f553501

SHA512
f7c70da0ce67f934e766dea1e598873c596e6eea968783379af92fb00b5745ee928f180e9f7f5f93ecb3ff193e9f97f264fe510ca0adb93f2a77ab61b003359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
01b8a30a0503b4ec72cd9e5c573ff95d

SHA1
fb927d94fb6e0b4a0ea0e553a3f84bf45e6ae00a

SHA256
77fd511c532af14e13a21d0b3892a8d874e8c6c636d19c0ade035c18ecdcaf1e

SHA512
528c6b08c3fef7abc11fbb54635dbda01585a584a2c3a1bc3c02f5d9194953564a55efa06d28366af5c1de52ee6d453d9c526e1907e6068c3c3583c2db148b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
310e981d7a70636451f5e3f6c729ded4

SHA1
3e4b01a748a6190accee9e272ae850502610ff19

SHA256
ce0005590cd8e3490282186a4f12a32cb57f6488140966d4518601d69d7bbfb6

SHA512
b1d769d6d3a0e6f6a0a20c06ea9acead765f2a63a22abe74651e2bf489daed63e55e961a39e1177924a53d99045b3b2018517f171591743f60f43258b8c44445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
3a6fb8f56d1dec24e5836f303ed3b8da

SHA1
4b6be3fd40d25a7f4d6bc896babc95b50f46cf1c

SHA256
cb99b03cd12a242ddd7acef879785aa3f898fabae8fa7fdbddc53af7ef6850fc

SHA512
b6e827300431cbc72778ecb8dd271b4c7119ce94d48bb8e3bf239b3e8a5166a38b44506cb4988b5bbfb978123565c40ecb79635237aa581ee9a06711c3c97f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b18fecfd57b621a9ee91e01a54384536

SHA1
f4ef95a6d74164f54e8c4c8bb16b84cd9689c2be

SHA256
23f7441a9dd534b50494cab5171bbee024d8e8ddf32e21404a6fce0fc5c42a7f

SHA512
0c07c34b4c752eb860ca081e9d4bbaa672061d5ac99d56ab62ff4528e3b89bc53438e4691ecedab235f81a06d59625de9c5ac08df4a310fd1df1c6991a60c623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db

Filesize
68KB

MD5
7ea698a737fd98a7c118f44c047474a1

SHA1
12d6ed9eae5073a44ec7062c880fa9026605aa57

SHA256
df22a6161f5e32987460f3027bb952784b98a78a6fa819eb67d905ee49c50816

SHA512
8cb33963a8271bc9a7bb4e27c17d7fb9ddc6f3e6e0d22a1da98f7cdf3523b071d8f6bf01f033163c7089f21a4ee54ac78729c5e264517a9e929f6f56a7d79432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d8c892b506b51fadbd30d32f462eed67

SHA1
f1b113374e18147f3d96511aaac041ff4f8455c2

SHA256
b898d36775e570ce3826bf5b02a630197313d91863c1354a16280c45f6e163b3

SHA512
2b0ea490e6d178dc1c6706f52c07da5bea9651d7ef5124a859ac02e9923e06706b2d7c4b0bf579134086a43f6a3d3a786ab8fc54e5c7172ed79169e2c37b2ebc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3xhpu52e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
a6802302a9d3e6f83733556653cb0f9b

SHA1
7266339ff08018708748f297cb1a205616181c18

SHA256
127c798ed644beee7c119badebd3d8e8dea02c31423e45de1cba030609d8ffac

SHA512
8e63a50d4a3b632324d7f0e0512fba17bde5cdb0d970cfd787cfab78f6070fd3315c6638282cbb1e531df629095aca7adf3f1683513490dd527de21fdf291a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
8ecb0e5fefe3423ff335216e25a165b9

SHA1
894210c82739cd4164267a1d5e7bf825a065bfa3

SHA256
d7fc587fdd899fe1184b451c7cecd88a3024b7d6d0107469f81932dcc6095ff3

SHA512
5f828e06dcb996062e9b55716771b435998f2e924279a1f6d4ade51e8d2d0651cd09b6b23820033eda9657a14e06992d00a98147b121cb711398e2bf79e0e746

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5764_329544473\7f751c3d-b031-4362-b40f-f5f624200139.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\AlternateServices.bin

Filesize
6KB

MD5
66e503bcbe4c90f911cb2cf2a3e489d6

SHA1
2928994073a57bb16362c984bc1e994b6416d2fb

SHA256
a502ad712ddd6d23083872ffbce53dc04f316867b208a6bf552a698a74fb94fa

SHA512
4ae69e496ee02866d1e8e5e9f08a529b540fe074041edfe121abdc758a37e627870df0a0cf0390789e52a31d0ae30b308bae2547987929ee568caca71085e145

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
b72028e787054a8ff07961e73d079b5f

SHA1
de4ffb17c40aba51a52f6e439d658fafb1227f0f

SHA256
a0b82533a9219dc18ee0b532bafa61c46695ca2bf93a69d5085b687a5e07f88a

SHA512
3ca64e890272e3a8e6cb25432b0c41573065f31dbc3e2093de661b67e85abce05d51f341550a03af835140fdad9a40ed479179b24f394bf1e73b19d9904a090c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
033af7459a9ed3e76121c9e89a220ecc

SHA1
86ce533a59a7d9f4fd4a896b54c58a18d56d9feb

SHA256
01d4ceb55c2e54526bb9eff819ef83cb6d056453ab279313eb6f2c94094ac023

SHA512
d3f105b0a4065d7bf4abde81798e863d7f453088c87b240e311c5ddd825652a33d1f25917fa8ed5d92c903262698a3d2b608f076089e04ac1bd78f8a63f3d6f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
acbae58a34eec5177f7ce9021e436b12

SHA1
0e4a613f03db4c318b43aa5f73387c536b66da30

SHA256
05172e72768474f4c35fda6d3da3d75e27d96bbb2e5cae26be9df480c310d57c

SHA512
b7a9cca76511d25cd6b1d40f0b403df0958889f97508744fa5892ccaf96c654619dc536071a88802ba50401a3c3dcf1c9f1464e5df9cdd796317ad1a278f6385

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\pending_pings\5c3c5490-98dc-4239-8681-bf53f45a5d3d

Filesize
886B

MD5
71491c760a82aff645d62ebeec8adfe6

SHA1
efbb061e029ca96e2e82ed5e37b5f10163723da7

SHA256
6bf6adb60c970cd24543f4c9ef7564295e168a2790cc77242aa24eb892412bcd

SHA512
098a13ad6f05c1360aa88a71f5678810610331e9cfb4e76dde577e2b9336fcab5ac90021b035cef30a7e55184b394299dbc603c39d26da0e985fc6204bdd4c99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\pending_pings\7c640264-28c1-4dfb-972f-e9fa211d164c

Filesize
235B

MD5
15fda4060fc365cef0a6a84fd2e50388

SHA1
9678b85509202be8761dd44438ad0d2ae4ce0a68

SHA256
31548a159347e8024c4d5ba7b256822fd1356d080f891442c07b53718031515a

SHA512
54614b09ff38d0b1d3ac0393b93ab9b0ea10a71e56f2d8cdddea4798d1ed5b163c5ba9c8ae611d19e8c99bd20d5f9a5cbc745d8314f3d54973fca05297431a41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\pending_pings\be5ea96a-f6ad-4ae1-93a9-b8f8282b0d93

Filesize
871B

MD5
e71850a20645a601a05539d332bd2041

SHA1
af9ab4aeade547a32c339b7493a1f1aeb6bf2c68

SHA256
39ebc5dc2dabb8834b2b362e6aa5bdf07e99e3d7e0959d7d25a07e70f7a0b30c

SHA512
87ee8c69a296557fc4cbf503d1794bc38e7c824dc8cc0d9d5d3551b768fbe960590400ea0fc24193cf096e33a7df626bf496cc78cc16a6d1709abaa00ad80260

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\pending_pings\cbe6568e-c1df-4bea-9b97-18fc35653f57

Filesize
2KB

MD5
efe5afca827341396295e1654a1d3531

SHA1
a4ae26f9698a0ade48894a9dfa981936ca5844f4

SHA256
a875bab8aa0ca2f2d7395048e4f44f330351f80c02e4651293b5ebd343bb69cf

SHA512
af042ec0843e488c08d8b97accfff1e6751c0be3229810ca01a8f05a802c038c175b8a61a2843beca340dd3f65dffea4c0ad49ee5b834c669029e4de6bedb433

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\datareporting\glean\pending_pings\f0ac0e21-f5d6-4943-b9e7-0931291e3a19

Filesize
235B

MD5
45280fa36f8ecf9e5760300b97fc829d

SHA1
b17d395f2ecdf18a0515cc5fb725b5db2b81f74a

SHA256
10c24516bb6046dc53befea292fbf80005ea8f45dfd88a0166f7ee75e91a9dbb

SHA512
364ed4d677e0456db2e6b307f0851291cde4458bf4121423c345d5d8b9473b2424bf5f497b23deb0fa135ac15508e765555df5474672983af6e6da6de7729639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\prefs.js

Filesize
6KB

MD5
e6daebfb29ce48967f94bc5cc330c91f

SHA1
68c72c6375340128aa8675e0b7d071e015e1add2

SHA256
4d1ae1d3a1586256ae60f16b47f0e96b50fa5522c04f7b02c4aa4a90cfbfe28c

SHA512
2a7d5b75039220f824368d3f9250b5e9de5e58675149f8bd108626b73afd05de9e646cd32e1fc215d96a7dcac6b4d696193afc633aef713ad87336249795f4ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\prefs.js

Filesize
6KB

MD5
165eef1e3cbe59b7367d90e821d5368a

SHA1
4a986e0b7ca10bd7913e1352b77f7076c1c8e14d

SHA256
6e75c23a10e5fa94a3d89dd4e167ac3a1424ebbf2a885c74b5c49af9f8928497

SHA512
c55906a8e012273bc8db227e4bab013132c0113c4c6f3154ad738c9111a44a99069f32a3f5e58ba73b8eb4fd2344c821addab8ef2f85a46dbf4f59264a01c549

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3xhpu52e.default-release\sessionCheckpoints.json

Filesize
212B

MD5
29ce37dc02c78bbe2e5284d350fae004

SHA1
bab97d5908ea6592aef6b46cee1ded6f34693fa2

SHA256
1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

SHA512
53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Download Submit
memory/2040-165-0x0000000000D00000-0x0000000000D08000-memory.dmp

Filesize
32KB

Download
memory/2040-166-0x0000000001840000-0x0000000001852000-memory.dmp

Filesize
72KB

Download
memory/2040-169-0x0000000003250000-0x0000000003266000-memory.dmp

Filesize
88KB

Download
memory/2040-168-0x0000000005970000-0x0000000005A8C000-memory.dmp

Filesize
1.1MB

Download
memory/2040-167-0x0000000005850000-0x000000000596A000-memory.dmp

Filesize
1.1MB

Download
memory/3036-191-0x000000001BCD0000-0x000000001BCE2000-memory.dmp

Filesize
72KB

Download
memory/3036-190-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/3036-193-0x000000001BF30000-0x000000001C04A000-memory.dmp

Filesize
1.1MB

Download
memory/3036-192-0x000000001BE10000-0x000000001BF2C000-memory.dmp

Filesize
1.1MB

Download
memory/3036-194-0x000000001BD10000-0x000000001BD26000-memory.dmp

Filesize
88KB

Download
memory/4972-215-0x0000000004FB0000-0x0000000004FDA000-memory.dmp

Filesize
168KB

Download