ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave Goodbye.exe
Size

6.0MB
MD5

b67c09157b260b02037a716d28d7c34f
SHA1

a6da5549351e78fda395b5381dcf9e14240390fd
SHA256

ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824
SHA512

61cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad
SSDEEP

98304:dHx3rQ9UT/cnDEuzHEAtpW1pAT0WaDMyaATQKC2witrFr9vQVN9x3gHWdFISYft4:73rpbcnDEuzkAtpWzATIaAEHVYJJmN/P

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Wave Goodbye.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Wave Goodbye.exe
Drops file in Drivers directory 1 IoCs

Processes:

Wave Goodbye.exe

description ioc process

File opened for modification C:\Windows\system32\drivers\etc\hosts Wave Goodbye.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Wave Goodbye.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	Wave Goodbye.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Wave Goodbye.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Wave Goodbye.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Wave Goodbye.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/4700-0-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-4-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-3-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-6-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-5-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-2-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-31-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-73-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-453-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral2/memory/4700-492-0x0000000140000000-0x0000000140F65000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Wave Goodbye.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Wave Goodbye.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Wave Goodbye.exe

pid process

4700 Wave Goodbye.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Wave Goodbye.exe

pid	process
4700	Wave Goodbye.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Wave Goodbye.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\144E3687B1ABF2C93D845118485A9E9E4407C93A	Wave Goodbye.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\144E3687B1ABF2C93D845118485A9E9E4407C93A\Blob = 030000000100000014000000144e3687b1abf2c93d845118485a9e9e4407c93a2000000001000000b9050000308205b53082039da00302010202140c1f3dced2c83786458b8b3d31fdbfb6558aa8d3300d06092a864886f70d01010b0500306a310b30090603550406130255533113301106035504080c0a43616c69666f726e696131223020060355040a0c19476f6f676c65205472757374205365727669636573204c4c433122302006035504030c19476f6f676c65205472757374205365727669636573204c4c43301e170d3234303630343132313431385a170d3239303630343132313431385a306a310b30090603550406130255533113301106035504080c0a43616c69666f726e696131223020060355040a0c19476f6f676c65205472757374205365727669636573204c4c433122302006035504030c19476f6f676c65205472757374205365727669636573204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100d6b1e4c30f439b224fdad6d7f0686d1d2c05e728c325f8c1da9513002a40a83424bb47b782467f3077d13bb2f3b254f573d17b7817e595888c548b02e845f8a34c2dd1b385675a87ab87e8428b3c6c0bdd16a24ea10495480af3582e55316f9c0731ef7f3c4fd15015899655f5a2a45cc9fee0a92200c073d48f1e437190720766f19bffa8d59fffadd3525f523e31a6cfdd633708c2a195b61ec910b8c302c99ac42baee759e1be9def6b01b02accef28aa13a9335e5d05e03cfb97c4c5efc7cce1d0854fb0085dd191acd9445bd193a6768131c336da2ebff5fd1508e7b93db45c54ea495f6486ef7539f614b9ba8b51877e23f3ee35c7b3cf9eac34bdbb89c2851671a19ab19111dbe647b206e0a014d7a8dc8acfb4115ad5c1b949d033d328d68e3280d6b7da552e7913f76378f18bbd2ad97ba05d42f80626515b47eac6d9613768113a31462d6ce41eef081aa359e83f0d4f4648352fda4f31d0ff8d5072152fbbaa6f51839d215c482f7e14fc7c6d52430fc1c2922ec081ce64534318e0764ede4f3f619e6cecc68b97ebb2dba85d47250181d4c649f34540ebe60ab64d3eabae9001dc3fcd15d9027f4b3babe6efcc012821ba49da004cdb4d367f77faec3ef44dad14f36ca7847381dba54468bdb3797dbdb30ce9b1f2b3ea39a7c1985f3ae3f3ee4e1d699dc60b70ab3559d360b752ffe5867efa6025fa022f825d0203010001a3533051301d0603551d0e04160414259f70a24e8b332df0f8d98bd36ce93fabc894ab301f0603551d23041830168014259f70a24e8b332df0f8d98bd36ce93fabc894ab300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010020e5f289742cba5c4627793a8a2f0d14d59acbf92bb4f97cbdeaf80208fc6027fecb3f1e4bca7dddfabf486f12d0098816361eccb47f037001dc7c5d16124c0025fad0ab4d35dccb3a624dbe5c0e38fe60658abad9f572ecca5df3f774d5a5eb5dbb56406ece7bbce47fa74d40ff0ba3309a9f95e791f980cec44b9da29604835db786bbdf714ab712c6287fc4940ef7f0449f3029e940fe61b290c2cea73b783fbaa21ea4a8b3f6cfdcc63b9dbd6a8731964aab6383ec01eea8fbf142778eddf538b022aaa4ac101e33a196aaa6d11aeeeaa37dd4d8f5d6bfa42c8fb58cc7adb08f38502592084a51f2d1ebd356991c837072879b1240993bf4ad01adcb998860f8c4680d6d76f2c5c68afe5de757deab7877bb287eb60fc46392a8113cd45a094b88101ec0d0c5d34dc4d3b4870567188aeb1f8df2c26fd5d12667575c71ea1bf272e424af711170b617ec3a5ce1a0db9a208b31b3b1048b61267b16d5287ee575d5b293988879775eee5d4392aa8f8eb3b39f91203a40990fd4d84c9965acd373bea5e44fa38491c08ac7c0bf6daa246b2b618b12a1756ff12ef401b7d38cdc6bfb0b5ecb7c89f113bf13c827a854492f65e4ee6c9e70fae22dcce01aec83294ba3ed620ab9ca681d6bb71bb4d397ba744d22912bca79aee83287e49593914e0001d4006acc74cdc83da2160f1deb7ac0fe5046c557771eefb82a4758929d	Wave Goodbye.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1840	msedge.exe
1840	msedge.exe
868	msedge.exe
868	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe
4612	msedge.exe
4612	msedge.exe
4052	msedge.exe
4052	msedge.exe
2160	identity_helper.exe
2160	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exemsedge.exe

pid process

868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
4052 msedge.exe
4052 msedge.exe
4052 msedge.exe
4052 msedge.exe
4052 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4276 firefox.exe
Token: SeDebugPrivilege 4276 firefox.exe

description	pid	process
Token: SeDebugPrivilege	4276	firefox.exe
Token: SeDebugPrivilege	4276	firefox.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4276 firefox.exe

pid	process
4276	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Wave Goodbye.exemsedge.exe

description	pid	process	target process
PID 4700 wrote to memory of 868	4700	Wave Goodbye.exe	msedge.exe
PID 4700 wrote to memory of 868	4700	Wave Goodbye.exe	msedge.exe
PID 868 wrote to memory of 4492	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 4492	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 3608	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1840	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1840	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe
PID 868 wrote to memory of 1392	868	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe
"C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/6NNYUEXAR2
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c14c46f8,0x7ff8c14c4708,0x7ff8c14c4718
3⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
3⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
3⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
3⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:8
3⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
3⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
3⤵
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
3⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
3⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
3⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
3⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
3⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10618649014418080376,15123025621993693149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
3⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.0.48814703\873926735" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8195d644-5a18-4cb2-847a-dc296157e5d4} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 1868 2118de12158 gpu
3⤵
PID:4592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.1.1619609192\468094217" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b5bb149-f28a-4a6d-adcf-ff1b9b53a43d} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 2436 21181089658 socket
3⤵
- Checks processor information in registry
PID:4408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.2.1096720265\921165525" -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3152 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29db0d39-0212-4c7b-937c-c02170d50712} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 3280 21190cf7b58 tab
3⤵
PID:2584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.3.2110509230\66663597" -childID 2 -isForBrowser -prefsHandle 4220 -prefMapHandle 4212 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0559c7c5-1fb2-4552-8eb9-f703610dd28c} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4252 211930c8558 tab
3⤵
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.4.2141298481\640941082" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc9fea7a-e68f-42de-9d97-01ec0e67a686} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4968 2119619cb58 tab
3⤵
PID:4880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.5.1550893390\1387544490" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19a25b46-aef0-45ee-95b4-49232e93a19e} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5092 211961e6258 tab
3⤵
PID:3124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.6.37185182\1860180304" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5316 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51c2d59f-ace8-4629-a17e-e374f7d30823} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5300 211961e9e58 tab
3⤵
PID:2604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.7.606550653\1344240284" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07759057-4efb-45cf-9544-108fe909352a} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5352 211903b2358 tab
3⤵
PID:1100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.8.1138501373\1319561487" -childID 7 -isForBrowser -prefsHandle 3660 -prefMapHandle 5004 -prefsLen 28036 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {723846a4-22e3-4712-b0a3-6053bbc213af} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4828 21194bee858 tab
3⤵
PID:5016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c14c46f8,0x7ff8c14c4708,0x7ff8c14c4718
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
2⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3906488211964354867,7873840771660147212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f50a091b253172037dd77531196b8e6a

SHA1
7b7f973390d1ca3ab838fbadd952031b92cf2f2c

SHA256
518fbb4abc9695517fc23bc4e93b866318f41deef16b265c3d3d11e3a4855225

SHA512
0f650bbaa413b1a4bed72de2420104e9d032e47bd3a06e8a7c9b93d24ff1770d1dd9775d09931410da99e6c77ec5c5f0982dec6fcbd77d4939f413aeee447856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
7d32f71852984d1689db96af191f352f

SHA1
8d221dbcd677c27706073c75afa134be5098dfba

SHA256
4baf1d6dc1cbf64f41e808a1e137ae69bf3b9bfa6117d9d211745b7625204fae

SHA512
c728806ff0489acd1734d1eae9225096e7b85c6aaaaad4b9448b46fbdaed33a50138340f213605f82c0d9bc6edd472adb99e1b8883ffbca5d44bf090aaeb63ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
5570a80abbe56318ed40ea74b9ce43a6

SHA1
b3406c49d0c8e6f8c27e9a61fbe297e424d02bc7

SHA256
d6d7741bb8a867e2504b8c5d0912be851f183e0794099c409145eaa40801eab6

SHA512
14ea05c3a16a32f05e49c3a125e4d0ca8337ed48db2c2eaf86f65f12b3b81904a50ef6fc7b393fe0b5424f29b74f6db603f5f7dcd573cfa6dc15ff79f9b2d9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
322B

MD5
b5e3a05e86b008790c402daedeb29a57

SHA1
d7d6d1a2868ac162ac4428fd0922ec109f3da374

SHA256
5e3ac0be790ab686cdbf7e4deee4f6a51beaca336956933ee7f4484d6395eda6

SHA512
97d505c97d63224b953ec87ecedead1bea14b4b875284423de7366a0455133838bbd8c1e8a0a59a6a0f4c5007a9f024fa60afb7fb569c713cdf57f1199e22c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
1a8efc8f17d979026e19204ec7474f1f

SHA1
7f5a851d82749cedc33ede3d217971a013010d1d

SHA256
5b67712aa9a5f61171a79b25b3f173a4ac1d9159cc60581d66a309b30c4e9361

SHA512
6675741fdb9a75393377c8e253df1d884b6b20d38c0492b6fb3be0173f22ab288bb80725e9ea9a6bd0862cf856247aa77d19cbbd93c190bd61bb39d72f4fd320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6e56bfb222ff76a645563ec5484890a1

SHA1
a1a616bac6ea278492a1579db4c9f9617e4a6b9e

SHA256
5f9664d744d388e9ed9a2a6ce40f591b6eef08f16952fcfbdd924bf7a7e2be2f

SHA512
0b7dfd2c6b7c52319898d3ace45ddb9177831de6425161105b769e8f9beba96d2f4928f464ee2cdc992f664a97684c6318b8d40c6b7ee18136ccc6b5a1117411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
90df4c69f9ddf01cf3da226796e195b8

SHA1
6703e207c1d96dc084de0f14ffe32ca94ca1e5f3

SHA256
bc368239eca609b4adeb3053b9884ea4d58209102a4b5f5a5d35e95d9b519217

SHA512
b3d75a1ae94e3d19c7e4ebb2f723b1f22c1655cdd4150ccc1ed03c2ebb8b7f9a7de8bceb2b08c893f31d80411fbd7ad93b97e49b91d5719c12f804d44c5d2a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
947dc40e9f5116d477b131c86729d1a8

SHA1
34147dc9065601e04e1affbbed4b27cdbf4d9c71

SHA256
03b2dda2078bcd81b26ad722e1d8ef272cb49e3e209521200a94f0b81f545a6a

SHA512
c9bcd68b7b45a75ea3a5eef50f5b3cd1feb45786bae748df2bb163b90c5917649b8e91c5ba0150d5a442358552bd8962444b0f221f2d92251c04fe9da027a537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
01b2fb7e2f09e95dfba0e6288c1f29a0

SHA1
d227c91823ef77a905af04b4dbbf36e090a3cfde

SHA256
1a08635d4236d481cd74ca776a9453446bc2e5f6e728880b9c3caa8f52d16cc0

SHA512
13b8eb920673d4387423e7057b1f237282657fe834a7d0a10cbb27fe9d4f2f12538d61d875196a86ce37507deb15d62c9832b72ff1742df85bffa01b15afaf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
023047fc64d5e4297645ae64c5dd9431

SHA1
c088230a9b0dc989519d0f58051ce74f2c7acf62

SHA256
04f3e6abef7dedeb1f9a2c47d4b60f5149bede546a4a5e95326a44ef595be1e1

SHA512
e62af795ead6c747b6093eea516fb51062217409c452e9bca39e343cd50a59d4fa5e5a8cb50e2ff0c7b0744bec2172cfa6264bddf9b624724ce42aa14179f723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364179633623009
Filesize
1KB

MD5
e46a041dd705aded26adab2fadd5c0e3

SHA1
a2fc22ad7510a4a0a1aa5b12c905c32bf2610fa0

SHA256
90f489ad0e873367f61d9a4b8bf85f046daa19567da9b10ef8ec988be799cc96

SHA512
22570bbc10e48fa1d442eceeffa63d968070fa248f842cad5d149bb44ab6215315353046b3b46cea4cad98e7d679e9f2cea0528ebd5d6f355d9ae738f78edb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364179633809009
Filesize
1KB

MD5
b47cbb3d7af695812a9bfc25000aa3e0

SHA1
75b5362c4dc231090ff39b4d9ec2048108a945e6

SHA256
8d5cbe0f8e15e9498b306c967a9c069e8987ced8bae895aa4ce316b6a0ed9f17

SHA512
bcfaadb2350968575e5b34c08151a962ca04e38ff14b75bda47213f42381ca835c966fd2f04e36699ab1812d66c13f25bd21ad3dfecccb6cb2a3dd9122bdcb9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
e89134ce7c9dce339116faf19c94503a

SHA1
ca4f187691c5af2e8b47ef55af34bb88d91f4b7a

SHA256
304f49d1570d4e8a35429e99d15001b2748c2da82e27e1cc6887f9cd663e1b4c

SHA512
a49c3715df1d2bdb67156dc7fc47c3fb0619c12590f4b1ed26f3da8f5d37ccaf4db0d26ef336192edaaab7fb073638378999faf931883f4fd923c6c9f25c0dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
3036d3504c95dec6e23c6892760fc639

SHA1
f1b67903b3b5cdec0b93a14d64e27ef57a312c1d

SHA256
053cc922fa0d82ca71fec9d6c349ab04003ec6ec7b336ffe105c2b2dc0d62690

SHA512
d22e492a4425c861d427d293753fd5d2ddaf4e0b08a642f1083a37d54be8d4fe6a236d5cb3672d0270f8a95916a7d94394070760c3265bb18826be82944e7880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
faa1531d937dfb74f1d0c603b064ccbc

SHA1
5a230195bce6d47d888fa2ad78c79b0f23b504b6

SHA256
f4b6d7c5158a2191fa5f24e738feff641e17ab8307526b9fe6f857b622c70af6

SHA512
bec864bce8e668de167d290fac6fe29d5838d23ef2c1661a075b67fc8e8e834ae77b89cbc933b091e3dbc4d811e0067ba33717e19ee010279936e4c424be9a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
198B

MD5
c3e2b3fcd36e4fe6e07bfefacaf4987d

SHA1
390c098466792b69821b8e474101a6031bf1cc07

SHA256
2fd989cc7537cd7a3babfd666dd6c0715adae5eb291d1bd4d8ae7fd0727073c8

SHA512
8f039528315dfd1cac590aa75ae01ef983e7de4f13ace8b16c230e290738c90cf94d75477832a313342c1087c2d6f736794a96f0ab8a3edf284fb995dff3c03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
5c1441d30888ec022022c684b18fbee6

SHA1
3362c62e6735dc802cda88eef4720d90169483e9

SHA256
a160c41a07c7b5059f5e8772be367110272bf7025420c03e75bee7bc03722d42

SHA512
6a7835af6fb59cf412cd7bfbb2b62e270768691cb887f11a9b162f93fea0336271e547cc92af1264d3bd932241a09cf2ff5470ac776c56272b21e000ecfe5e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
d84717daa3b1601f76e995042253642a

SHA1
f09c5973786e7640c66cf04892d16ad3cb28c456

SHA256
9a4c8a684455eb87bf8ac6da6d9f177182b4cbf2efeca63f987eb9a101ceeac4

SHA512
a601288cafccb446fc1eda05fdb81f80899c24403db58c6a6e831a23ab4df5176455097a2d58f1ff4a63f32a33fd78781f77a56f072fed75b44ef37bb098c614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
f4f87c762c259d668200a0d6159bd4c6

SHA1
a5b146c08458b146ed5b8261b75c2a4b512c9653

SHA256
376fb1d4d86181128335cb9d950baf4cce1c104d97e8269c85c33882e8e97034

SHA512
a626f368ef5e1307050650a68dd97e6d069384766ac6c893ebca5751aff754fbde2385bad9c84c535eab1d6770f7fab96c4e3b37f6c87acfb4f527875a6ff040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
77c0b5b5aa19c7b17eaa6390c6f399b6

SHA1
faefe3c1ced32dc4b68392368525c41133826708

SHA256
f20fcf93b3b675483f9e08b1aa3310745fd522d9177bd2bb84c179506f0f8852

SHA512
78fa7ee321c43f1bf951d58620938ca826cade2279745dc90336187ac8021402dcdb93cd2ac9cdfcf2d5c36e9421cfd27105bcfe5366affd41f1059a18a8f80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
93b88f01f6907a3c1a3c86e919e40f5e

SHA1
4d0abfa2c10bdfbc5a7366da58c6bd7dfc242f17

SHA256
73eb4dd06637f811e49cc0500491f3cc16f8e67b164ea0272d1332f5e8d37489

SHA512
ce841c8d1756e8c4c9df5ed5048acc608a54a1c37f060188fdc2962995e743021c7565ae273e6ba31e105a84dc2e433c943ce0b15ae7c09281ef3f45bdb2a076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
93eb3cab4eda23ffd237a3a5ca58299f

SHA1
4f3441ec71a939c229f002f88b3a4504c3f61807

SHA256
89607f6f99238a49f4082411974a77f17ff6c703da7a51231587b85a089b505b

SHA512
d514db6a38d5c9b9e339e16c7fe4db9e98ff6b984929425d88f169f7df5bab3774fd19dbf25405b166c74e32e4b83b00eef07768b8692773fa7e63276f70f46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d7b60a5d1be747ae53479a76a59a9e03

SHA1
d9a844e5d527afc32b1fc0d16a06f8bde9d9ece5

SHA256
55b7489f4966715874706e2b1285d3a589c63b2d5b812a45e39b7c4bf472e4b7

SHA512
b388a7b80a008b589c85eed688c8fd5566a5322de68efd723e0c0d09669c38fe670c27f450f7e6fa246018aadd02895dd5ee93d38afce07ce14edd066258ede0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
cf2df92fbcb028373a99f6ced75c025d

SHA1
a8a5d81c2e3f0bfd10d0881dd6f30ac98d16194b

SHA256
7a33a86cda28deb0152d8ea758de1961d9d3345a651b72c19d4c41833e950fdb

SHA512
bc61e0532a580c2bab1c43dd5193ecccfb78101e668e6d38aac59e651e2f3a6c8a4ceb6854c342a22539dc9bdcb4511494452ee864effbf2f12ee5074a7697e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
c3fabea3eaf2b074b734997266cae4ac

SHA1
5b15ee318c82f7f06524258858d8125474f13235

SHA256
5b0974fac992487376fb4f9023d95970e206721f3ff7a0ff7795a95a804d00a0

SHA512
0171cdbcb608b8494382cc6efcb81131b1931e7ce49179ca3f498f560ba5669480600caed06195245b545d85a2ef1568f9fe8d91e0dacd99d2aca26d255d5745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
2072dabf92e8a30aa74e422824930825

SHA1
b0dca9cd26f50d3168b1c4a3f0332b93a4c4cbbc

SHA256
214c24c1561fca7b008a016daf7c021d281c6816aef85324a8858dc354976faf

SHA512
271f1dc12212a8ccac381d6a0e0e0bac4737df9023ca9277e8d78af59903ce7209564365678a96e97b6a38622a75792f807a59e6633166aa6e76d957cb96a62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
9d92cfb6ee1a171601dd29e90ae6106c

SHA1
1e4f2e419c19094a1785fa98a044412bf8d55f6f

SHA256
943f9a1cdc8aceaf47d33241d25a037c5f96e1825aeb048f260997a62f8ef56c

SHA512
ffecc714827f2d807b8bf43367491a267f68c2f89d8cbec3afb74c25efe3f25cea3134bc85cf0895de57b0797527ab3b0fb54fb078b5593b94de2475fce00d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
4B

MD5
7b6743a6bddca7a30af08c282d046c5a

SHA1
f6ac5e4ea9706d6ce25086abbedd4e87a7e01a06

SHA256
a99aaeb5a6364384a080e8107cf0b0990c11bffe0917942967b43b18416875f4

SHA512
f31a0bdac665a35f39f10d7737be0b6bc979615d796a2546c896f54e7773827442fafc071bdfee4165dea77ef69c1c90bcb12025fe7283bc60728e312767ceed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
5137a942c601ecf7f82b113b2873eca1

SHA1
bd669acc8467e800cdc591ddad99f3bc17cf1138

SHA256
e39fd40d95d707b7e63b36e24ad95584fe8b0bda76549c1e2fa921fe0b3f795c

SHA512
8bb8c01915e96bff0b22b1529e51039993e292d1bf347b1be6f86cabfa418f1fc65fc35a3f3a4ace608cca7aa094da6b455d006e532ab5901cc2f28632125be4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
89820dc1407b52aab6bf6341f092dcc6

SHA1
0eb5e2df61334926575cd3765ec346418ab2213d

SHA256
79aa3748d8fd4b175219824a1de130051cb75480e55e69f149ae6ba0a5c40f06

SHA512
0afdfe4a3665a424cf17c7737d3243bff068ee0c5b1bfc08ec640c5fdb9a44e85a0274c57bb6570e319f68f9c0c877985d56cfe635a8cdd81f58a3240ed5ba13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
Filesize
8KB

MD5
05aba7c24823dc6098b92f2b9ab5c3fb

SHA1
ab88ea1939e1e33b0cbf8bfd223f776112d0069d

SHA256
664ca931776384ec2b5c66d2eb07f3a600970bb88d9d0d7dd6fc2861178d062c

SHA512
72ebf3f056bca849848b0ac402b60b56dd0cf9ad25f61452a0a4840486b486884ed7955a7c35ed182128be0a5742f908ca1df2056d894d84c2a7de2a5779b995

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
Filesize
7KB

MD5
e9140a530bf5efba3e2f8f9f7911cc78

SHA1
94bc594f0b6bd0f1d7752c9747dcb760720a65a8

SHA256
b488db58018517decd10408de7ae09eb314914f0705b5d7e6ae912b7dce44f1c

SHA512
994edd1ce37d380956721d107f55bf130579e607129ef255c1ee5e4c77bf2e4190ff7d8011c8cfd0aa90b3b7cd11a4ba939a372301d9c8d12a1a5bc132f0a50b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
Filesize
6KB

MD5
77dd1a2fa51937b57eed4b4a7e9edd02

SHA1
9e05ce1320f85ea0d37cc0bac3035657c0bbf27d

SHA256
dbc832fc7a8012e8d60635eb5b3b56ea500a8356b1d41ba307961b1aa32c5b96

SHA512
001cccdd6a6e4eb95359c2b36d3d178097dd78c53d08b9e7de6f6d6c08e11ecdae85ae5fb9e509eb0533c90220f76cb697553f458090583ed321e3cc5c93c5e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
Filesize
7KB

MD5
060a1fe6f6395f6d793bbc19a2843c11

SHA1
decfc8f82ca5a35543d17fee35046d70a54fe74a

SHA256
910e8c7a358aefe7e43715363bdf998251748a320528e96288adc2df2521ab2c

SHA512
2032259a9d20aba3f064a033ec0f615c2dcdc008089fe1d3032156643029c469ebbf1ff16eae36a7ae4cd09292e7838c56bc05dd94b952ec055d47c2ed84dc50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
93e54bc2430b909ccd6a928a0ba237bc

SHA1
a764b57e2ee4af883d0a76de64ca0180396f4896

SHA256
3fa7cabed88dab025992b88a675868ca73b40b70e24dd62bf25a819cba54a8a6

SHA512
474db13a54f4b8f67f29c52e80942e741d4bb5750be2e15624622f1668034422da7afae8508889f754e863fa00d617777e0489d5c1a8092e9a608f41c1fdd630

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
3a7a416553e8d2abe46c129ec7a82636

SHA1
adcad593d605a4eb14533d58fbb52805dd6489d4

SHA256
f8cbc2efc9368083a0350dabc055b8635bd939fdd562bf397ae01b0e04c03b35

SHA512
17c148e35d3ab34cfbfed1c44d34ce170e1bdfc17594ea98fcad088c2ef1c200327a4f3474612d2f17ebbcff1170b09bde0a66beabdfc4b54770f0cec7ca5aa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
68de26fd2c7aacf6a0302348e8a0c656

SHA1
41149963137704be47dfaaf6f0c9aff43a32d4da

SHA256
86ec1fb19a1170a3a6ad1387ba4ba88fed95e3b845bba8df7607886129d000b1

SHA512
4a33b0f5bd23f4a0e99c14658d717bb5b586a8d7f71e37ed748d06e3091593099fe489a8ea7d962bd9a4907274c9cc7452c78a0441ee199a95572cfe2557a9e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
b6b94863459c2a326b2828c9d28f99e1

SHA1
44bbdd23f00c26f72f101d046e80d21d4f3fdaa0

SHA256
07f46b5de8a451ffeb4eedf264127d65bd7d7ef1ee5cf98fff5267196aa08e7a

SHA512
f71cfee76721b2a8372f1c300b54f02ec0dd798754b7884abb8b5c07d00770848ac40421220c74ff105c7b7ae7e79e8b1a4c7250f780084b78d9efa0abf847ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
3966f2fd7fea6e522f202c777595e0cf

SHA1
28b14d0c251ab6efaabed0fa50ade05a8c125d86

SHA256
b2b020eabd28d131bd4400bd91a216bc758e27e62d5517e98982d17cc9caecdc

SHA512
7ef71f90ba0a76e84929f015b83aa645d9bbbf2e517961628cb984a566f05a4db1dfc4341bdffaf8a4c7de0cd1e12457e5a212325b43239817454e051b21bc70

Download Submit
C:\Windows\system32\drivers\etc\hosts
Filesize
1KB

MD5
deca688b3a2d7e1224e65a13c66b405d

SHA1
5d088d911e53b05860d2294f081b7a56614c1b1b

SHA256
efe68251dcfee5e61bce15c9028f4e237c45e24f23f66d0c9acf5355ba709341

SHA512
8ed11f7e130d1d0d5f554849e9ad181f60d242d21aa6019307df20833e7646705716f591b13c9db0ba8643e8800816dd6b691572c80973f540fba14cc84d47be

Download Submit
\??\pipe\LOCAL\crashpad_868_YRFEJUQEVMTHUJMH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4700-453-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-31-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-73-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-2-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-5-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-6-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-3-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-4-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-1-0x00007FF8CF8F0000-0x00007FF8CF8F2000-memory.dmp

Filesize
8KB

Download
memory/4700-0-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/4700-492-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download