hxxps://apiservices[.]krxd[.]net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https%3A%2F%2Fnitininternational[.]com%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FZGFuLnJpZ2dzYmVlQHRhcmdhbi5jb20=

Analysis

max time kernel
44s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https%3A%2F%2Fnitininternational.com%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FZGFuLnJpZ2dzYmVlQHRhcmdhbi5jb20=

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
3156	msedge.exe
3156	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4560	firefox.exe
Token: SeDebugPrivilege	4560	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 3312	3156	msedge.exe	82
PID 3156 wrote to memory of 3312	3156	msedge.exe	82
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4424	3156	msedge.exe	84
PID 3156 wrote to memory of 4684	3156	msedge.exe	83
PID 3156 wrote to memory of 4684	3156	msedge.exe	83
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85
PID 3156 wrote to memory of 4468	3156	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https%3A%2F%2Fnitininternational.com%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FZGFuLnJpZ2dzYmVlQHRhcmdhbi5jb20=
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe601a46f8,0x7ffe601a4708,0x7ffe601a4718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2228,5380946934529126079,17151888970889266622,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.0.1213344055\426211050" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2175fbbb-4606-43d5-ab04-5bee308a6a08} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 1992 1a5533acf58 gpu
    3⤵
    PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.1.1613943257\603548139" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6864e87a-db79-4bc5-bee5-c0c50ef2c5d2} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 2392 1a551c36c58 socket
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.2.1792872540\1854141730" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd4d6d8-963a-4376-9966-482f039a1bb0} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 3324 1a556423e58 tab
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.3.475569427\605513972" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3536 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e5c73b6-b80d-4464-bd8e-fdc689464dad} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 3508 1a54595e058 tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.4.1100646803\168817422" -childID 3 -isForBrowser -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d4fa9f7-27ed-43f7-b686-6fab2f234d85} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 4796 1a5583f4d58 tab
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.6.578057999\290407199" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4e8aed-da01-4041-b17c-660cde119310} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5356 1a5587be258 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.5.713132927\933319224" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5204 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fef3330e-59fe-4a92-97aa-2510031cb922} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5228 1a5583f6b58 tab
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.7.742910689\1115661672" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5228 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4920b673-15a1-4e58-bb05-68ebb190ae1f} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5416 1a558f95f58 tab
    3⤵
    PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.8.1239966800\1205448956" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5848 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d65ae54a-8043-4416-baf7-de539fc86d1e} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5844 1a55a1b6358 tab
    3⤵
    PID:5908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
716f879f61859be4682c8f5937a34405

SHA1
7b70902bce2338a7ab5b47a7b1ae3854d45a7bd7

SHA256
66a869e4f9541225ca6dba6328067307137ff31db9c16ca2ad8196a5b72395f3

SHA512
8a6288513bbe24c68776002e67ec47962d4d399bfde45bb6e88d0082e001e1ee3b5c3b0bcbcf8d75902d4abb20098e59ff5a3329d96e80ce17231dab67128c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
51a96beedcea9fc596c7004144f12606

SHA1
76e0c93c4916cb223d6edf3be69f51c08a0ca388

SHA256
3c118d6585c6ca8d15dba6039a7143fdcfc5c6229b164508945ececb77b72f7f

SHA512
a6fd5043b9fd9b9f9b1e8a3f05379cb53cb9d3b05c307dfdd17ddbd94843eb5ba775797dfcb3de1626219411dc63c0198395863494eb3e75653cebcd2159fd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d2b93092ee4cc7e61b2a7a84db912d7c

SHA1
01952a211d1ecdc982436a7529d028e67636b702

SHA256
0b1be725564ce2cca324bd25b78ce1280b1909d2629752a6114416cd79fa3403

SHA512
7d1db15251a830e510b720c2135bb353bf7e9661d6070c476ffd6323a3ba22e57ef7ad5daf9ba298a766e5f2fbe7f9274969d59daca50e4fe67c2804fbba8acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9538b7b7f4baf3f29a79e3c143df1b66

SHA1
34709e0eb7ef86036badb53d838349aca7959783

SHA256
6d2db762e057a52d89a6cd80da59b456d12226970ea48d48c89f4b500310e1ea

SHA512
ea072998dfdf8c706e3b01e5afe1528599bef01e0bbc1176835f112a8b7dfcd335b7953bd9bf1bc6ff32fc036e7055728788fe125c57862d186f7ec306798081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4cc33070573037be25764bb37eacb3fa

SHA1
790e8d1c11bf4203130c6850d4d5c4aad1008bc9

SHA256
8929d32f696cdef56484dee617afc91e2b8ef0e07c1dd3b7e2c529c821a5fb60

SHA512
07e2bd5db397508071c7ee0ef1a2ca9cd8c2b076518c670b9cfbdb230a72934d060f41e5a1e7bb5c2bc8411d7c007e3a58ba8b543e8a92e25f92ddeb9ffaef90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
f5a0c200fd65ac344d2777f29bf92f2c

SHA1
579e30bba9560943ac46b75ba53e15f28a93fd4c

SHA256
1156bdbb2aeb983eb4bf319c4d204c05ac128f35e9065955349fea959487a031

SHA512
31ab97d2a206b5059b2d9ed118ec9970d34b2634a88de76f64865af741fd631c6783c16c04f1fc82bde47e869c76f3fcd0b40df0eb660d914e29c98bec3d0b66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

Filesize
6KB

MD5
9b2ed5d5c1d42fd8c69aa4cf5e7f201d

SHA1
b82f24c9aa221a3c75f87dbf802787a5c11726f7

SHA256
14a51e6d7d2a04aa927dbf2a7db2aac888c9133604ddf3ca83279746853b5775

SHA512
4868128bffafff2b515ddec2a6e660ea89646055ed3751eef179ae5010628cb22947d872a55c22d4a29fe6592f7138da91c03597ba29ee2e32ac5a7b28c05e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e762ba3394ead79882833e4bc2285f1d

SHA1
6f0239aa16694a05de13bfa4a53e97cf605d208f

SHA256
b66ff41822df8d72e555d1af508b86a332ed12e89b9626bb98cfaa94c21523d3

SHA512
4bc782fc66a11a407078384aab141b727e720ec1416769002668a98f17a0a27f470ba5b8a87f62f3b7d1b76147683692f7b86fd7e98890c8c07dca5250687cb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
817e6f8691b3551f156c20522b297839

SHA1
747cd0a8927c247ba7e30932ff8930497959ba2f

SHA256
9934f41dcca4f0bb16cdd401c72bf58d79ec8caf6fabecc13055778a82a15144

SHA512
19b755a4910acde2532d9f1be5fb89fbbf0d58d7cb2de9c9b428f563ac6810d3974ebbe6dcaeb04f2b8564404cada0fbb616ed50945d84cd45a0164f0e18bc6d

Download Submit