hxxps://dstat[.]cc

max time kernel
879s
max time network
432s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dstat.cc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	firefox.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1244	PING.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3940	firefox.exe
Token: SeDebugPrivilege	3940	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3940	firefox.exe
3940	firefox.exe
3940	firefox.exe
3940	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3940	firefox.exe
3940	firefox.exe
3940	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3940	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 4536	2432	msedge.exe	62
PID 2432 wrote to memory of 4536	2432	msedge.exe	62
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 1824	2432	msedge.exe	84
PID 2432 wrote to memory of 3968	2432	msedge.exe	85
PID 2432 wrote to memory of 3968	2432	msedge.exe	85
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87
PID 2432 wrote to memory of 3392	2432	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dstat.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb767846f8,0x7ffb76784708,0x7ffb76784718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13095187771070609872,18019298222795085825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13095187771070609872,18019298222795085825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13095187771070609872,18019298222795085825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13095187771070609872,18019298222795085825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13095187771070609872,18019298222795085825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1280
- C:\Windows\system32\PING.EXE
  ping -t 185.102.218.1
  2⤵
  - Runs ping.exe
  PID:1244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.0.2142691251\927512426" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdc9d40b-bec7-4743-a0f4-91ed320add83} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 1964 1e510fdee58 gpu
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.1.316680216\1544391062" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29fe49a6-3a6c-4211-9873-6354755339c4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2364 1e510b33558 socket
    3⤵
    - Checks processor information in registry
    PID:1432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.2.1368263909\1413082741" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 2876 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {855dcd63-6070-404d-82bf-611f913c769d} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3020 1e5151b5658 tab
    3⤵
    PID:3684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.3.1007856851\1493975392" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3572 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf528a2-886e-4710-8565-cd58b31f8b97} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3596 1e513cf6858 tab
    3⤵
    PID:1900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.4.1641925997\1515279375" -childID 3 -isForBrowser -prefsHandle 4108 -prefMapHandle 3628 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d60bd5f-9bb5-41f2-b5a9-2efb4edf5c07} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4092 1e516734b58 tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.6.797675601\2015391322" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc59ab43-f433-4b78-90dd-50d61a107d12} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5212 1e517566958 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.5.1262374024\1882683144" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 5064 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c463c94-cf46-4cb0-8e82-a9f7229f7a13} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5048 1e51717c858 tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.7.1818871093\1007465888" -childID 6 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea536978-4bf8-45b6-8e99-2c2f90ed7df4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5488 1e517567858 tab
    3⤵
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.8.1001424402\1405671601" -childID 7 -isForBrowser -prefsHandle 5716 -prefMapHandle 5712 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4047e918-3958-47a9-95f4-7690069c0844} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5828 1e519183e58 tab
    3⤵
    PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9927d74e-df1f-4f73-9534-405ed1ca2195.tmp

Filesize
5KB

MD5
9947d7d4df8f72b7ed5f7558797c0990

SHA1
195b7cecbf9a6270ff97bdb2c3dfaceab422fa06

SHA256
e05ef8eb0cba9716b87c54e3d262f3d1c357d6635c2d8008f2ce5cd15f55a075

SHA512
957a5f28c13dc7246421e197330fabda76f95fbbced0a1873ee71fc036ca75dc465b14d6aeb128b1ccf76b08bf45b74bab417a096e16be92717660119b646152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
480B

MD5
649a2cd3429cfc59d3e8d57196d37d67

SHA1
ca355bb47371645c9a16952fc5e0fa2da0b84451

SHA256
d9570933f5a9b3427ce20676ae01aff70878d8d40d2979b29799c196292acf57

SHA512
69f7d134639e011321ff507ad63d2f1e4fcf9236cdfe3be7accd79ca77f9f43396d845fb1995e814b7e27aee036c95998556b54b71df39f03828484414e984b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecbf39be51c2e148594f85deafb98a54

SHA1
052be9232992171ce3df1314751c96583de6390e

SHA256
36e3d96a0e8255c5aeb03cb4cc204a64edafd48ff70ad2c74f52c2077f53b5b7

SHA512
a221b382d7a0204a188a4a2512c01c5beb5c89386f6deac4ba0d9ab56ccc78e6af15f9b60550ddaa4dcb525eb3368290b0cda8166842c56d59c484c173f9437c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7fc3bba51e07f5e716ba479c11a7a64

SHA1
d64093e3a541ea92382f968d532958436cfab1a5

SHA256
7281a477fe2ded08adc3f997c1763199dc6e40d3b2d665e95e42edec9b46cb0f

SHA512
00eb7511c75c091036bba900d8bbee150e782f9d3b2e23cc4b0f581ef1ae431a81718f7a1cca1fbb808137cde2d19521cdfe3c493c4a4a3a8065bd646ff096e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd73c405abca979463a053f9b4d14679

SHA1
68e6ddf5f7e2e68a3f1ecc177941f6b44684426d

SHA256
acb7094ccbf017cdd76df885d7beb7d195509d3b1eeab6b5fe1514b91599bb41

SHA512
ea710569b519f36219c50b6c3cf1cfa7073a8e015bc36c6dd2c62974781c97ebfe4f761124ef301b78aa64b2824c6a4f43fb8a11db39a4f786548ae629f25ab2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
9b2fa5b98375cdc8dda0b51b13d7ed26

SHA1
6835b94eb6dfe84e91a103d7089e1e93a95d0a1a

SHA256
97c3cac11f2f2270c3ddbcba115bc7cd697cccebdec90380abaf2ccf648d4e93

SHA512
b4bf5768a225bd5a492f4ed290f75dd543f4f5e84a92ef5ba4964c757245a6cd3cf7a192d98f971ef12281965c1b6754dba767b0d9619cbbc4eda3f9c54eca2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js

Filesize
6KB

MD5
3ea3f21e5f210f3f55ef6674d063dd58

SHA1
e5c60e62ef932ca9c98b82ee0244b889dd71f1ad

SHA256
cb2529334b1954aec4e64aadb258aadf758a7f400b1f0bafc869b5dd19a1acc9

SHA512
bf9cb0d958f470d2d30bccbd44108f53e81af9cb147e22719791b3b08cdfafbdfce8af05ac861bf7e4022738ccb07cb1fd0bd96d641444ed82fc3b662281404d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs.js

Filesize
6KB

MD5
721aed9950e98d40c6cf0567c9644baa

SHA1
22d0aaca7f1af473ce3d8fff4fae1cd127077126

SHA256
87b1091b33dda0e975aaa5cfe81388282eac3fd3b71041237d832850a04c134f

SHA512
7c4c44a325605eb4f9ca0846759065be9d23b3fc682c7259c87c7cda6556f13fb47ce99316e3a232aca753741a9a1a9bd04ddc8a1db90bd3b19b8e37284fe55b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0a90ddc895182ead543a21817c01afbb

SHA1
913dde47bf621117636a5570d59cb2cf1b8f70bc

SHA256
d1b780c57576d676387e603503762af0dc9dc11f4e774a0ff9bf8746bfcdc1e7

SHA512
8f5728cb155cf1e9a714edb3a5d68a1112bdb5b207999c4397b0c500a296806efc8976a38bd1131dade0ea90d7492ddc63897616e8315ba4347762031339444c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
1092945eb0e463cd381c6337be66da14

SHA1
75635a2eefb387c1b73e23ab9a6cdb365b5836cf

SHA256
f41db73edfbc129502da0ad45dc6ddce5be9b9ab263d7d81c4ee7b3216706d2d

SHA512
370261bdc84e1fb34354276d7810fa736ed9314a6036c1b49ca4051297725d03390b233dd2b0beb3b462be01434bb14e0e7e081c7447956f66679ea4a22b8b6b

Download Submit