88314ed5ddebc9c1f87b88d3b1f56d55c991036cb09522d8c20f6e01b74c22e8

Resubmissions

22/02/2024, 17:01

240222-vjw6madc37 4

22/02/2024, 16:54

22/02/2024, 16:51

22/02/2024, 16:48

22/02/2024, 16:46

22/02/2024, 16:44

Analysis

max time kernel
153s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

56KB
MD5

13f5ced3be33542807ff00edec69fad2
SHA1

5e2bcd38d5ab54d43043feada4c9dcf4e0928c06
SHA256

88314ed5ddebc9c1f87b88d3b1f56d55c991036cb09522d8c20f6e01b74c22e8
SHA512

ec40cbf6a87d9d74977bc7290cfff89b3e01857f7702eae67786f5ea4ae76c15eed22e233c545a30961fa4f730a748a06a63d40c3d7218b5abf55ed33cd243b6
SSDEEP

768:a3yvV72MqMZRfmzOt26Ws/g36Or9v96AgtWLyvV72MqgZRfZtWL/g36Or9v96AGE:a3akfxDeHfxh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
5512	msedge.exe
5512	msedge.exe
4600	identity_helper.exe
4600	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5512	msedge.exe
5512	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3860	firefox.exe
Token: SeDebugPrivilege	3860	firefox.exe
Token: SeDebugPrivilege	3860	firefox.exe
Token: SeDebugPrivilege	3860	firefox.exe
Token: SeDebugPrivilege	3860	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
3860	firefox.exe
3860	firefox.exe
3860	firefox.exe
3860	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
3860	firefox.exe
3860	firefox.exe
3860	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3860	firefox.exe
3860	firefox.exe
3860	firefox.exe
3860	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5512 wrote to memory of 3532	5512	msedge.exe	69
PID 5512 wrote to memory of 3532	5512	msedge.exe	69
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2632	5512	msedge.exe	89
PID 5512 wrote to memory of 2788	5512	msedge.exe	87
PID 5512 wrote to memory of 2788	5512	msedge.exe	87
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88
PID 5512 wrote to memory of 2044	5512	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8e2746f8,0x7ffa8e274708,0x7ffa8e274718
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2653565618857350019,10787830948119460681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.0.39197815\2073311562" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64560a72-6191-4521-ad7e-01f9699736a4} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 1980 1d2c2807b58 gpu
    3⤵
    PID:384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.1.918106083\278911302" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6149dcb-afe6-461e-8e4b-08af97c115c2} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 2380 1d2c1039e58 socket
    3⤵
    PID:1336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.2.1702504955\214310202" -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3208 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2182d96-d12b-40bb-9ff4-01836e5b91c2} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 3040 1d2c1463a58 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.3.1988087788\733784964" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b9e9fe-8903-4b21-bd6b-892f4de7ada3} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 3572 1d2c3cb2f58 tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.4.1225119032\516128085" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3448 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3fe91c0-7249-4dee-a403-37e330ad593a} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 4148 1d2c5b63b58 tab
    3⤵
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.5.1819854573\1708730693" -childID 4 -isForBrowser -prefsHandle 4788 -prefMapHandle 5116 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cb8f81-5333-4bb6-a36c-7ff1b2606f3d} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 5064 1d2c7975458 tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.6.872460845\2135200432" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ecf4a9b-f8ac-43ce-990f-cc4a1781cd1e} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 5204 1d2c7976058 tab
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.7.390690461\108511919" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ad94d9-f57a-467f-a717-16331e2bd264} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 5392 1d2c7976358 tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.8.1906368003\895117635" -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5428 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ea78e5c-e280-4c96-8a99-7eed0e0401a2} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 5212 1d2c455ca58 tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.9.1893900032\593260118" -childID 8 -isForBrowser -prefsHandle 5660 -prefMapHandle 5652 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb26eab6-bf85-49b1-b694-5fb97390ccc6} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" 5176 1d2b4c72558 tab
    3⤵
    PID:6008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f15dd5dc846018325d194b1955e07574

SHA1
36f5d7868d78f4a7896afbc7705162d4a9d7be34

SHA256
d4ff354d495e2a54c2079e7cd10b5edcb58c9dae47e32104df31618836c01f04

SHA512
3e3d99a2f3231ff5c7b3d7ba7025d31b796f38c5e3902e8a413a172465c9c591c7f1802077360e4ce4c5e79258d060f9453d218284feca5fcb65e0a3dd2142ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
780a8438597e63010f31224c38873a12

SHA1
159d49442f8f228ad5610aa95dbf50ce0be7b541

SHA256
86236fca90bf1b9096284f6d005943dcc1618632037204c34db774b65fd580b5

SHA512
7ac5f939b296908bfc9a750713402ef34d82374c8896dacc5f97d0df01748d8172940be64adc954bd3e298bc62cfb6af01092b15d8da06dd40d64d398e39f930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0834f3201ab4b37394e37b159a5ff480

SHA1
282559225b4237f3ca66345de072444edd17d3e8

SHA256
554b09c5549b04ccc315a2f5c099662837be079a93abbfafcd97ac3115238ac9

SHA512
76e7fb08bb374c2391eb318093cb2dfb1c1356e7bea535f833e3d2f22b705389a429d2d4cc927bb5b0ab16cccd1e52b771de6458b730573c7c2ee9e65a528021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ef43ffe5f3296dc0fbb42d37d8b6fdf2

SHA1
1e70ff7bd69582ad23840a6783140a7795894779

SHA256
9074bde61e79f9b4dccd3704d5e4450baeaa9cf5d72d836c6e683832c016a1ab

SHA512
c3a7675c8d698b68f67a05b283f6a1a6ff41e0f05769d55870b6cf944e4984c9b978d5e83a7b62fceeab08cc938eb0b0a4c66fba8bd8c5b2d9412d53b054cbba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\datareporting\glean\pending_pings\54e9febe-191f-4bef-b497-7b051b525cb0

Filesize
10KB

MD5
ad5b7f48f74c5477ca2423b944cd1945

SHA1
8f6743257624fde5038821bd81728f4ffd3c651e

SHA256
695e5e822b7abf73355daac78e537977291bfd542d3ac6671b369d3ee4943437

SHA512
6f2a5aa05a5931dce2355cf0f053b928e5d0bce4ea87b74c30344cce520d1a5e04a633c139e114ea20ed53371c6b2ea0af2359466dc90f0252e685f82f51d3fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\datareporting\glean\pending_pings\e2defeb4-9621-464a-9247-8637dbe559bc

Filesize
746B

MD5
f389742966e5cad03a320773bfe5fd29

SHA1
2372bfac2ee691be5b83b2175084a6acff8446e1

SHA256
9b09a5990058f8882963b38f595dde69e923b2b33fcfc954191e57f3ff46d456

SHA512
d319b8cc4107598ddcb837d8a20ff00deafa943d4efbc2e0499ac50c89ef09be08a2cab5817b3c183a22bf10fccbffc0d240e5b3dcd5959ec8bea4dd2b77313f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\prefs-1.js

Filesize
6KB

MD5
217db785a6fd85ff09270855fea8092b

SHA1
9681f40dee27879ef0a8988589e24b778d889465

SHA256
e6816517d9b1792645ff228925a121cc11206d9d0489bded48c2e41ed2328a71

SHA512
f587111eb3a1cdeef71af0bf22501b93095e1ca68f97be089009955f295163aab5d979a867bfa90716af9a2ac95d5ff3d6d5e7da1fa64ef2adeb27d40135a15c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\prefs-1.js

Filesize
6KB

MD5
341d78300f769af7f3347d12734d3ff1

SHA1
5820be303e3482ce7621e7c0169fc82ff1f8b8d7

SHA256
f381a4f54bf386a4aa87c60ba2f6b0b66001292547cb5900b51220c7442fed6d

SHA512
ef68c2068338c9744167915eeabcb4f6f988ead2eee254768cd352f48b4f88df12a3296a5f464ecd99141b6083e1dc333fa29a301f27c9c9fa79d3df204ba745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7139bfc68bb6e7c6b92e86ff0c81669b

SHA1
2c78ee9b13b15801a6d8dd981d7f9b1703f4c695

SHA256
b20115b205bc6107472921f14c0f74df2226340b30150736be218339928658a2

SHA512
cdae55371ffa156a59fee1b2b38aed3ad64306ceedf59986f5f0438b3659def57e3917b378959af137c44281ee0d7d3de38ac6de7c849337f3639e88cfae2e67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a94950ced54a68053976dc084ee1c697

SHA1
72271ad6428f0167b41329f6f9d62f36195aa22c

SHA256
39c08664e524109faa1b56ab06d42f194ad4a8c8c6898d4e8bd7f2f1fd635a79

SHA512
8420c3f9e9e01c94e61ff7ff3f1d9d25b3f8d560b7e00ea2f7aa30046d7ebd35e3bd7db4ed502fa41f97462f61ae7f76b8369f242253157182f12a89160a60fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fccb5a66fb1b3e791c46b87647c6cc80

SHA1
a9aa0f5be1b79a99db51f28c7f73cc4655a0f4f1

SHA256
6f3edd3a22b07de1b31372b626e34d72a188f108996d23be1b0a6d2483b016c9

SHA512
1ab64b77856dd288214a9e33f248ce299c969ef8d4a991f815e6a12c72d2019812bb2e44bd48cf20e54646f97b9e19bcc0f43ca11a372db76b8783546c358da3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
37a4c818a2605670dd80667a94175b54

SHA1
6c868e69610811a55264b055b6dce6568ad71278

SHA256
fe66b29a71da4cdd9b20799adc552ccb3468c809c64ad71e5286c700fe222c22

SHA512
ad91ed021d5abd2ae34450d877fa069b8acff1121dbe2b6bf00b6ea1ea6f65b2b1b79e9bbb4c8613adb5a17e7ad85f6c5446a6cc66cb28537ba62a9f32a11eaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
c42bf1228efd7d10274b4f33b81ddae8

SHA1
43411aa1580d1201e7c7ff01696b84256a21245d

SHA256
72f4f9a7daa1a0cf0ad83d1b68826a20529f1b09790424e63553d642a2ae9491

SHA512
24b14b576527139e90f148d7697dc16d7125099d95e02f3bccdcb34db4e5fa9964f4c5fb58b038054b5d82f05ffbaacd0b35aae417390578e1e4b5537d7fe3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
cca88d6ec52f2bbe3a7135ad03befdb5

SHA1
1890ed9b0c130c08cee811e9d5521ed4d8c59db9

SHA256
4408370072cc90d96db3bf9ff1bc11543c506f7788e3efad7f86649a27010b0e

SHA512
9ead571c502f79d97addd5431ce6da112f4b5e2c550b76656269cdef8f2691ac55f7d0056df5c91918c162015a1c875ec193a60593f16e1483baabeda1354643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
096ca0110ebe48eef38a7de71689013c

SHA1
4a51bd67d786ad690922bee3a5c49795523bca96

SHA256
57a06045575920f8abef333aef17926f6dca7d8d9ec1e6cfbdc4f4ac5b9ea446

SHA512
d83c0270a6e62eaeebbe1b45b6ccf01532b5ea434ec1914f2ac63b8e8da92b0a7b2060285c6c9a168e93c4246a45f05ee975eb0d0b0d44650ca845f013936f9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uaw13bzv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
24dd24e6b6d9cd14eccef7b403a99b0f

SHA1
83be65adbaac9ee2b16302920aa25ab1859cc24c

SHA256
42e2d927267d021a97538d11eac711bc9523cb20053e624d87a69694d32318be

SHA512
e13538a33c6a59a0902d1e40342f6c5747748b0c8aa737ddbc2fe97d072cb53a59d8450c73b16859e225ed274277ec07212106b4a69234a097dd32f7ae459fa0

Download Submit