hxxp://google[.]com

Resubmissions

23-02-2024 08:32

240223-kfe3tsed26 1

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1796	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2748	1888	msedge.exe	22
PID 1888 wrote to memory of 2748	1888	msedge.exe	22
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 4736	1888	msedge.exe	91
PID 1888 wrote to memory of 1860	1888	msedge.exe	90
PID 1888 wrote to memory of 1860	1888	msedge.exe	90
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92
PID 1888 wrote to memory of 1096	1888	msedge.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7fd646f8,0x7ffc7fd64708,0x7ffc7fd64718
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17438787763843875106,6404753718283453804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.0.1891996161\2013903739" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66b52b1d-26bb-42f0-bd47-9e105b1d4187} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 1984 1f9d19bd858 gpu
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.1.1147703789\575115282" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {791474b5-824b-4474-8f4d-d296cb197aca} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 2392 1f9d1131758 socket
    3⤵
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.2.441523788\860086561" -childID 1 -isForBrowser -prefsHandle 3376 -prefMapHandle 3372 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c8a4c95-67be-4d8d-9fc6-33b25fa23e75} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3388 1f9d55dc158 tab
    3⤵
    PID:468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.3.1945613668\941490681" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {336c7dcd-e264-4544-9296-2a3474fdb73c} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3316 1f9d402d958 tab
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.4.771648835\484785990" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25093b80-9015-416b-8653-4f95c43838fd} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 4436 1f9d7537858 tab
    3⤵
    PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.5.241191568\594140523" -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5116 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6acde9fc-40aa-4ff0-ac59-69094640bb59} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5236 1f9bda69f58 tab
    3⤵
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.6.443994553\465507697" -childID 5 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1368aef-d203-4321-91d8-84f8a9e8bdcf} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5456 1f9d76d7958 tab
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.7.385306831\156142390" -childID 6 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6deefc93-ea70-45f1-b297-75bb5af3fae9} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5580 1f9d78df658 tab
    3⤵
    PID:5464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
af007bd3a0570d0173071002827d54bf

SHA1
ad0d7badf424f516c35e743fb17359a281a652a1

SHA256
7455d60bad4c3591b91173f9cb966f12867ec6f1d1ba2f86cade419e186c6338

SHA512
0c039f0c429d07d778273f4b4dfc4fddf06caed4f4d9611b3a5f9d433a5fdf9ec8011afe398b5fc506952587618a73225ddb9ce0b314977316e85c11ca29422e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
d8ff245c97ca8a2a4c4212d713503563

SHA1
d94ca3063e251f50632faf66505ab5a7522db398

SHA256
8c875c76c0e4204ebd9d4ac2a63c098cb3312cabc5edc8cd97a63f221b0331bb

SHA512
701315d2cf62c38e515e0e0701563990985f6d8d7d2adadaa1aff20d17ad7b17e744a9907af60aa30f1f11e5ca455cd3cad14db8410726927f050af451400f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
268529caf521eeaef74594aedb2b46df

SHA1
35f01644d60e6207d2d7016c9ec9c1bfafe52d46

SHA256
8b50eb03444942ec47e574c63f8330deb0aaa56c9d8dac633854c535620c983f

SHA512
8a4fee5e6a798fed99e9dc0250ae24052c1775cb9cd0efca69dbe2bdc3e2f53c680395888b7c6e57079de3484d412209c638901df4b149fa2c81c39928c541c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bdbeffc0e79089fe0d3022bd04102ef

SHA1
dc9000d2d47fe0c78a2d7486443c9d26cf5f0760

SHA256
a1564a17ecd65f371af2163cf78d7644ee9e64f9380c4082396888f5e137d6fc

SHA512
81aec8ebf09b915c511061636c16af5b793570527e1b0985ad1f1ee03e867ab7054dd6eb4b0e3d35a8338013ab8589f9fda6b335def5af99e68c50f581bff364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
054f4ad85a2187c7edb04118a6acd6aa

SHA1
e0d0607d0d9254b02f6182f823e59c0d8b9b41c1

SHA256
ad0b0b8e44445170f67537b6aab1c03af61c75ccdce9c560e5f9732eae0add2c

SHA512
0225b7ab1cad3794141d9d8624fa1f653966a78bfd60ed9b2103289c99e1a39ca4128c57031388c92199bd01ea4b2d99574f1aa72dcf841c4959eb5b04aa9c1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
9b8cdad9abd0130764c60efe8f65e2ed

SHA1
d033636a59ea92bfb2e1b7dc7abb8f801c5a8fa7

SHA256
8f26e87a0fe1b7a1fd1b0a96609f53a229e7a74cbc46232b14c0e72e9e295557

SHA512
6a50751e831aa93cc41c03a89b3bc00f8b834248cb29cb86e174b1fc2d3d73a59e6d6eb8ed80ac8eb76f16e92d216a10f3e51aea396a703dc7a89900982a805b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b45f0aeea91560e5e88a35d2ea08b145

SHA1
56341d9378966a9b432a9e44e23904949cfca4e8

SHA256
6926e870c9c0304a5520217c0d1ed13854a0b1fc499976ecdc42a7e36bf5b9bf

SHA512
dc719e6295db4e1edd87a6c260572785b125a6292dfc0c55e9b60cd2b9bd73250d8662cb9d4af35b65e0cab92be063c454dab9f6781e1ccaf6f3a9b79a7714a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\datareporting\glean\pending_pings\0a461976-b4f7-4bcd-9cef-25b3d2f9952e

Filesize
746B

MD5
407882b63921187d4e7b337a6e2b53f5

SHA1
b70830e13cd899db5ac6a400f8e55666a6ce7400

SHA256
5257b0027fc48fb5f20132924fb422422a065667ef5ef2aef2900e84089428d3

SHA512
5e5c9871888a9019b5a921383e83bb2e154d59725ff17618f61ea18223143a5c0b355e6665a28f4aab8fb752161bc7a7ad45e0285a44c866484b285907ff722a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\datareporting\glean\pending_pings\c365c5e6-0b32-44d9-a9f9-fbc98361db65

Filesize
12KB

MD5
4c2bb777d4d6c1c02a69dc210abf77d6

SHA1
aab613c3ac1e1fe2fdde506a4840ebb897ee5364

SHA256
73bf12fa86887fb08091cb5562060118ddb750addf83643506cb34ed640ce6cb

SHA512
ce3b9929af0cff6f5b24ca2a3b4d40b1edc5a282717b531a8fc09eb2e6ea381e2f7c6ee34aa0c3dd78168eea93ebca4860595a9359b5b82895f82fc3dba65434

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
10.0MB

MD5
d839a55c1b998cc1c36f618737f6fb55

SHA1
566f2eac759e2dd6ab426184174ad5563a1f370b

SHA256
0b90e10d8c75a8959339d0e47030de040edbc4a04b1de153d897ccb3eaff3ef9

SHA512
db8aea6ce49d16703a9b958d5afec6406eccd6d84675481212875cf50f76318ba9e21fa42ca77c6b4ad2a8f874773cecf18cccabff89d290757b4be7ce9358a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\prefs-1.js

Filesize
6KB

MD5
47dd133f3ce6781f1a1188a7e48e7a16

SHA1
e6e945a1d763b99ccfb1663829fcc88ea0428e27

SHA256
4add2bc149e0d13fb249fba11bef628a68db110c250b02a9f16b2a7270c64ac9

SHA512
133febf1c9bf7183907977df74bec77c7ed89c6533937b1721e331fa406ed77f88abb73c40433789887122fdd59e10a3ad3e0967f5223f5022dfce0eac5bfb5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\prefs-1.js

Filesize
7KB

MD5
bb98d4c780664470a7dce4f582e7937e

SHA1
82820f8937dfb78c069ec92e8f5152e918793f62

SHA256
e76752612295c2ad509d9e43f7be62cdb745ddbcfc9091f4bb55c3486c232729

SHA512
dc98657fe920753d480357356b2a98a0e7c28d5b821fc93c19ab8ab5f859bf7cb59f27176387b89cf1f378ad7a56d6704c13d1539e10c9671093da3b8ee711d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zoo1d5k8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
27a5ba8b3f6c4665d4fe0bd352cfadc1

SHA1
fc5e3fa6f30eb4bd9519f22077d17b5a5353c6f5

SHA256
d2f4bb3b88c0dc4dde0cb34ba2cf7409fdca6b6c3bcf87192ef9705df29bb32c

SHA512
fe5ecb1e4610490ee322ee22cf335c0341d8c1c60b7242d51c73f0bc6dc4651616d2ac18c508b5e5f4f9d48a7a65eab88645a0d29ae6eae26d215241696796ec

Download Submit