hxxps://www[.]cosmicbetrayers[.]com/Cosmic_Setup[.]rar

Analysis

max time kernel
49s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.cosmicbetrayers.com/Cosmic_Setup.rar

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4724	msedge.exe
4724	msedge.exe
452	identity_helper.exe
452	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3320	firefox.exe
Token: SeDebugPrivilege	3320	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 3388	4724	msedge.exe	85
PID 4724 wrote to memory of 3388	4724	msedge.exe	85
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4944	4724	msedge.exe	86
PID 4724 wrote to memory of 4260	4724	msedge.exe	87
PID 4724 wrote to memory of 4260	4724	msedge.exe	87
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88
PID 4724 wrote to memory of 1036	4724	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cosmicbetrayers.com/Cosmic_Setup.rar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8232446f8,0x7ff823244708,0x7ff823244718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11652602481024138612,12491366800893824345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3188
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.0.150796017\755996894" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {239c5e52-c972-4fca-b713-1bf4113627cc} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 1976 19075aee758 gpu
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.1.1468181518\169525608" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d593bfc-23a9-47d9-a053-d5098f03ad28} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 2376 1907563db58 socket
    3⤵
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.2.584945335\1914866157" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1af4cf2b-69e4-4384-8f78-3a6076bbed95} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 3100 19075a63558 tab
    3⤵
    PID:3972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.3.1833415033\167198596" -childID 2 -isForBrowser -prefsHandle 1068 -prefMapHandle 1032 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21ce58b2-ee7d-450f-8f3d-48e12f383cc5} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 3676 19069260d58 tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.4.534330567\1334780077" -childID 3 -isForBrowser -prefsHandle 3816 -prefMapHandle 3520 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a796560-e610-4a55-b10e-2c3369096862} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 3804 1907b0c4758 tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.5.1042562584\661782353" -childID 4 -isForBrowser -prefsHandle 2816 -prefMapHandle 5176 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2375454a-c103-465f-85fe-225a99a4fb76} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 5164 19079f50558 tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.6.190474209\1237736221" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ba9c94-f77f-40bc-8cb0-17d49b5f002c} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 5268 1907c2dd758 tab
    3⤵
    PID:648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3320.7.307204851\171074922" -childID 6 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9942997-e438-4181-aab4-11830c5bd875} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" 5472 1907c2ddd58 tab
    3⤵
    PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
adcaee950d040635aa31ac4e8e0fec72

SHA1
401aa34251b94cffe85863ed151dc6dcbaf4825c

SHA256
f8fc3262b361f2fecdd71b1dce467399d1ab5e223536bb46d9a676edc313e310

SHA512
b627edf65697eb2561bc6b19636734c77cea0ca285a65494bda018a584d59b7c1dfa2a04825f69eeb4c64a173403927f1fe77dce51e9fc5952699ce86027e623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d8eed7c65a2b1cd75f3d41b874d279b

SHA1
e1cdc630db28386833982264b0eec5ca2ea98ab4

SHA256
64310c791ccacb8912ed26612e9b2d3d36eae62656c11e9472c96b994fdfea51

SHA512
672079d1c9b06f1a7e22d5778da8bb590c6436c91219a8330717244e419f20ef97cf1ebab34e5fd3acc97f203e2ec2046e105124643d696f4532519f62d3330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4f37e6077dac0c571a97cd14bdd65b0

SHA1
256908b65ae1bd1a2b1d7b5bd7c791fd44452dc2

SHA256
547555f795ba47e5313057b5f4058e8d35d6e9662a412db0768af76ebcb9f877

SHA512
f562324a3435dadec7b8f1b3fc90b7d42c8cc4b3363ea656b7a482bccb7a40334ae1093358b901e2bfde21d354a292c6d7848065b484a34ade3a61c370b35e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5edc59368f544abe7ba819e9e11ea29

SHA1
9fc86e3a820ec0c176053960da0b54ebab76c5eb

SHA256
b22d25387fc253858c5de4a91bccfcf818fcc36e025dbf75d1e60c344c2cde1a

SHA512
b53941ba2434e0e64473c682aa4df2db0cd446df94d4116f7953b9792b824285a6e69a4821109a70367d2599a27c5f0d3360aa4a9cac7179f423e0bc4673a0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a93bc04bc5c1ad798f04fa8c275355bd

SHA1
17610e470793988edde96878530ecc3b8b3a5511

SHA256
24235117fdc4261db7d0284c04aab9938746ca5fee1179b3a8f44b7996095827

SHA512
946fd233f21f8032d57c4f3edd1928802eaf20291c906900481fc10dfa46ccff53c81f289118d9db8361a2eae89f407e29524b19f6bd2800fed681601a5c7e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ef30b55295bdcc15b1adf9d8556707f

SHA1
bbb6ea42df5e51af3e6028f66fc44e882dd00a64

SHA256
cf2233463660dabf392750c7b3764bc6a78cb1046ee858fdc0e93bdc3de2956e

SHA512
a8e240527ac10d5eb319ba51de2672c71197d93fb40f2834507239a347430520d9edfec56746a23c71160159ed5a12525f7317343646cd933a9ef955f45101f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
046f28721d25dbc8aea4d60fd3125877

SHA1
c9c60b679dc908408a3b5356329d3d306deb68bf

SHA256
80f929c29f9d9969b63c8cee04bd3a7c9e9fb3c2567025e70920d4ce901dcd47

SHA512
a4a7348ee71c15808f1621780f81321e84eabf10221ac4ee4dc1d9552c2a3cdbcbc574ed681b52638cfec1c13c020155319e3b382884a8276b11096f6fc66ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
215f296eba1d16ce81e53e9b724b6d8a

SHA1
33a48fbec10ea22d65cbd9a3b13591b788f50170

SHA256
5261ee45b7b2b84a3d52b1d8b521335f4e7a981e7831febdd4cc755a0410d15a

SHA512
1a789593dbbe99fcde13c0d3bd41410648ec41dbfaa885598b792a6be3d78502276bdb4214aa2d981239cf4782346ce9abed79126494ef815451cd738924565d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\3aec81a0-d2ed-4219-af6f-7bb296479f49

Filesize
746B

MD5
ffee63e754d691048993801db7b71f50

SHA1
d81135fee49f1cd027799be75c459b8a8b16ad6d

SHA256
dcc27415578a8833953eb9122e4f08d7c83088db3b8ea5825107029ae0bab786

SHA512
2809d81b4455498befca50e68e2e180e4daa52a996d1a9b9ebea51e7a2dff2bffb1dddc5c411a869a35b6300261165f0bc9250066697fe2e9cb49b1e8d39812b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\6b569efe-5c74-4680-9120-fc931417cc5b

Filesize
11KB

MD5
0273ce807be6439a135842fe99f5dba9

SHA1
abf97b3180a6c552ff5ba29b5573dd4808324d4e

SHA256
f16f4d865ea963a17d0322b38d5fc096657d84d3447e3d204601a1813faea28f

SHA512
636f5961924072552c98e79a913eeac606244eecd02e939c12aa91512ba646b13965764348851a15a17181f0f06572649dfc70ee23f9a52f287f3fe21867dbb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
7bcca0e29abee792e2a9a57d316f148b

SHA1
0bba39875a1372757a59b4df145bc7046ca99b26

SHA256
3c12339b4f7b1d3c50fca55244a207132f497c5d5a0483ac7a01a4a6644f4dc2

SHA512
f64cdbe89452629dc41f0eca9d6ba243fe5c00617e13e869ed3c5f10237938d6bd8f9da005600b28fcdfcd714327817fccaaeac1b352e37d5132b0f22fce4423

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d9fc02e16e0eec672ce59bf4bb878c40

SHA1
67f970ca4582f12e13a559bcf0cff96bf5bbd9e6

SHA256
1f2139184f28de6091cda3c86204fa48bd2718acd71f410691f33f6d3f63a005

SHA512
d1f9067f1f9c06ff0581e9e0b4dc1ded05e54b8aee7d92a0e2d32f755dd32c2d76d2ad08dec05fe2ac2a032b509c98f7ca05765429de7a9ac10cdc6cd5bcb456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit