b9e3da355585aa4a79fb88b7a18c309119a0ef6f68804d3ce6ebe41a767e2b91

Analysis

max time kernel
29s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

389KB
MD5

b48c922e2f1a2db119b0031ee0c65608
SHA1

036011fb6789dc126053542c8677b18522dcba8a
SHA256

b9e3da355585aa4a79fb88b7a18c309119a0ef6f68804d3ce6ebe41a767e2b91
SHA512

ae27749b469b70789e5792419c56c007d61ac9d11a7101e2042df6a38a16402c08f18c8765344f82ceac61e3f269fe3712dc2ced2421c7037289bfeeef16ea8e
SSDEEP

12288:2JuzgAwpUDR3PyToOTRfWFLzz4B46yaVhAkP3fJnCqYoOpY1scZiQK16Ddxz3BV7:KukxpUDR/tOTRfWFLzz4B46yaVhAoxQm

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
1004	msedge.exe
1004	msedge.exe
5404	identity_helper.exe
5404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	808	firefox.exe
Token: SeDebugPrivilege	808	firefox.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
808	firefox.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 4268	1004	msedge.exe	84
PID 1004 wrote to memory of 4268	1004	msedge.exe	84
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 4196	1004	msedge.exe	85
PID 1004 wrote to memory of 3916	1004	msedge.exe	86
PID 1004 wrote to memory of 3916	1004	msedge.exe	86
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87
PID 1004 wrote to memory of 876	1004	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,14265096260299628982,16095694540930600138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2360
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87476272-0bee-428d-b16b-be49f9851a81} 808 "\\.\pipe\gecko-crash-server-pipe.808" gpu
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84957903-9922-43a6-af34-c8d8bb929550} 808 "\\.\pipe\gecko-crash-server-pipe.808" socket
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2844 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2940 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b614697-a273-4760-ba20-e59fe099a797} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 2752 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3d5ce8-6bb9-4add-9510-035db3cc1dd1} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1172 -prefMapHandle 1168 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acead07c-6c7a-4cd9-a86c-f85f4956a432} 808 "\\.\pipe\gecko-crash-server-pipe.808" utility
    3⤵
    - Checks processor information in registry
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 4712 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37723bb-0fc0-4681-a30d-63cded7aba52} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 3164 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0fdfea8-ec08-4631-96ee-69e4d01ff645} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06501b8-d462-48a6-958f-5efc1d5b562b} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5944 -childID 6 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29bc8724-306b-48ed-8e54-6648acce4020} 808 "\\.\pipe\gecko-crash-server-pipe.808" tab
    3⤵
    PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61bb1b8b78330da485b1cfeeb61db682

SHA1
20a711c5d57d30c6e90096cbf01730aaa05542e3

SHA256
862cc40b391762210055e1f4a3b340bdfaf3c1c992de2e19d91da488f58bd769

SHA512
46428b9230be2c0f49b19bd36a8e4fd32151f9d58be0fa7684f2259395df2e4695f7cd4448e71a96153ec0a95163353be72ee0f155e8649c83badacebb8e0f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a4ade66dfd821477c9e578d19e1b3e1

SHA1
7e1cc5d602efa5e97a6a50bcbb23a5e612acafab

SHA256
b557228d16ef36d309ea520a1efb3214206e2d9b826c60a01ccecf79bffc8a93

SHA512
6ac52574f7108c69350a734c7242ae5661a75c0bd1c0711a8c72c3d7f6e64cf41761ce823738bf208100ba1b366ec752e007b9ff76a10a92b75005dbd39826fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7e72ef00c0f74c66de3fd6f4a2239df

SHA1
08abcf1a85e381e1f6978257ff311a58622db2c6

SHA256
bdbfa933ad95c6f309a991c978ea0edcaaf0304bcb5bb1e76791d34cde47df5c

SHA512
70ee7c4074e184d82f344406eb87c5c597aeec22d83ac1767c59168502684455ad17559796bce21018c1c0cf32c0de9c66210a24c03c6f2ae6a3c3eabc271882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
aa901f63f52b861c0885b779d2fd3103

SHA1
037f6d5a6b840a43b3307f961b050dd40c6393b9

SHA256
5541e47a201807498658e105c08ee9b2fc8ae3e38162e45659a4db9e7131baa3

SHA512
dd2b4618909599893bcf32c5f83e7a0fb8c61d39e710a57ea4ec8b43a513fbbea44e5b6c2beb7437a0b3dbce4db75651abf5ee436dcbcb0b9e4f77a971c9bbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3566624c396cdb4072d3b14bb3062f8b

SHA1
96b6a949c5d01c68455f06242f5cd3be9d3406b8

SHA256
cde79ccbf33eb38b00bc0e7a4e69c1730e20edc6355902a15e3e0de01f9083d0

SHA512
50e566204b408b3b1b000f4dfeac573e9ec368d616a42596da29391a6b55b3fd99c04c4ca6b3b8cccebf26b2d399e17104faf0e0067e16305544ae607fc6cf11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
ef3d9ba1da53774cc2c310e9350719e1

SHA1
d5534954a557151030c1f2fe5593cb384a549a88

SHA256
d0fb0d5f57ac0a697888dbde128b932b1425a7341db2946cdee7992dc8cf69db

SHA512
f2985b119de8d25b205fee43e0562f1ce169e181c43fb1261cd68adf1d9213ba72ab58a7bbdb11f4b61759dc938e3c6e0877ae2ff024e51654eabfe5108aaa9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6e56c6075c894c0da66d077f8706b7ad

SHA1
8021c8a7d17645e7266de96bb693a6f29a9ca71d

SHA256
79fc3facc441a049a3aca4c17b1cbd9d5dfba9d6b6f58ed37b12fc1710d9e7d7

SHA512
942a3540323daf76173406641a29996298838dd08c0823d9a950767ad1ee2989cd6f134a767b06b24af87105321c329f7c2d567589924717c9959f38fe05c275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\49ecde2a-fd7e-4191-9fe8-a8f642852582

Filesize
26KB

MD5
d23e7bb6aa5815333a8f97a2753045a8

SHA1
06b680d6d711a77fe81ba1ec6a6e944a52a1a044

SHA256
799222e9fb3bbfb2692caefe867a5b116ef0938b89fd53706f1b0fc21c5c71a1

SHA512
051c3119d7f2e60ca82af666e1a57b799198d5161092933fd5edcffac166950446fefff1ed87946e444027d926b7035fb84afebd839c4c8b0999beba2d5135a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\b4e063db-3751-4f80-813f-6ef7c01f722e

Filesize
982B

MD5
05225dbc0dd773a607c7224956c3d40f

SHA1
a2de41906044ab0a236a06f425b4bd3e2ea36baf

SHA256
e79210674e8b798c48a12da6b7963be16b822e7cd41e47ea0e596582344c35aa

SHA512
67d3f76c6eb4c23b75f8f6c1b52a7fa7126a455a98d566590c6c53e17b7da005b426607cbeafa82beaffbba1b9f6138eeb1b243f67e2f9ba0652d941237c1703

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\ffa97f9a-b4c2-4168-8e00-852c9f683903

Filesize
671B

MD5
8392fc9b3e47130bd742b90bc19bda1a

SHA1
84fe74cce7ff49358c36d70ae2952e643e8c5c01

SHA256
b6025b45afe8063615fcab15edfdf50d7b8f3dfb46adac1d6ec083ed5920d822

SHA512
4254730da9d8e4f7e446cd6284fd3367a72241590a6e60f1ecbfdf96d1bed91f2fcc750663925da5fd03bb98fb2ffd60a995976951741cf009efbcaf1ceb9fd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
31bb2c29e4a24cb257c002b0a3f65e3a

SHA1
218842c4e90940494009dd942137ef478a36873c

SHA256
4299435fbe312022f5ebc21b32f977dbc303b6d92aad1ebcfd6bcb51d4994ff6

SHA512
f75a290c42cdf208e4fb858879f15661c2cff4d2f989b644c298e6edfaf9cd196c5485c345fd998e3f902e6f47668a3a062218020770a8cb9e5499b353f2cb16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
4f3c649471fda021e6712fe3db94309a

SHA1
43fd4a3b02a4434736e7b67365175070371333b2

SHA256
7722ae76a219dc68be3d930e3a7735ff42d4b9e39f788b6c1742ba2aacf5b395

SHA512
bfce368fc12af1a3afe7d9f24f52664290e76931994c07fa661fa4400c43998eaef524b2211f6e22640a7636fa9237a2952610d408ae21051d7b8a1c3ef8c396

Download Submit