Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://pornstarface.com/ was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:14
Reported
2024-06-12 15:15
Platform
win10v2004-20240508-en
Max time kernel
95s
Max time network
96s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornstarface.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xd8,0x104,0xdc,0x108,0x7ffc06ac46f8,0x7ffc06ac4708,0x7ffc06ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.0.310701182\1239445174" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6e9d740-19b8-4356-9c85-1564f3ce7dfd} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 1852 154f4e23158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.1.1307064212\471024716" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfdb6f21-5629-417c-a7ce-a9ed3aeac4e9} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 2420 154e8088d58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.2.640076685\375181703" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {686d214c-3c12-4fcc-a855-96baa378993b} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 3052 154f7c03558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.3.1485463655\2003838764" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c618ae1a-1d30-4bd7-bf46-eebdb6784500} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 3648 154f9e55a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.4.1727066654\23622073" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cf3f361-c9e0-491e-9ea2-9d1fa8198b29} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 4952 154fbd58958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.5.207285605\723756708" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2941d27-5770-46ec-979b-0cef178156b1} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5092 154fbd59258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.6.222975180\825878907" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1545072f-ac7d-454f-9e5d-774c0907984b} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5280 154fbd59858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.7.1134171709\158602277" -childID 6 -isForBrowser -prefsHandle 5748 -prefMapHandle 5152 -prefsLen 27827 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec5ea88d-2dc1-46b3-b93f-a1fe763e57d4} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5732 154fcdb0558 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pornstarface.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | pornstarface.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornstarface.com | udp |
| N/A | 127.0.0.1:49793 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49799 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | pornstarface.com | udp |
| US | 8.8.8.8:53 | www.pornstarface.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
\??\pipe\LOCAL\crashpad_1788_HYGCICLBXMLUNPZB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d168733e01df5086aab98fbd40c93b17 |
| SHA1 | 08cb3dd9785db8fee3204e00eb9da4b5632bfc85 |
| SHA256 | dce2cf79c8ebfac1ed5cbf94c1dcc1e46d65ffccab0b52c4ce6b7095b4222d13 |
| SHA512 | d749d862f7836d7735fc42bce721f824d2c5df79b382b63138b81fac98099e4791085515b342ea339e2b86820fa66e68ed135a4e01bc2e5e4f507b9cd62b0833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 79e33db69f4858eee65c229a7e60cccd |
| SHA1 | 6d624a9970438fd97b901be34d7628dbe4ecd6a3 |
| SHA256 | 765afd9584b1bcbebb7d7b8f6c9c2ca5c78979282584bc21f8901d1629e382e6 |
| SHA512 | 4d8e74db6bcf9a6ab1968359a2c29ac927167b3012198fe3599dddbe3509698ec7ac6b66f8e0c6312b6a4a7ca1640810d6e8a5b43c18fd420c1229335490db08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4bd620acdd7c08c354d35f7ee5888c7 |
| SHA1 | dd0303d14a84c2c930b8b5aedc738b97c9a293d8 |
| SHA256 | 57ce68c07814a8ee70c522755b24973151f0f365388289b68457e6bf04d71ab5 |
| SHA512 | 821d59336edfa8c2e2bda1f0e6f303c24dee2191eedb3d1d06f7894375d681d9e12891a003a40aa4e54b8d2f8358873751cf37a0ed830f1172b72a8ecc9ff767 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b7a8f2fc1b43e9613d0f90f4f8142a1 |
| SHA1 | 8f4910cbd8304c0907e4747f23278a082e579aa9 |
| SHA256 | 391e00ee5eea31451b86088a93588921985c3b26b1ad0ee902a045d86f9a7818 |
| SHA512 | dcbe8393aa4f64587bdac15b94665092aaa1665f187fcd505987e1deb0f13f487d4f91b68ff9bc372550817de9d8446b7dbcbbd17f4976ab1ab57aface94121e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63114b7f-6890-4b27-b08e-ff7ab00ea812.tmp
| MD5 | 02861652652ca51c234bdd894e3727be |
| SHA1 | 5f2a3c572e65766750a5ddeae10d9d8120e7d71e |
| SHA256 | b969dbdff49cc6fccca5dde52b58a26130af78fb2e0709dba8097df1edf6116a |
| SHA512 | 3b87d6def40b85e71f86737b0da350f2d139410992a7b462570c721335ed27d3fe1a6e0de418f71e5ef23a0112975f27389ab1539322b2788c35f3bbc08909ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | ae45ec3da6fcfa2bba4b75440e8930c1 |
| SHA1 | b926db3f2f4af8c0be7502ab540112adbb4d76b4 |
| SHA256 | cf8d319cde177f986f525fb75c357b1c112e11bcf7cc4963e447633de2a6ee77 |
| SHA512 | e00424f8f631b4d5f2ae907b362f2a80db8a35c373ec473fc96425d1091e29bb48d64b27ffca15560c221dce4b6d6d6be388b1af17486fe5ceaa788c8f01eb46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 5d7d27a7182fa812d848ab4a2975aa47 |
| SHA1 | 3c2905ee212de7ab959ec479c64dbaa197c0c39e |
| SHA256 | 8c2cd6c04d8735b05e76ea357c5b60dc8c303099985269b35077f61e2f30fc4a |
| SHA512 | d5d5a3ef87afabf3f71299b374a92aeb519a8f541cdc74deb88aa48ef6deabb143599002ceb21fb81c2df5a4f06926a0dd725cf63150f701b2054e225a023286 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js
| MD5 | 1a8295b7ee1e0ce60488dfc8769d028c |
| SHA1 | 9240536ae266e143b1895d3e39cdf1b9abd964f0 |
| SHA256 | 6ce6cf5ce5e1a40d77d5e8c422422e284a3ca1d46e075846d7f6dfa67af7cb4e |
| SHA512 | a077f62c1e37fd6df4faa3eae7ecc318b6b3835af693435cd5859ce57531e01965ca885049a238982518a64f65a80d082ff07a7c4a108eeeda2bd8ec9645d3e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
| MD5 | 7322217b43adc312aba5582806e187b6 |
| SHA1 | 93c307f4d989a2663c88577a2a99bd7614e1c837 |
| SHA256 | ce3897198f52b1b303292942312f794a6a5b07aa4fe576b2ec3a7701a9a1e07d |
| SHA512 | 3a1529f15f9cc3f4313927b4d867c18201630f6155752e9fecadbf7718e9d6aa228858fba8066c0c16f8dd169c16d2c4d3a388de4d2efb8372489e52285860cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
| MD5 | 45ce18c77a390b24c3115b8e60a09071 |
| SHA1 | a818687601189cc343cddb344bc92d5724664e6a |
| SHA256 | 1d2ffd60806fd2b01b7ef214bdfe607f8e640978f0bf34e9e8b281cf6dd683d9 |
| SHA512 | e79b2f06bed56d787f4c1b9e355a8264eabc40f3afdd617d45aed0b776262961501a8bc7386591d5f673fff3e661304d470becf6f36075da8e0ee4d10b7f0259 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 09bdd3a29f76b375b45fe12525944d00 |
| SHA1 | c11ec2171b01421b563a4ac41dd70175825c50c9 |
| SHA256 | cd7cba58fb09db4105b2c655b3e167b9f3b911876a8cd9bb737b74614ccfae8b |
| SHA512 | bad746e6fd902868c9d21b14655dde0fe901144b2bba1aebf6f7aff2770f0759d3e6af1988f97343c1ae97749b6f7180c25a215beba369e7dbd495f1d693b054 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
| MD5 | 53a175aee41a437d583ff18b42fdc443 |
| SHA1 | 066f42f0fe66db9d59663763dded763822ca6fcb |
| SHA256 | 7003c4c2195da14f78d8cb96c062e7abf1f106ba9b6803a69bcb1b167dc04ec6 |
| SHA512 | 296fb495ac054b66ef1208fa71cac07d658c792c12aab94d8f149ae6e0aee57afab1c6319e10416279dd2e7bd1ac59e3db4c6ee100b4eff7b131d7c05c3311b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 368ac732b36bd94a977ba8e897539447 |
| SHA1 | 5863e1df6dd358c696f3747fc773b0d8eb88aafe |
| SHA256 | f144dcbd5ed0f8624ce873d43484dc89e7ab96d31d5859676182ba92c546b654 |
| SHA512 | fa08db399057d06bdbb5edd16285341f3ba7cc03cef707fab91d928a84c21a22eeb685927bd4ed79ecf19341671d59f3ae962585fe5f471eb5563ba2020109cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
| MD5 | 99ec9887fd7ab01d145faefbccfec310 |
| SHA1 | 754c3ddb67a7f20e4e5cf44014d9d5c72c75f814 |
| SHA256 | a131e917dafb9a2d734fe43e89853933da11ddc38494c035d6c06d2f5e16a5b1 |
| SHA512 | abc606342e0bb5f42299395f1e35dd05da431e65e2840a408a617c72fd06b59539fcf1f66ac20a3b6d5df9569978f56ee4e94ddd0bf22e3f06d121f147dbdc3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ef0fd5d012d0a1ba39585925ad5c0f62 |
| SHA1 | 92c84d90816108777d3841c412a25e0dd3ac17e7 |
| SHA256 | 8e97977b5b25747282040ba53fe150b3144fe58efcedc7e5a9a61bde820b2c15 |
| SHA512 | 1d34a56925250079e4973f951323035c5259090b9b23ffa0af9134aaabb64df76dd2d0352b1811cf058d584ea5e3bac2ecb0b068ec456c0875c182dbad4be796 |