hxxp://google[.]com

Resubmissions

15-06-2024 09:09

240615-k4sc3avemf 1

15-06-2024 09:07

240615-k3pwjsycqj 1

Analysis

max time kernel
100s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{B4836F67-679D-41B8-8A97-22EC6CF7884E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
440	msedge.exe
440	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 216 wrote to memory of 1700	216	firefox.exe	98
PID 1700 wrote to memory of 3404	1700	firefox.exe	99
PID 1700 wrote to memory of 3404	1700	firefox.exe	99
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 2596	1700	firefox.exe	100
PID 1700 wrote to memory of 4876	1700	firefox.exe	101
PID 1700 wrote to memory of 4876	1700	firefox.exe	101
PID 1700 wrote to memory of 4876	1700	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4072 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:1
1⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5764 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:1
1⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2852 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5260 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:1
1⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4884 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:4252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.0.710186053\1198407824" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aad5c09-09f3-4add-8453-28cbec0fdd4f} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 1980 1c650bd8458 gpu
    3⤵
    PID:3404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.1.803291216\1091877224" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c8c82c-ec13-4385-bbe4-5113961737ed} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 2380 1c63d072858 socket
    3⤵
    - Checks processor information in registry
    PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.2.1447362599\1632174300" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e0545a9-bbf5-49d8-b85f-296cb2e9ed0e} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3160 1c654da0558 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.3.2114334327\1038448603" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3440 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6011d7d-3cb0-47f2-8801-1594a16ec780} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3532 1c63d064d58 tab
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.4.326096691\1755854498" -childID 3 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d184a813-fd51-4d92-8372-f0a9588f16bb} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 4028 1c655f07158 tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.5.1682976238\1173864615" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 4800 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19434cb5-3616-4b92-8697-5ba1270386cc} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 4944 1c653581c58 tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.6.813272958\510680192" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87c46b4e-5457-4a03-b09d-7069e256aa70} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5108 1c6575c2558 tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.7.665038000\1499870960" -childID 6 -isForBrowser -prefsHandle 5468 -prefMapHandle 5112 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55177939-3629-4f34-98d3-417ae0bec06f} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5476 1c6553a6658 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.8.1011304210\1494551379" -childID 7 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c62269b7-634b-48d0-ba28-24f6042fa435} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5844 1c657629158 tab
    3⤵
    PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2b8,0x7ffc38392e98,0x7ffc38392ea4,0x7ffc38392eb0
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2608 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2824 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2852 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4432 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4000 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=2612,i,6529787581156331183,4622876865906313825,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b8d64f1fbfbf3deda35bce976b993a19

SHA1
241201fbb88713579841a9afc77eff0393d6a113

SHA256
cc386bfb566c4f966cf0d3155c2ef68d14084c47ae1aaa45bbb1bdfead10d61b

SHA512
c11c23a17681a95e3c4efc82e4554e47f85a4c3adc34c82ed9a427fcc721d0d55e8a9c39ed8fee5e43fa8039c2e8d5df1ea81c883f12faabee6ea3ef4f69f03f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b2fd2212da87c8736640674e85ac2fd9

SHA1
c7ea4f78e92e2589f0ed7e926dfc8653c34f9306

SHA256
4a2e62e5e03f020b22615a354474e926ee73fa651b00cff662802b12a424f2de

SHA512
eea452e188c5b500712aeb48d372bd42568803eaa7faeb2517a92c54690ca407050f18290a91c3582e189d9f36f1bb9a8dcced3b017d11a692abbe6b50aa91da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dd7a544ace625eb9df0ff8c8ae5be2d7

SHA1
57508bc298c4a31467007757322f73ff43f53011

SHA256
f3cf6aedc17eac5d044583e4918433662d01ea259f0d06b6b8ca59e60199534b

SHA512
e516f59ade02e3a0801c8c930f64e16e64ce3ece1ed93753a596c52b5086c540540d4c617d22945502e60f3e5c0a6496e120ecd5461eeda0fb15f9fce4065391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5700003a43202b1de046d326ce045b58

SHA1
1f7c1bea600d51953b40bc7aef67d219e6231560

SHA256
15069d0dde0aa152b1dbdf2c58db235d134a7005bab89505dc544309c4ef2e50

SHA512
8988c8b2b9be41d302854d3e6429cb8f987f622a785d84ad5a93c2c684b3b317dee430ee0b6d530d8cba1f170ccc2fc5dc15a16de6abdf25f980f70365a258d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
38c4ba75519f275ff51278bc09d5b23d

SHA1
b6c3c3502b859422f070a9177e68f1bf954961cc

SHA256
688341b174ba04ebcaaebef12611b889ae77872b956e807e6d47d6789a8cd356

SHA512
9068eb70ef13bd42a4e92262bafd9bd9629b35b123399e883fe9f3cd6c5969b011723fa9cd3cbc6270db3566337b106bc6fe4cbbd36b76e156833828c764acb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
787dc12f5e214f97614ad896be71b97b

SHA1
8e03a32b98819af6d07b65cc1e3b8fea8a4fbf8e

SHA256
5972e30d35985628132e19b3becbccbead0657c679c959bc9c4c7b1a5b2cfc6a

SHA512
a50d4cbe0b07caef5713a51f8b03e3638d6a331855c5f14b680965d89a91488ffbfda9ca00aa04dab0d86e8a7873ebbea14565f62ead4e5777564ee94cc2ca0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
72fb49ec6122a11fd049ef67ba380410

SHA1
497c68b27d1136759de73e93cf2669b1fc69bb45

SHA256
3a53247d33d50d0beaadf2d1ad53d353240beac5daffdc1b18c00617b08678ea

SHA512
df4566393614c5ae84cb2c2059ed3f2cd41f6202db9e9666417d12741e39b9c804abea61f41e1bc107a84a5e476793278ec5feef3e4383498e9f07ce21caf0e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\7C3011E186E64FFFA59029CF876BCC19626D5F8B

Filesize
212KB

MD5
89707ffc0af96223bebacc3f3865e113

SHA1
f77a5a2965aab91b58bf457fd1afe0a0b89466f6

SHA256
702d8a12172ceb9309b1e7f8a2b37e315aa9d015834ada94069c63d0aa2a49df

SHA512
8aa4f4e86ccadfbb8cd3365e6558095d3dc4b4a3a683196b7961a6f5e8cda3b75ff0e2671b29e34da32bdcfd56050c3ca16aa0b13a9feebf788002c8b4c8f39a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\97E21079D4338ED644D10F3CF8B6CCFD6F24DA5D

Filesize
60KB

MD5
f6fbc55e39a6900bf0623b338f4d197a

SHA1
6665be556fe17c35b7f3900899622a89a4daa654

SHA256
c841d3c86919986d2d56aa1bb02e0d64a7c319231d6bf87dac15e8902865bca1

SHA512
d29f9f883d4a37b793bb38e10d32cf6e8019c5758bf4abb0230adb92af9f30c1756ebe62920e983c8a856d13e1eb9a731a45c2f0580305ad8df3757f2fcfba63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ef3bd50733c8b80f7aff7425caa39cc9

SHA1
c714a3c41efd24adfde37e959ca31bc28c251854

SHA256
a7503c2028e37ea6026f3d225badec2bd6ee19b54c8c72ae3cb4448bc595fd5f

SHA512
638d550151ab77f9b223d0118617d57987948c3fb53a4c451815719fbec6845a417bea30a19351b7ca26b050f9f5337d7991ad42bcea6903393dcf13164eafc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0404b2f2-c5c7-4719-b9a8-0879f3a66779

Filesize
746B

MD5
651ae36ea9d9e060c4a0d52085801637

SHA1
6dcafe1113e82cc4b425174d5cccba198c1b0811

SHA256
2c9fb5dc191cee9dc2a638bf48cc627cec98733b34cbaabc1cbe5aef5443d7f5

SHA512
2b6e3ab7a6c5b44defbb90926b6461d2f740653bd3118e06c371ff7d36f22a4037ab35f5e5d670941b46d31f49934ee35141388ecc1f49c5d50bde9fed92e7dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\fe0ebc5a-4ca0-476b-a645-150a3650f9d5

Filesize
11KB

MD5
4e838da32506533be00bcc0296fc95aa

SHA1
7c33df3f3c99bbd8edc37347c4156f497a6c28eb

SHA256
1f38c89091aadb92c469b0695932eb994906301a17e833090aa08527b15278dd

SHA512
4223e1d7b5782d42c90f64497c984b26c31c00b8f5d435315968666328b70b22c06fcc67d1aecd44b3908cb3fdb41c96bed9898cfb0b9cdd547b35e241ecb51a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
d89f498ddf8b8c8b6feebfa0533e22db

SHA1
902602dc964f9919000d26e756f4aaf0065a374c

SHA256
d69403de5f54a0b6ae30ab0c7937702019148c78b3b1bfa3b631dadcf7188695

SHA512
8a529d534533923f47dd116a96162789bb2a5872725310d7f044a5af7c50a7c10107b1824357f79b05ff836162ae9f2e7c4d3bb36cf00a5af4cfd0f67f635f60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
17b56268ff8f83fedf856aaa5f4ec29b

SHA1
6f9ab32d05e68674038163eaff6efd8f100a2cf6

SHA256
c23d68df156ba339a86de73e6ba6ddc0bc1e5fbb428b1712e4e0007ca6e76565

SHA512
04655016aaa32e86db0104c8660bbac474dfac5d2346f2f8bd5a5d79c097f454bc7f5fe285d016d18bcb2ef7f631486b6e5abbaae515b337ad6217aadf09552f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
910f2a615d07a0a878b403b48a7ff899

SHA1
f9c78fa044f8765793895585e8d47492cf6c3f85

SHA256
5d2b9097deffda54af1492db2ef5c5cf113a60e1777992af4c7e0b0481d0ce87

SHA512
055108560ca334c7f154afabce7f40bead69389b859fc5e64dc379cf029793a8d88298a9e5b025b9350f0a83e061374a8bf04d76665e6526e0117faf42b59e4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
892f75787223ffba7aaf9d22f513d847

SHA1
0500c138c7300c48f91c1618c44ee2e875c4eb67

SHA256
d3df40b27dbb934ae4cd2103a0dcf1e59ef3ce8876cd3f7deb36ef6a34447611

SHA512
c20acdcd33f364fb1b5ef5986ae4be498e42833093ff8bae92c2027f5c15a8a34f255aa4fe92bff7cfd297e1ba3de9cb7fb0a60d42e0d517b8caa92fe49b8600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
13f5a683c4575ec874c49c99bda7c6a3

SHA1
78c9bd7f0174075998fd8670f5989104d20fe9f8

SHA256
68690387fd73a0e3f2db355b64d892ea39436f0eb1581449715d38a3efe763d0

SHA512
1aeb89cfb90f286613d3e3a39bfbed50b8168727e3235f0ceadf7b90619509bfedcf4afb569f2cacfe825a2c4bed9ae38b00b8e12e2e900d2728ac6e38417b53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bf0402e906d289ca2ae78cb9e800da4a

SHA1
a92fe78931a616bc32c8f8580301d31d9365db0d

SHA256
973876d231b43cca308bda195f9dd3f21f3f76108a11974cb87113c5f828338d

SHA512
f10bf6142508033f0f6f90b2e8aad7396cfce5338114dfc250a70b08b4cdc49d4583097e17abb26caa85b306102deb5110f428cf0b00569b49d80f641b3532d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
26adc9d5b89558e3890c705fe15d8fbb

SHA1
7e881417e3ac46bc6919efd141a9d437bc7026f2

SHA256
d33426d2c3e3b7e222f88c15cb21f9ac46b1db84152f5bb2a4e6fa09f98088e0

SHA512
65c3bebc6886ffcd3db68d16c3ad5c6e99454cf514612e3a4fc2e67c27232266c711e4baed698018d5d9a420579d1fb6ebbf358d82c11a2134229edaa0a1679a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
bde380b034d8cda26632263782e704f4

SHA1
0be0f8b25a93e81f7e4c4441e0271708233d93c7

SHA256
2c848f3fed93e94dc32bc80e82f527de2c1937f17621f9f4541152680c0fe688

SHA512
70fae83e5cf241133c32dae6c26c22763bced6630486764c1a7d378efef17b7e3a6ea3029f20642c25e2260c648ca5a20f3f886311701142c5fd6de06717387d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
03994b88bdc9e598d88f9273dfec8e0e

SHA1
9c4d73dc30e024c6884167494d36edc072a59cc6

SHA256
51f2123c825c0e1071fa87a6d9e6cf057b9829be2092ba1277681ce095dd270e

SHA512
17741d2e38e8a695c7b10ad67bf390d5ce515136ccf2e7445aa705d427c2f05213ce83cfa333651971759e49bebd2d70b3fd3535b17008328f69cf3a04c407a0

Download Submit