3096d8e82917a9b73f322f4b1743e52e9b0c8b3c5933a957e73e29d6973cdd5b

Analysis

max time kernel
67s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 00:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MicrosoftEdgeUpdate.exe
Size

209KB
MD5

c019e421d9f897108e51666cbae2c8b0
SHA1

3d26b0dc519e04999118f4a02ea8acd5f1db8feb
SHA256

3096d8e82917a9b73f322f4b1743e52e9b0c8b3c5933a957e73e29d6973cdd5b
SHA512

5aa5da738b65f820d23c01ddbafaccdef51975ce8ade4225a34e1bcc1e23235d78062cb3b7da0579f0ce1bcc3b76875f7fea1bc8c982691d3856d488e03b7e02
SSDEEP

3072:ZgNpVWYxi/7gKNkhSC+t+MMCTs0kH+Bkx6uyXnZeiB+N6LpCcu51lviIzdXfEqMM:P7gKNkhSR/5kHouyXnZhB+h8WH3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2608	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 1028 wrote to memory of 2608	1028	firefox.exe	93
PID 2684 wrote to memory of 1540	2684	msedge.exe	94
PID 2684 wrote to memory of 1540	2684	msedge.exe	94
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2608 wrote to memory of 2552	2608	firefox.exe	95
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96
PID 2684 wrote to memory of 3272	2684	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeUpdate.exe"
1⤵
PID:2596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2608.0.1214334514\1074432547" -parentBuildID 20230214051806 -prefsHandle 1672 -prefMapHandle 1668 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbd51c6a-5d12-4335-b087-4276046f04cd} 2608 "\\.\pipe\gecko-crash-server-pipe.2608" 1832 1f908724058 gpu
    3⤵
    PID:2552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2608.1.392596308\1651187898" -parentBuildID 20230214051806 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3802f01e-f2ab-4af5-95eb-98c837189aa2} 2608 "\\.\pipe\gecko-crash-server-pipe.2608" 2400 1f908c88258 socket
    3⤵
    PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2608.2.1595038094\717406108" -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 2812 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f1560af-89a5-4bd4-81e9-e5ebe155b1c0} 2608 "\\.\pipe\gecko-crash-server-pipe.2608" 3156 1f90b818a58 tab
    3⤵
    PID:3212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2608.3.1537914737\1202747354" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3688 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f259875b-efe0-4a7a-92eb-c1a5797403f1} 2608 "\\.\pipe\gecko-crash-server-pipe.2608" 3700 1f90d617b58 tab
    3⤵
    PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9d8e46f8,0x7ffd9d8e4708,0x7ffd9d8e4718
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16115405099197822712,15272452626489110053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9291ab58,0x7ffd9291ab68,0x7ffd9291ab78
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:2
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1856,i,514886070229458540,10572071179286714661,131072 /prefetch:1
  2⤵
  PID:5772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
81979b77e4362124b1e45a81b7d37711

SHA1
1b9d92bd13a94c5a744d47912cd23080b70bff55

SHA256
8c24f90832e6c17e903089fe266f52363de82509ad766979017116a027461530

SHA512
1056bccf053cb42715474208f585e7ddb9ff8baccad6ae7ad84185f208f56925418f8ff336fc523f6c5d386c599004ade945b6fec2d9613f71dacabc9ee97c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7baf00ca77d32dd6fb12325a1e4a4f25

SHA1
df5be152ef831cc77799ccf3898afe3daf9e3a25

SHA256
4b402271a8b25766e1f0e8d192c7b4e341d71de18d4b1e9041372ce4e5fcf28b

SHA512
73b4b79baead0f140552ada0a44ddb4e557e4547926756f0f84d8a81719ee1ddf4dcfe93a2a04a031cd504624ba39ba61179f0a1ad68a089e899d9a3850e2b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58f68a99190dc4ca98723a5b4a400d3d

SHA1
2cca4316f8faf2f03b5baac4c78575bf7e2f21a5

SHA256
1c24ac6cc8597354fdc049850be74b77a4b397e3cbe9c56920606a068913d525

SHA512
be229bdbb178b359c0e085a8b4c119d2ed6ceca2a97a0827f021f5307a6995e3d474f47e6ff19a5dfd5e9703c87b7afb3baa5749b02b24c9489ae30519c3358d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
2f78df4d54162591ecf896fbcdf819bc

SHA1
4dd4736563d9c37a0e776d2dce31c7b6b0585f80

SHA256
642744dc7cfa9f8eecdec68578ebd56344c46b4cc893992a4b293834a7ef562c

SHA512
e1a0d4f5166d0f8941879168bb83b1f593efd50ba943f58124ef66aadb2d71f8ac4bf8c8b5e034b9bd3d571036fded67a0d1c63741c357812866955a8a471a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f54a048296797f8dddfec2cbd1689635

SHA1
947f1a3c362d62a5cebd13f2e47719e9c357f4fb

SHA256
877ed035d0c2c36effab2c7959f5db78eb102dd339a7a0b11e306c74779d52d7

SHA512
be20e4746b12863222d8a649253fb44559d9c7e55e4b5ff6dd0b9eb34a15d8879feef0a3e651a006abdd3429572c44cc0d0b133ea15f36b4e6467fa0b6227701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8088edf0ead97b7225d86ff1eef9e681

SHA1
b9b5adf5f3a57e6affd18bccd2a6d127a1736f56

SHA256
a9ce0efb8a095c0fd73b63d7930173418d7e98c658889aeecd50edff573b0099

SHA512
d3b733a80c63e882efea93ce24064085c74f59321c56965db2a937f14c9a8193b8d17f512fddfb052769242166a85844abf7ee84a00aba3bcac6be24e1e71573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
955287dd708e180b191cc2c075f447fa

SHA1
c3341a150be60142609edb9bb1a7be2664f8d043

SHA256
6df8940f1bc41ba63f380a9831ad6fcf2f9e5d3fd887d19d11a7d9c053f45312

SHA512
1ee68f72493b04495b7b945b42ef9107580ed4165af6e7b98821589e7a1acdc079e88c2168d15b28e7454823b90be2658b96f82a6a544ad2dfa99011fe94f7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cc059fb2f940024cff9ff5a829ff0a8

SHA1
815644b7f6506c8bb0517fa1dd4c57343ed7f31d

SHA256
8fa628b6b764d967139f7325b6983af847dcab7eb52679db9d649d0dce23ba18

SHA512
9ae09328f8d67ad9de5f2ae56376b148251f6d68e9d2f5e8e673aa1b9423e003d36e3d5b241ac09a194a0681595fe6b88db6894a7f10e04a99aafec8ce653d35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rcjasbej.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
2e9b4973d9e60f278920f2e6b2910579

SHA1
469a3af2308f69af6796829f584cf7515aff4333

SHA256
8a09a74874a0ff418020b1589f679fb9984f40057e9a45fa08b4c2bf2da33e8f

SHA512
195d3c2ed561b6ee00775a1a4ad5679628bc78913067213924df714e349020f0f4939e7637d699e185006b4ed28e618cceabb68016b8d84778bd6f0c75e9baff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rcjasbej.default-release\prefs-1.js

Filesize
6KB

MD5
62b0d197d199e87652b5d317136953a6

SHA1
4fcd8b670b66a826128e782f14b53745c1a92b49

SHA256
94beb71c86fe0a5d888a889682be059814924fd30404e5453651e0ea7e8315ca

SHA512
fdf0a3c55fdc4f705e696edd87e0ce9115ef91d5d446abde82c7ceb6f7ddb518eb899b22a8ac897da97fcdbfafea59d491d231f74c779d1eac7c5084337e788a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rcjasbej.default-release\prefs.js

Filesize
6KB

MD5
47e10795305a2f2bebb9f39bb35648d7

SHA1
2c5ae4c45761d7c9a50ff2beeb0048039d611aef

SHA256
bb651622ac5fbd7d6faa583c195d7d436bc1f71cf02b8c04d5e16959cc06662f

SHA512
2eef74884055d19f8de9d0f5124583e7c56ea5bf69fb2a03d716592b01e47a542cbc4c140b96607637d3a9a35a9acf7d7e5668f1cdf5d6a89c9f3e3d352445de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rcjasbej.default-release\sessionstore.jsonlz4

Filesize
909B

MD5
1930c49e7bb2f0d50d415fa03d5847a3

SHA1
a5286a411949c52b6a1d24383c4ac97b83732e77

SHA256
e8efc2c0cff870bb240fb35dbc98372fe2bf8408ea823c7def4e2e8c81ab28e7

SHA512
ad7c2ce02d3c22e41d04ae6eff7002c7fe8d2053dd6e708f5080d64f1c5c00b32d6927f234b36c0a6e15f6f2520623897e1abdae0982ced1794f96686b76270c

Download Submit