ac458ec0461422be93c3e808c02c8fb8c278ac48c4e6941663c894ed90ec1b32

Analysis

max time kernel
457s
max time network
473s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.html
Size

293KB
MD5

5d4e5b5692c4b25443d7041cfb609973
SHA1

bf0378d41a91d3d418bc7825a7e0251b871ff946
SHA256

ac458ec0461422be93c3e808c02c8fb8c278ac48c4e6941663c894ed90ec1b32
SHA512

cadd6e33b852fba141194f4474009b1c0508e9d800055baa88d4793b29989416c1719578f41cd8c121857311b67b8ba7e468ec99154b2f1a50c02536bf00da4c
SSDEEP

6144:jWTWmiiFP0n0+9xpS750n0+ZGH1AKUHAAzAJ1VAO1AQVA/O5AjTAIZAtdAOFARNm:STWmiiFPi0+9xpS9i0+ZCA7AKAlAeAoV

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\torrent_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\torrent_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\torrent_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\.torrent\ = "torrent_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\torrent_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\.torrent	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\torrent_auto_file\shell\open\command	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
4276	msedge.exe
4276	msedge.exe
1572	msedge.exe
1572	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
5644	msedge.exe
5644	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5000	msedge.exe
5000	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4092	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5732	firefox.exe
Token: SeDebugPrivilege	5732	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
5732	firefox.exe
5732	firefox.exe
5732	firefox.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
4800	OpenWith.exe
548	OpenWith.exe
4504	OpenWith.exe
5616	OpenWith.exe
4504	OpenWith.exe
4504	OpenWith.exe
4504	OpenWith.exe
4504	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
4092	OpenWith.exe
5732	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 4076	1572	msedge.exe	91
PID 1572 wrote to memory of 4076	1572	msedge.exe	91
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 3424	1572	msedge.exe	94
PID 1572 wrote to memory of 2548	1572	msedge.exe	93
PID 1572 wrote to memory of 2548	1572	msedge.exe	93
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95
PID 1572 wrote to memory of 4704	1572	msedge.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0e4746f8,0x7ffb0e474708,0x7ffb0e474718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3180 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10289284953499162426,4462015133998039796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0e4746f8,0x7ffb0e474708,0x7ffb0e474718
1⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,883234936028375947,15494365477105010238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,883234936028375947,15494365477105010238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\TH8 unpatched game installer.zip.torrent"
  2⤵
  PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\TH8 unpatched game installer.zip.torrent"
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.0.1118637094\1012130422" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0b93ad-4472-4dd5-96db-c856470dfb4e} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 1964 2b1112b2b58 gpu
      4⤵
      PID:4248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.1.1305699845\2004850235" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9581c5af-2be2-4d57-9ddb-53678542a819} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 2372 2b111203258 socket
      4⤵
      Checks processor information in registry
      PID:5140
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.2.135463627\1985707964" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3184 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4d4f37c-a08f-49b1-b7da-f02db67137f1} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 3148 2b1152da258 tab
      4⤵
      PID:3048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.3.34049215\1623979666" -childID 2 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492597c2-5dd1-434e-8786-59f8d9384516} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 4072 2b11609b858 tab
      4⤵
      PID:5460
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.5.837152977\226554247" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {887a56bd-1824-4e0f-9612-31909b99138d} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 4960 2b179a5df58 tab
      4⤵
      PID:5856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.4.709786291\1577596563" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e9be2b-d2e9-4896-959a-e1dbf53934f9} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 4912 2b11742d958 tab
      4⤵
      PID:3304
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.6.1333867399\537215316" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a5ffcce-d0eb-4b6f-bb43-8cf94e1f9464} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 5260 2b115297258 tab
      4⤵
      PID:2520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.7.961185617\2125333675" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 2968 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57e76d33-3514-4507-a671-144b4d49c990} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 3096 2b1152da258 tab
      4⤵
      PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b810b01c5f47e2b44bbdd46d6b9571de

SHA1
8e3d866cf56193ca92a9b74d1c0e4520b5a74fdc

SHA256
d1100cf9e4db12cc60cce6e0e2e3d9697e762c219f6068eb55a1390777bf4b45

SHA512
6bbf900b2f7614dd17aa6d5febe3ad1100851e2309ba2cd5219c5aa5af7bf830eec2cc88071d37987aa7e3f527b8df5b2d85e8b21b18fcb071baaab1a2eadae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
627B

MD5
11b8dab412ea3d3e605349c5c3a1ebcd

SHA1
45eada1f12067458e2d264bbe9f8ccce0121be84

SHA256
d8adb4d34630861485fdb0fe662fe7ceff154293dea9b85671f489ae21d5c8a3

SHA512
4aa5d10821a361e47d2de2dc6498c19ed35971a2a62682675024c4ce062fa821885e1cfaaad45021fc375f1087e198bab32e032f244fbea4c98131929145300a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
627B

MD5
02d7955fffa504fdea5bbdf4a24b605b

SHA1
9124af156b5f987a0f93cf3c6f4b09eb05792fae

SHA256
1401c2608dc8462ff8fde208efcc6a0016f4321deb1df6b4252455e46d098396

SHA512
3fec64ddc0de9300490a03a7d419abff0d1d81d11ba391d06afaad1dd244b03652ea4a7df9f149ab9ad458e849df9acaf6a2b8b54a116fb70e889037569c4abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2f5084c2973db642c43edf8500cc030

SHA1
5520fcc5ba4a28583d8c17b5345fd9d7d504c4ae

SHA256
a1c73b7a7d112369d24abf6c012b32ce969f07491651afaa016bb7d0f338d470

SHA512
d4b7a7626a5b27353ebb69d994d3d05045c9a2f041ec4bcbcf6c47b7809c860ff5bb104d84571e36f9afee1cdcfe9510e9edc0bb01d6226b53851d7e78387e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80006b9d2769161da198b4a869bc74a4

SHA1
48ca8142ee2d27d9ddf82104af0c2ce6aea2b493

SHA256
3679ef614e8e0aeede47427ef9295e166b3c274e168b129d67b1f5c04fe93c90

SHA512
8fb1211d8cef537684f278ac8de288541e8e918ec2c2de3d6bd4a7c4130f861a137915743be5c32e58644abc893e6634be23421d6c0e2585470f3acabf431d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c940b2b78b5e9b876598785ddd1c6e99

SHA1
b092fe1e81cdaaeaa26652bc3b76b77062d83f06

SHA256
e40f988a360c07db12116958211078d1a799ff07b8b9bb4e6a4c031cc562ad0c

SHA512
d27a15b8afa3e6bc533c3d4c96e2b3250c7907af2a95e8acf02ffc377b536b36d02f3f6a3c590d6c86c8fc971f2a7766981e7acb7ff624fa25300237a44ee53a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
200f8b26acc5377012af63fa66659d09

SHA1
35f161a1e5b46371a71cb130817843c0c0c1c958

SHA256
756b3ad42fd205744ffa1af6ffb211739ea958ee405668bd34d0eb9858766b16

SHA512
e4b1550fc5f996c8bf3dc9d044981615cf1713ccda2285389997dd368624b00ed506d42356c6eeb234bc0b0d082959732873841a44097316e56db62f03a4e51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
531c77469e1bb7f512a452532fb981d1

SHA1
07b77c49046f4c66a2a6b9cb75b365364a457e4c

SHA256
568de8266b13baee6cdd5b990efdc2b5dac43cb3e17d9f73ea20fc8c61451ef2

SHA512
5543df3baa5710fa11250b35b3deff3fee651147bcdd06d3db7cc601123ee54a6e23517dd6a77dac1b0271dbaf10347ef4d3ab03f75697643cfb0c474186fef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f0e87bf9abac68bd148692bf40a762c

SHA1
a02fac853e70df86d1ad51a1dab6d1a271a95e9b

SHA256
3dcd964f12030e7bf36e139624bf3c5444b49292d909449f42ad74ca83d360ea

SHA512
9dca0969e1eb94475dcb45a3fb0e43a63145de4e286de0a30ce952d1fb2c756d9a37bc1a7cf30ae3d525ab10dc6841f295067c5021522b0a99a2ef94ef4ad880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb7c1ac0ba853efa3af9ffb73b567434

SHA1
f953a449d080b343452e25570edd2dbc953e7d09

SHA256
42afc693a2d987a08b32dd53973f6a5959b2fe27c9721d1e8245d230afe35894

SHA512
7d5ba94d7cad709b71ab129fcb6392307e7a4d658fc6a53d6f1cd64ae3bd32862f5e7dfee153f207ddd147d83566b1c9a539dd67ec11f0a59abcc6aab58918fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d4e792835169ffdf33bf148832114d6f

SHA1
a871f64af1796840e69efd39c6a1bd18ecc2e8a3

SHA256
54d52e8b0ff5a672c54ec5ed49a3d3cb483f6530075bf887cc4b9315b59b88b2

SHA512
8ef2d22d1c08620fffcb32d58189e4593c0edec1553dd7c5b7edadbf15e25032e7af1e75eb1c1ba72d57feb33f05181b7d2de52e41abca0053726cf7d4db6e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
5379d3664f43bc838e437eeaf7b9802a

SHA1
0fcabef702c4d5d05d7cdf60464b07f80d8bb4b8

SHA256
7030f68959f7df24aa76c68361d340ff551307bebfbb4a03a07db42bf51404a5

SHA512
e0239487804557cd7595d96d0f0afe44d8677ca18462a52d549d639b68258e2ca074651a55e095d5e331fc4a66d232e3ea1db7e2180b9e3fd0756af49fffc8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3968b8775deaa1be8532cb0fad7504b7

SHA1
584fcd885dd0587fed3159dae7a7f66751581053

SHA256
42881626d22c6cd757d536c308f1612b6801a047bd2b35570c1ef1475d95f6b7

SHA512
8cc02411d516d775b06a12a844cb56ec69781312ad77276284fc228af4c37a4ee586d7fb884baa8f684a0cb5481475db0dfb8c477a1f1e947518916380e98494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
07438e0518f5887ddc6e31b14a932f65

SHA1
77b34aae9803499dc9355bb37af67408815d087e

SHA256
ab78d49e89bf7bba79c2f83342ac39ad3cabde3b4d2c33776e2157ff54f87bff

SHA512
e590d0d8ca38cdd9e0e0bccdec5fa7d42fda2a75ea0eba78f491cbf4d0637d6c5ef932d5ec75356102581ddad60aeea2869ff11ef6ffbfadce8730eecf0bc135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f44e.TMP

Filesize
203B

MD5
0181bc179c84b369ad88459f86f3e2eb

SHA1
6d8aea95ebadf723fa08eb6857ccbba0b108ae20

SHA256
f7487ad64e36c233d109195d95a9e51cb344482312a7e8aaa2bd0588115abdc4

SHA512
9a05ae233516cdf9baeed7cb1f718b3749a39dfa7e097c44ca7bdbf493b043d978e75fb4375424109d93e4329b4a7f0187d33315a08777ffd1f9b9fec50dbb5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c583780138f6d9e674885034c664b76e

SHA1
d90820212fc0795b876e3cac8f5952e2d4adcab4

SHA256
653f9e5417501b61989a2c39686a0776e7702724df1b2ed41251c618dbdd87b0

SHA512
183e5d17ef556c3206e646d7acfa5f3bd3df90674c87479a844c37988454d09c571d10330cee36e76494a67824695a6dcd9a569d09cd207385799c2d2e6de1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d8687325cacadb24650eb1a118e2d26

SHA1
e7aff63f86aaef42c35874821ea1fafa66c432a9

SHA256
b591e6cb23af7d070411209f97f24c8b6e392359fed73ad96e0647d48dcc867b

SHA512
a726435836bc4b34ac428b695440f186d7611c4b79bac80f462add8f8cc0b728c7ee507f7a28d0b18705ffe0d6b5fac353d53e38602d4fb493ee0eb9535f008b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5f84d6f37592fb906960872f116d28b4

SHA1
6df73de5511dfc51d88a5a23edfb8da1ecf9ff2d

SHA256
8bbc52bc9a4fd87b3b72312f43ccc85c505a45dbd3e75f1189addb5d78a6c2ce

SHA512
a0fa371ac29216301eb7bcc40631cc3a2c0cc7f0761825a5736eeda2d0fd24b7e6232557666564dae845f0a075e8f881744351f3accba2083febbaadf3462cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
77edeefaf0be63c2f78aabd149b32272

SHA1
bf07cf68c6957b3b919fdcf17628b6d445433874

SHA256
d9e1d82f6723d599e1ccb3224de0db743705ef99d7bcc003e78b68614c7edbc7

SHA512
b9a0601bfb1ec2d2cafcc5eb971ee671959f4b5ffa38ee128d5b1d0999b1530c2f92668e2a58d13189e2b1e0a3465c455029908deb2ab49ab868f0496322d4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0559a937bc7040ab780dc2191ac2cb97

SHA1
9371918e7e5ca1496506e463c474f4df7033c2ef

SHA256
037c587892a174da22653a49cc6c8aacc7f3bf2e8a4ab50d3a56996d166ac31b

SHA512
0a0ab31594c10bf22f53f899c8d28096453f1fbc83f7ea34d2d73a48be1f934e5c24bf2146840546cfe76112dc8d7867b65545af2a7726c99601fe571c2c67ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2b25a46a2933abd087927a9c353eaaa0

SHA1
7344291ab2e3f315557770b5cfe8d800f0a8e5b6

SHA256
0987c6d3a607f72ae1868ec9c05be723a34f3e05cfa32df76af8eabae11ea833

SHA512
b45f84b5236c5d0d0fe1987b2a6558c74d36bc1328d1739d27a80eff2cf6e535046031d915a8b578855a16a5580fd33209efe7f922ae3f41b2d3779599981786

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\8a978558-64d5-4caa-901f-913f6ef696ad

Filesize
746B

MD5
385ced752d331367667a120c4b6f64f5

SHA1
a81e865ede0a7609f377898074c593e3b1055950

SHA256
89a39e45b2799187dc54eeba0cf5300dc7e51fe25305e871dc38b83680108c31

SHA512
a3dd401c4be8e165a80b459681b813f9c36042f5a361e3dd0f5ceb96f148c1ff596d27e0feaa7daf626e130474bba9ea630277ca53ba2c4c4027898b9f444416

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\a0073fc5-9014-431f-af68-fd2ddc62491f

Filesize
11KB

MD5
fcdc1c43d3054c28dce401d03ed50c22

SHA1
ee2812e5a504bde95f1c193fc3672df5d899f2c2

SHA256
66e1c803c14699bd1a52f483f5eb134a6bbf69e141dd6b86afd255df903542b7

SHA512
5967655c254cfbbf3f4b555e692b2c935eb6f58a33321537a56c4a269a386eda7bb6bf096efeee14a1baca90851e4b586a313923623590bc80b866313d14102e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
12e0d19e89f0541775c38abb7d448c46

SHA1
abf7398f47380bbd021c055d715a9e62e8a0d3a1

SHA256
8b4238621ca2d0eddb75e5ab82b5088dd473939dfb235952e5efd5d47af8d67e

SHA512
e4cd6e01c7a34fc02c0f87be02537d60e340298f50e7dd1890d1698d7a5c64972911269a58c65b414dc2a321fa2cd593f30f03ce99a3dd06d920780f284efb39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
34e7fe76905e233fa048a3dd5b44634d

SHA1
dc2e22dbd75c44119866b72a10761b370a22bc03

SHA256
8667d6b934725ad1e672cf1f305541f16e6205e771da5ba666e9771f5c757380

SHA512
a5021914706e5a2088a091ddfaf8a5d9d9c5131c449964eaa0ee7b5a5f81639291fa58e271e54a9ef22adf43ab57361c3bdec81d1587c8afa5b1ac6992518175

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1012B

MD5
1fd27dec2192953d11ddab0142e66286

SHA1
51815cb05d0a0fd0a5faa59f9969cac40a382a5f

SHA256
09f91502224b8ed3772156c486e970b3a1547758fb47a01338ba6107398a29a8

SHA512
42c6a735a912c1222d92fdfe2d927cc3bcdbe65a8e5f7d6818b852721ffc7a819a7ea14c203e49a40f847df1d0f43bbc1d74bbd930e5edba15da8004e76c6a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
c463223a5a8abb22b63d5bdbcc201ca8

SHA1
962d747e63fca2d03f09e9299ff369e41a80e87a

SHA256
b467bf9853272583dc0fc1e3279f81f0dc8c69fa88dc5166538af2793a337eea

SHA512
98eca5a72cc959ed7f74089327f2d19d28bedfbd9207185248d12f73b435e064c3653e5d5453cb8857512edd432204673dbb0c63d4804e00971559cef86dceef

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 567289.crdownload

Filesize
36KB

MD5
c3207919707d05357698210d7f87d17b

SHA1
056f06784633ea69cfd30618a0dca01d4fa02842

SHA256
7532dbc7a41dd258e0b95af4509d2f39f8a4f8fc80e241173ffd2c0c87ccb781

SHA512
d2f09b1eef2b4d276cd1ba42ac67b8cf317d17b825be778389322730d4be6271a3510da57f0d24da7321604f35d52c8bd6c559886dddba5a6068ecc7f010b431

Download Submit