hxxps://www[.]youtube[.]com/@masteroogwgay

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/@masteroogwgay

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{EA6BDE8C-1733-492A-A03D-CD7170F4C690}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
812	msedge.exe
812	msedge.exe
2108	msedge.exe
2108	msedge.exe
820	msedge.exe
820	msedge.exe
3496	identity_helper.exe
3496	identity_helper.exe
2680	msedge.exe
2680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
456	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 4424	812	msedge.exe	84
PID 812 wrote to memory of 4424	812	msedge.exe	84
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 456	812	msedge.exe	87
PID 812 wrote to memory of 4680	812	msedge.exe	86
PID 812 wrote to memory of 4680	812	msedge.exe	86
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88
PID 812 wrote to memory of 5056	812	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@masteroogwgay
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc43a46f8,0x7ffcc43a4708,0x7ffcc43a4718
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3047567967060484189,7698223680877497221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffcc43a46f8,0x7ffcc43a4708,0x7ffcc43a4718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15232279151049279496,17543431760171281864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3272
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.0.1664611653\658442710" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d934b3a-71cb-4a54-8602-9ad3a2be14b8} 456 "\\.\pipe\gecko-crash-server-pipe.456" 1980 1c169abeb58 gpu
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.1.748666881\1973390862" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6f9be1-ae5d-4c2c-b82d-47e48eb189d3} 456 "\\.\pipe\gecko-crash-server-pipe.456" 2380 1c16963cb58 socket
    3⤵
    PID:3568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.2.1444896855\357315799" -childID 1 -isForBrowser -prefsHandle 3440 -prefMapHandle 3296 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fad51a9-d98f-4b6f-863d-30bc69f19af8} 456 "\\.\pipe\gecko-crash-server-pipe.456" 3512 1c16dbae558 tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.3.287594624\2040734777" -childID 2 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a500922-911a-47dc-8f6b-48beab2e2adb} 456 "\\.\pipe\gecko-crash-server-pipe.456" 3828 1c15d162e58 tab
    3⤵
    PID:2824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.4.745208649\444734442" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30b4c349-f272-48c6-8bd9-57b0f1e129ec} 456 "\\.\pipe\gecko-crash-server-pipe.456" 4452 1c16f2b8558 tab
    3⤵
    PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.7.939562822\193423672" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69b4de5-fde1-4412-a2ce-f6b1cbf7c93b} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5352 1c16db4c958 tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.6.28153803\674667182" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52f250c0-0970-4f79-bb65-a8ba983d7c67} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5148 1c16db4ae58 tab
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.5.1778894640\691544188" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5056 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72819f85-7c38-476e-b5bd-0e119561e6f3} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5076 1c15d166258 tab
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.8.78401325\2050580941" -childID 7 -isForBrowser -prefsHandle 5764 -prefMapHandle 5760 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d1d7f5-edf7-4411-9bb1-a61298aeb058} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5772 1c16c6ab858 tab
    3⤵
    PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
180f8ab1c865e777f1b0ae3fd9509d00

SHA1
161b0134757cf9212a2c860b0945449b32dc85d8

SHA256
93dab961ad003d0a3d3622cb87dc0d08303e4833885f6c0b1be96f082cb0abcc

SHA512
e27ca9febf2455de0b4299c01e355301a84a1eacc5ce6ad239eaf45957e4ec2fa97db2d4511d83fc6159a092f47a46b9e8679a8943555d889bf8ac79e7af7148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
89db790de389811831d062acb0d11afd

SHA1
5a38248c5ff4c83b30c620231f0f38587535ac24

SHA256
25fea8f7ab68729d5c391b3352159af08049a37b2b6b5780771f01710db626a4

SHA512
6735848c9fc8b76e94c10398bd18d60cf0fd9a05681415285d045fc4fa0b2533866e163f05ae08b25133f1be3500c4cb4b6ba52733915dd92b500c69ccb693d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1bd3c886402152036bb436cf72ae55e7

SHA1
27258e6a803339a9140cd1d3bb5fb8418bd7ba0a

SHA256
30029662ec1c734b96dbacac8a1097a8e38ccf4f6d8ee7199f1165b4b52f615a

SHA512
3c1fd8a8cda10664a2dfa94ddaad1c7ecfe43825d48fb3a0c606fef04f9c8ef8f66d645d264c73517d47dc1fb6623b8aea1c76cf453aa49f43e07a9799891566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
dc384d283e5b5054b993aaef4f4af86c

SHA1
f2acb3283635b3673d4e472c096876cf30a8b184

SHA256
d3e7fb907a222374ed246c2b9a1399a688a4d5ebb841d3b18dea4cb4e769d88f

SHA512
cd5b2ba185d1d2cee38fb99320f5dca95780f9bbc2a4c110e42056f1f0651d267b0b08c2ccf84f04411ecaba120f0942cf2f03d1da0ddce8f75c06a58a9e47ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4d539c736c81d23dfe643867d88a6016

SHA1
f7574aca4843e254805623412de297ba22bb2353

SHA256
cfe43b91af51d6cec888452202c4f035346c5b40169b8695d190f5d8ead21a82

SHA512
b66aca4c5e1aba19c1ab9c9189025f3025cf378f87ecbce56460a6a2c92f186d7c82cac915cf8a85bcddbc65c57548facbfa0f24878a8a74b96162dad795e28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
84656cfef7ce0540a5448e4a8d2053eb

SHA1
32d1784d5fcd2e438019faed8b8ef95458a39db8

SHA256
c9b0f7cfc2380da83c564c4124eb7115c6e937dcfaf81f25cd1a45dd516a11e5

SHA512
d162fd73e0c564d7d4603eb619c3a0b060bab3485d60711a002dcfcfde42535c22df695cacd4a4c525b27b0044bafcb1bba14d64deaa50c1d4214b0ca146bfd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c99dcefbd977edf2fdaffb2b8cb73874

SHA1
463609020ec7a2f125c7580aa53709d77ceab5d8

SHA256
940f85d1eaddcf2dee47a0e48364b2ce2263975d072c50358b085151e869107e

SHA512
22d8e1edad8a2233578e414fac8dc82dcfd59a862fe9d0268ae1bfa13c115ac91e53e3e87dade060aede9242d3feec841cf4f2c04eb82f2a08d1d9347c328b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6604c51fa9ddd671f1101b781f8acb74

SHA1
cb88fbd0f9ee5cc76fc255617e69c64fe2e63c93

SHA256
7ab57b5716df8c01256a94f68687a04aad899aed348b848f198429a50f1aa097

SHA512
ae1173044095cd7eb5810e1019908d1011ca74a515c4bf7d89a6e70b8cebbebc3d5a054184116abedd251a56a0fb8c7aa0e2a60578a235ada0c302c6907bb242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
627963cbdc0e99f6a8e50f1741a0eccd

SHA1
c436b305c6bc19525f4b6c5237d250c542994c09

SHA256
db566430e7c4425d6fc5e045092938f722071147387422d695873a5d5899223e

SHA512
da7f78a93625c11c1d5502b77011ad56677d0e5d395942bceef04b27e5b1a565f3ee7113082c1dae32fc0557b401c1a1a9a814ac01cd415ab5f562321d938b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
56d331067bfec5bfd19cf3ac6ac5c194

SHA1
07d9612d60ee82ac48b2edee4d53bfcafe95f6d0

SHA256
a0a14fc5efacd4a6e2b658c6eeb1329608c8d1b3641bec8f2e5f611bc0cd99d9

SHA512
b40a471bf05eb9ec78b64234d425148040b8fd5710151e54da7439c0b67c71de705c8b20ae2b2ac664c30a3b3a1cd13678e796e1529c1677f60d6288339ffc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
f0674b33eba4364b2a88d61c82970253

SHA1
90e24f40d0600a231173b3acb386b72cffffe018

SHA256
c1b74e74fe5892109ba95e3798524dc3a4f648087eccb753318979b8ab39afa4

SHA512
d66f5b9aa0f1b812e1b0ea7e4ba1aec6b765d7556d1640f7b4e02b682a82129f09dc6dbf63f6aa6b2193565d8db4f04a9f8f5e5225028bf55f109195100e6ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
8d99ec23a04d8e6e6d07b9f8c9d92ea2

SHA1
00d99988fbeed960c2cef2571a100ab8d10771c0

SHA256
ce5e2cc669c5861e2027aed6bdc6b5dcad4c79f4879abcb9363d32db2dde2a31

SHA512
8d965b0392694619426b8b6ccfbbbd8d68d2b2b478c8bdb6814bfdc1ed047873872cf20147db37e3f20a606dc6e13cc80272c0d01d1b93451de05d26fb29ee22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
916a61deecc92a4009141d4ddb211827

SHA1
1366cbd482f42950145de2f0e003ed9fd2e54b65

SHA256
b6db3a908f35590f2d1882e6c8a60e2b54fc30f199240534339704b1dfa2cc25

SHA512
d09444d93bbf5dab8e53755f242b2d24197f7e004cd31bd1ef1e21ed405aef41404b4a29403de1605cba457a0f2ddd6470725d29e2e1c009fc5c6280b48c4f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5576d16b00c2bbe94f68180e409ce185

SHA1
a1a0379c21e5ec8b94d2f60672e74795ff2cf031

SHA256
8d3393e4b422ccee4506edb6770cfe569bf48749a7936612d67b99106ea7daff

SHA512
5a4245348bef1812db8a4061a59e6d6d38630f2d5726f42661bdf3800d6b94ef60bed2f34e27967fbeecc2e556cb3a76c14ecbf02ce98dc043e419dd4874b2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
3be0fb4a657d9d82ed93e0ba0d3b0ead

SHA1
b92acb6d18af4b6c86df729496eeb43d6d1eeaa9

SHA256
13a64fa8f5963d40effda990a9a080c4035568c50572dd2d6dfe6943529d3623

SHA512
4e554eaf5bee3baaa37aff3ee9936978e8ac121ff7e84ac472b424bf70f9dea71da241a0a636b97151d6d042eed2ff4927f06503203ce4951681c1a4cd997c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
c5eb56faa0fadfdaf7599ad9b0601586

SHA1
3b9789b233332ae831c92e6aca7f0cb93aa3e838

SHA256
41ec269da9bd1c3f11ba7d4eeb088fe2d0c842b3a936847620e4097f35d74aab

SHA512
8eea247d77f271231dd619808335cbbe8588cbd1778736d54277d8bd777cd5a3e68d2ab03ceca7aab0f62e8b69987b48fbf419adcbc5851ca37cd0bfdd08fb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a17fd8c5193a0dbefce83badb7e71fc5

SHA1
4d76972ec4a104ebf5825d4ab35eee9ef1eb85aa

SHA256
a3638d118e0454800b903b15e634c41e4056235671cae9534d0e1928c6ecd1a5

SHA512
485a513e304dec6d9b8f6df4412f61bd51c2f93ad51cbd7b4af4b533310869e0ab6b68a823b349b0ba040587720b047d40772fb898984cda9963de442e413619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f0bcc27331e72dd4a22c54974e8d5cc8

SHA1
517dff28be03595bc576ce7c3eb5dc44c47d0fae

SHA256
e35cf512235f4c861e48744d5580f96713b5988f106a36bcb71297a98b7f8deb

SHA512
1fc96c39592b719742ef8255b7bc7d7d1cae6d933db7542fe66e2411b90a39c1e9c4c329b856466de837597574855eec5b41dbc76a971654adf37afe2516a4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0d46118975342c65af57346ac9e4478d

SHA1
bd0255b6759c7b1f4f8a9baa2432e0afe16ea7fd

SHA256
6cfe81905f351c92e1845ffcfd6c0524c30226c7abfa38eed804e1c4b6ebb651

SHA512
e5c79e4619b31cff78c01a48c1c7ce1180e75ae76fdbd0a0b2d4e91520caa146a967ee9b6236735e06cfe3c03c5409c8cec40e47917de582d605cdd71d5f7bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8f0c7f721cd59c4caf703f3a55341fd

SHA1
86bf01f1efa5bc95202366f43f73e5a07244011e

SHA256
2eb3318cbc76795570595dbacabc6ecb3964fa0d28392108a45502432db02573

SHA512
0875b6d09cb37baa3310550f3f5881851770dae8c9a9ca942947a068a4a720be97faebc2579be096a343bc31d19de2cdbde5b3e11e25aa13a614e24e71905793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0ccc58448e25711c74ed3dd1263d820

SHA1
5c0eb1cc85d5d617eba583eb2eb2d014ee055bd7

SHA256
84e78b0293c75759fa34bd8b42c38b458329bef14b064a2c5e175eccb953686c

SHA512
ea48cfa59adcb80c6557eb480dade675ce0fdc119d230d0343a04855b47b4d073401975100641d09123d0e34ccf4ff47477b94cbe83f2397e12002af87cfe817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08a8f17c9c6e0c51ad1da311eb72d8d2

SHA1
4bbbb8e68ed0ce308ebd9c4f5715d48d77ab07d8

SHA256
308c7135a6c05bd2d83131abe044ba60451267782924518bd22996641ef65819

SHA512
1725585870174d0678096beaab458d3a3a01ca8c92cfe1d0199e61134b0cd3eace7125bcb08ef72727ae73063daa3d50767ac9a6ee3fa9655a9190212b830ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13a2cc767ce80b8610d69e599dba9b88

SHA1
31f498b33e27ecf90c2d9190924a7a9998926c9f

SHA256
59accea4f19017d0775f1a7584d1a393f541e8ef94c5a1a5bec40945030eb40c

SHA512
375609fde3ce8ed0932669f423e59fc1f7b93e25437045a20285911f04c08691b6d608c04c740945866066147570d2f802d21c4a6dc12b72c54ef36dd93cbd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e7ec5faf7c96d587a6c6945b27b5681

SHA1
e3e5ea6dd4d175e3c5eac9903a33d6a7e5aa4ad0

SHA256
2c37f12acee3e98589cd939e9d9899c11cba6796652053adc5d2992ce3bf2753

SHA512
e559194a1d78cf50b83170a8c23e47703a29a6f010e45b6331f56f7662251364bb6f90c7d48501c24855ea50f4f3114ec57186a6b13b650917f92ea119d10754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e4d2b2086fc22ec1328b7b8a2e24486

SHA1
413058beba20e045dd2a84706120ac2dabc83334

SHA256
439c1234caf0b8bfff63d04a96516a4b389f909c478c5be4739cc124a3c0bf1c

SHA512
2a0aa944f3074609aea113c721ae1bb9686c8c44bc7cbb00da7311f4b531a52db0c6414d5dad8705252f2ce00b4ca6d5290d39785833d369c4ec4af4393d2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
12d0f99e2dbac8293cf0689454dc35de

SHA1
37aaffbc697744f820ed98544cef629aede2a534

SHA256
84be33f9b8d8f030bcda432f35677dd7ec970e48deeb8cfd0b50a2ce63243798

SHA512
972d9bd5499ae9952d726dcd7245d6c4caa5a7f25f094abbdf23f2d5839cc1d37f70b0d31221fb48d287e6b0ee7d7da88d33da19b9f830feecc753cab9fdf42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
3e68e3acf60d87d4ff648d5a0f0b73db

SHA1
cf2d130a080c2ca2624910be9d723e77867da3a9

SHA256
d37bb1f8eb9e22f720adb1b88c99ff16c1e396872f27db43cb1ad4f11f5aa001

SHA512
5bab6c6486b68b3806f454f52049b067661a6cfe770c974fe20f5b48974efe306910539ffa5668a4adc043f1e91e007153064e9b2e36f6f996714a36b8a72700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c95c9bbd5bdc70077af0db1cb9dea967

SHA1
beaa67c7ab09e75034266e64efdad74986a7a32b

SHA256
2650b4fb8668d479be6ff43e1d8d70059689c1a966a249b7f48bdfbb280074a3

SHA512
a66da8442d6d12a64f6978e9887ab0f03ecc91a73818935a7fa124ec570e98ff983f6fb3cb4e74d7088a1713eeec68df22fce24ba1cfb00bb76ed6997bba0084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352833302937292

Filesize
2KB

MD5
b355ca45df0d928c75d90c77fee46548

SHA1
e5675bded343f790bd83a9eef94daa5c3863f3a3

SHA256
387fbd1b5f99bd7e3b0550c0bfd4f2cd3fe4d8959403afe6d8af63727ed1853c

SHA512
4a9306e75c2fcd690f48d970d43c0289e0e4bf788b61c4ac383ca2bda3c6103d4c50e8ea8ef7580c9bd270216c38ed11aa7795ae6e91213e3022035bd7880dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352833303247292

Filesize
2KB

MD5
4bfe570f68b2b98fa598daccf3a89347

SHA1
8baf5e581b42a9f65548a9901ee31ecb16b4ecc8

SHA256
23087a5428120053b13602aee7ca84e26690053572d27b7a0502be5bd91a33a7

SHA512
d80fa479c05c55e793adda04e865f64b005bc5513c3c4134b444ddbe28ef2a3648cec6f95147e79ed040b1058f38583c7fb5f3ab7b017b18c6479a6839bdfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
65e8be3f2602638690e8c88e349e0e94

SHA1
81db94d75e62c7e5cf25e5f6c76e262a781f631a

SHA256
97949c6369d524b61ff31944e670d7b80f127fc106768bf04f6efe765af36dba

SHA512
6a8f00187d15ca9c7c23607cde165d5fdc1e9a2a806c7ef9e4a400964037152451f607d6ff471acaa480add259920d873336ab49dcd1b9c83ad5bc2340465e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4f538b397175c63deb04cd02ad72bea7

SHA1
50d4d92f857a13008094af230b2d58c06fb41b15

SHA256
0872b693b9dc16a8a6e489a69e04f308bef5eaa30128eafd37aa6c10420b7378

SHA512
5cd3d95bd8f9296280af5d8dbf87ce182d2658172c260ffb32f4a0afcf72ceef0bd7f4349feea8dbaa989058cf40388dc2ced5c23ec3a715d17282741bc95c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
de742d63b52ebaef9e62985d18a1f182

SHA1
808a8eef1a06daadf0dd97df65635ffbf6059c6a

SHA256
f739d8123fd7c67947e8cd9160325387d1eafb1c32e13d90849dcbc313793268

SHA512
6c403fa5e61398fab8b8e362b708453d909a0f89199beb5281f445abdfe6318d68337c5f7e69201d55035559c362a7d3752ae953509608391a013c68a9104cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
992ebfc1ad1bd41b85352148fe4155c8

SHA1
bf4744f0f5dcd268c10532d90bf17136c1245d2e

SHA256
196b183828bfd78f7c3e37d1149ceef6e3790ecdecb16df8636b8d24f44c68d9

SHA512
bfacbb2872cfca4b046f5891b26bb6e29e0926532ef622985c0a8bf16987732c089d4ce700433dcacb53c673e9dfe8e36a6f3694aa71829e1b0fbca0842da015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
460c2e3c5301d1410c2a7e84eead297a

SHA1
d7b980dd7cb0c8374f91e88add1c84654785edf7

SHA256
f6f7079739319d47aa3eb74c96aee20ef78ee64789c08f4a23632f3c109476f0

SHA512
f2336d06cb43d05e98b7e2283a839ff34236b595fe82dbd8ae6357d0d31d6fc9ad01b4263dbc1394be759085ad638c1138c72af7388abe3d0ee7a6aa4abb3dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
39481cdf79df7cad8643049f69b9da4f

SHA1
f869852932717cad618cd14b1f5374766506496a

SHA256
218fb2d1ca201636f8cb395907a15697fc321681f4bc760ddbc9e291651f0686

SHA512
2dada9b09b16dadb3b75e4184348a1958f291bffbdfbca3d07ab0f0a5f0cec1a10ed4414ab97069684b2b8a4774569f00c75c5ff26543d53a3da53ca23c2ffdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a7095b4a5dea1368e85f18f607e88166

SHA1
1e7e4bf767c7bcb95070e865c070e7c01d117b17

SHA256
60570748279af41c7738b84877b95e4e550b4ee41a6defd74bc7d9e71add9f03

SHA512
3593ef4ae0ca52ac10c546e397862e42d1e83de17f1a97ba8001554b7de8a34952e2a5d2137b688e8cf8b0acbfadcfca2643a13ee601dcdaa0c83e2cc4dfed00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a3d8850d5ac9641a72d6ba723a9838c4

SHA1
5f9c1a486415f1f14d1db89fed7591cc63944636

SHA256
43548ca3e25dda0d2dc7ba7bf76b7592efd93cca18a967cada7f18ebdbf4bd49

SHA512
eef92612b70efcb6c26dd2c3089a5d772fff1f40a2e4c76778d0ad3144385af7bc505932e953d32f5807b71ccd68aa4cd451a31fcf08f5d927ab9a5273da9484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
41958caec1ec8f2f1d852f7a4220aa27

SHA1
b3778fc28ad449e91e935039ced11cabf9688c5b

SHA256
887a93069e51fe2208423c8a44493ac95241dc0a32d726bb8b4538edcc59c874

SHA512
449f223264c5f40f17e66b81bbce0334bf280657261808ed041a880d66a8013e335d47f581024d80a85324c9cf8a678155b26aa8b306fb508b708165457dba39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
4e90ef4132fe16f99f6f1ef8a6b028c7

SHA1
3c42dee61af5c4693cae689bbe51b6c587780bbe

SHA256
e2cdbc8dd831b82b2f2c815ff6337b6f78e8c5f2f20bffcac46fcfe2b845abef

SHA512
3b33da5157111ad035f2ea04985280542d849e3348c63f2705f52b89aaeb979ee27dfb2607427dc3a546993153f19ccd430b8bc57948c52c2e5493411c08ca03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e3aeedb0fc36f20aa0207a9dc5489cfc

SHA1
93672f3d4197b87c424aa5641a4488b5dbbbc479

SHA256
3eaeabc4f375339132d01b855398b8f90f95c28336f139df56ea33deb5402a5c

SHA512
584c2a0830b075007f7d0634952bf5dced125656a7128c56a391ca236ed670a248808df94b98abe2578e694e2210870aabcdab198942dac8f0005e074dfc0085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d15baa864b73e1a1993fa715fef972b1

SHA1
8a0a325fb98c77447640cee0ee3c99aa2c2b0107

SHA256
ddfa4250754b2c857a139b2c849321f90eff1ad484ff0e5e2e85059b215012f0

SHA512
d70f006abab599efaf3214f1eeab7288a0e576c59023be1ec2d605e79498ef878dd6bd796d435fd3faee5563bb6ec666b4f15a679811eb073bb4905a46eda739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
08683463d69de42ed1b4c0a94e3f6e26

SHA1
03a684b209c1791d100501444b821d25e3f447e6

SHA256
dd212af9c80a23475ce9c2e5f83b4d5dcc1f40ecc3266c68cea06082979f9128

SHA512
397a087d8b0083dbb07e4ed375a92e996e764da8973f8ad854e4b024a1b6870c83be1c4196b48948512522dd85ab1f20ccb0d6a53d4680addb893b96c8446829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
29718c53083911abebe89109ceb8a0d4

SHA1
84231ca15b5a6c954cd07ad99dbe37a56a7de412

SHA256
d9b4ec74477f87c24dd93c9c1d0843a97e3befff5f1dd56b9d8ced8017d8565c

SHA512
bdb77b117bbf2e031094a90328617922a94ce95ce685acd1867617e4dee832ade425f6cd9664d926dfa34334595073ed991ce9135e9452e11fe392d44a4241f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9830adf9953ca71790b032187fa1387c

SHA1
36a85a73d2e95d977825019c14ce13f21271262a

SHA256
8e41029040ce976bec2ae5373db4ade378da7782b4975951244a31326158d3a5

SHA512
e8f20a3a95008b3b5885c5f59a03d83cbf80bd3ea06eca36dedfd1054807d882157d4a6d3d21a551dd1fcdcf5173546ee4682af294158c9f2468c6a8d6631a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8d3c36069b5b2328382aca3d3dc7f20

SHA1
3ef973e7b7ee5e35c9bbf03ed6102d14a1fa3900

SHA256
b470f0f18abdba1243d68f78c11d53df93c8d5a5382964e251ccb90d80d5315b

SHA512
f832f0e0fccc5eeb7a9deea62035912c7b532b188d81e928eddc0f19ea16ced83017b86ad815c3566bfd9925df289542af2a9ebaf148b248a5ee2cdeebd54327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
8172c2518332d9b093914ff6eb3afb3f

SHA1
5db42aabc2c50ecdad93cd6078ab77abcf006c0c

SHA256
755dace1b418cd81acbf406b70b17ad260d7b58f1a61a219523b644e0a26e207

SHA512
8055f2876c53215458b834664e3d18f4532f4c966bc0fa88e38a5f83c1cdc53e492815d10df80e1de6299bdd711be5ba80e52a073afbe7588b238cae8d8d3c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
59b78d868c1d126cf4fb2ccb2dca82ec

SHA1
f5d0e4df8c6ec01e2fd80dea452a63c3744a52b1

SHA256
ea164c3c449f58cc40dc5e194ea951fd2741cc4f50288aae59dc60268d1e93a0

SHA512
43a030617d864276edef7a89102e7e2664a7d076b430027ba688013ce5a009cfa371f86362e1d668d94c5825a6ef70e98169958307fcb8fce1513f99142693e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
07b7dad7251eb53b1e64e0723d3a1b19

SHA1
0ef263945a5658e32d7ae55f6adab873a0f0209d

SHA256
cf1282895076438a799b0ea8d3d998a5b9bbc0177cfc99680c77683c810fafb5

SHA512
0851b369eafcc5b2522d481431c7ebeafd5bda94143f56fa1f205b8f79300d97af681082ec2887e2cb38a80e656c6559437bd5741a759ec409b7448542724081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\5ddfb76f-55f5-48bb-8ef4-e4f674934da2

Filesize
12KB

MD5
fa666cb3fed17111fc3b973d9252ebbe

SHA1
dd57052144ff57ed6c471f8ee75bfb57b95a836f

SHA256
d155b5e2267db1446162aa5e0a93eb19d7c15b48a205a13a7d1a919d5e7ea96d

SHA512
c0a8811c5e8280141062736d6163c86ee313514aa2d20a032213a539770795fa2c8a0f9f7b533fe77685640c5d8b07b7047cba1b0840b05efbdb410a519c5999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\8931c33a-a67d-4db9-9e9e-c2fa6accdbed

Filesize
746B

MD5
76e885cfa589da8acbd07fb719a1c482

SHA1
1552ae82bc1aa965a86ac9b7e8066e02dc09e5bf

SHA256
c78570b2671726ace6ed56dfef326459f7199b6ab54338b0a7d40af1b741b3c3

SHA512
c111f283aa2890ec77d4c26b2e7367698123166bf3df28ed13416cd4173abc88b2cc7fd6775b7ce12d65d679ed30bc25e92d1c10f738cf9e8840c522e813ef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
6KB

MD5
d4b7590233d213853b871679cb39a735

SHA1
db696e696236a3e8237763333642509893730193

SHA256
eee2444fbc0fcac9e733c4a6e0ea21636ee467307d59bd0a94d03cb9428bc633

SHA512
b518f5f1ead9f571f81ae5788ecb4647d09582b7d40825e5c67c6ef4f5d043bdeb8577b4ada2d3a9384d47b5f5f25d5add7eaf3b9a31ee2b03c081ac3dc210be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
6KB

MD5
e85fc53344c2db071012d8f50218fc2b

SHA1
56d4bf3ee6117fec52c8672954b6f09056fe566f

SHA256
cb7a384abcb3d22bae67e53e3d98bc8657e87f863884213f8ff8b93c2506b1d5

SHA512
8bfd4b241536c12ecf134821ef1d2af9e44b17876985a6d1a27c9a3a3eacf6d0e6ae5ebb5360f4a9bcab6c6e9ace4b690ce22b5c40641b91aaf286b81089a71e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs.js

Filesize
6KB

MD5
9e7e82dc4a2b571aadb155540737779c

SHA1
caba5ce9cd45c82bc200bc72b9d56a290cd7f57b

SHA256
717861fa52ae4875bb28966edc5a2306381475bbefcbfecd9c188557d5a3f823

SHA512
bcc5ec74f2e4d14b3431e1183c21faac733f70096d9b8cb0a7ff869f7079f66c8278dfdd287e94482a3cfea989edb206de16cfff336a11a0d46e82e12d1e63ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
fe13a212d94bf812f4282fe806853768

SHA1
2d24e11fd2144fdbbd88f58b32f1a87dddd02aee

SHA256
3c8891d216ef4eb38e91ffd3bad960e5368a3fd49d83084b04a8aaba9a663aec

SHA512
497fbe034091139283dd12bb32ba44af071f8105f7d08e3d5f23638fc589971b78f4430c6c7870cbd3e3c8e44b23dfbc6d6d85bd4f04cd87ab9387b75ce2afee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
520d46b1941404010299d1f79991f70c

SHA1
f41a598830081a971117a6a5bee64d75ac1ff0e1

SHA256
633c14d5eaf13b9c0a1d58c4a135e6d204b342d44f8592e4db6bb921c7a22d78

SHA512
d158af949627cb29b9f1c9c44394e61bd6317452a56bea3f0c0a436a4def9c856b4d4812b81a9b0550f22d6a6c15568a1141757f2521df9272209895da108dfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
54f8a92177bf24ea544b19b5b5b6c05e

SHA1
4c8c87c2613110a03c49bbc7dbd116bff7625e95

SHA256
d1d99fa071138b43a23516684137bc2564fad52cfb08974ae80827309b968161

SHA512
053aea996085fc094423fbcdba4694e566c364c36cb8aa6545a39e9c820d5e82a4b59d48c20927f8aa822a0202b356097ba92a4b6d25f0a10dc15148e1aecfff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
c7d68ab7381a0e06d8428c47b6a7abd7

SHA1
22b2c3f77830f7dbc19a5106b8a400512f6d7f34

SHA256
7eff8f28c9937842c52b02de166c91abb6347548313394838f8cba51092fc627

SHA512
97aeed813b41cf5bf2d4883c01188d300c1373f8a2eb1810262f19ced633e89542a5a7cab6be81f0541a19a4617d8f3c6a11167403b6513669d6292e9decbcd9

Download Submit