hxxps://www[.]youtube[.]com/watch?v=-bnVGH62Yho

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 20:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=-bnVGH62Yho

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
2356	msedge.exe
2356	msedge.exe
3288	identity_helper.exe
3288	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4860	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4860	AUDIODG.EXE
Token: SeDebugPrivilege	400	firefox.exe
Token: SeDebugPrivilege	400	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe
400	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
400	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3976	2356	msedge.exe	71
PID 2356 wrote to memory of 3976	2356	msedge.exe	71
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 2956	2356	msedge.exe	86
PID 2356 wrote to memory of 1468	2356	msedge.exe	87
PID 2356 wrote to memory of 1468	2356	msedge.exe	87
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88
PID 2356 wrote to memory of 2976	2356	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=-bnVGH62Yho
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad91646f8,0x7ffad9164708,0x7ffad9164718
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15257264451781803176,16184587760936543650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x4c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:564
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.0.2119748594\960403778" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1896 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5840293b-ee87-490e-a447-0d02ae67ce2e} 400 "\\.\pipe\gecko-crash-server-pipe.400" 1996 18beb7dac58 gpu
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.1.671526572\752890336" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f0c347d-3397-4d20-a5a8-ddcfc3a1a483} 400 "\\.\pipe\gecko-crash-server-pipe.400" 2396 18beb6fd258 socket
    3⤵
    PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.2.904370176\1894603184" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3164 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5358c6-d70f-4495-9e9d-ab40ff861e49} 400 "\\.\pipe\gecko-crash-server-pipe.400" 3128 18beeff1858 tab
    3⤵
    PID:2648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.3.1958625592\239922102" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24706b1e-d00f-4fb7-a0e1-37b7f29bcdbb} 400 "\\.\pipe\gecko-crash-server-pipe.400" 3604 18bded64a58 tab
    3⤵
    PID:776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.4.1030189932\1183279993" -childID 3 -isForBrowser -prefsHandle 4148 -prefMapHandle 4140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09352656-343a-4a09-9808-0c10f065e792} 400 "\\.\pipe\gecko-crash-server-pipe.400" 4160 18bf0fab558 tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.6.927960991\1355768740" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed4f8437-6b32-490a-8e71-f5ae10acaba7} 400 "\\.\pipe\gecko-crash-server-pipe.400" 5180 18bf19cf558 tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.5.845949975\2048106526" -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 5036 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {741e2828-a5ea-47bc-8f50-406a7179f147} 400 "\\.\pipe\gecko-crash-server-pipe.400" 5044 18bf0a59658 tab
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.7.443080550\1837520948" -childID 6 -isForBrowser -prefsHandle 5464 -prefMapHandle 5408 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b800a12-069c-45e4-abd5-0cc7c1bf9454} 400 "\\.\pipe\gecko-crash-server-pipe.400" 5372 18bf19d1958 tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.8.468171950\1721530504" -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22cfb89a-cd95-4981-896b-b9aae77e09fe} 400 "\\.\pipe\gecko-crash-server-pipe.400" 5920 18bf3b6a358 tab
    3⤵
    PID:5268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.9.93500796\814932830" -childID 8 -isForBrowser -prefsHandle 4964 -prefMapHandle 4220 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1d040c-86bf-4528-a26f-2438d964b48f} 400 "\\.\pipe\gecko-crash-server-pipe.400" 4884 18bf1bb1a58 tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.10.776834187\568688598" -parentBuildID 20221007134813 -prefsHandle 6220 -prefMapHandle 6228 -prefsLen 26646 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c811b654-d430-4758-8596-b56eafd72b36} 400 "\\.\pipe\gecko-crash-server-pipe.400" 2816 18bf4032558 rdd
    3⤵
    PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
86eac13ae042c5838d20274274d5d82d

SHA1
a1edc2336435162d57edd8e9a4a2b7ce2d693fdf

SHA256
2c700f68f9355697fcfb8a1be428158cc2937d2e0d01c0afbaed92cb2cb0c125

SHA512
313452f845e01faa3b45d9b37dd7db8bd1f2596684762d9affd50c1479c73592f06160f459c1fb11e4f7f38d185208b9c86c373f1abf34349daa3314382e337f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
33KB

MD5
4c44a4c4705e1e7ff214516345726b38

SHA1
c50da19ec6fbd99ee4c4f305e9ece188e0d19233

SHA256
7202e097880e3d2f06bd216cc9277332b95ff8b7d3a676d3ce89b869eebed990

SHA512
58c1de9c2d940b1d6195d96320c3b15030439ab71b1bf6a0d9e67c88213a3d1d29602a3079fbe4ce9cde6e6879020c05c237e1a7517c942b6c26f9da681da979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
edec96a446bc5a53e163ce7309ea1e6d

SHA1
6676729f3e6283e338a8be1c9e9c5440757920f6

SHA256
afe01cb740912d2c79df1d97beed230a0b6de3a65d5faa4ecb0c7708a809f330

SHA512
1325dc0476284b2ffcd2a89851373fd7e8f1e3c672557eec8f98f7770134943f7392de2b9457ff38efecafc5ddd29462c9d2b26fc342f4782a32e24210be3158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
abf6b8f0b02496e2d5f5e74b0df69a93

SHA1
963c65890496b26520499a20ed84c444644e419e

SHA256
5c1f1b8da5a5cc9de0f53694887efa595823a1d9b8536eca7baac2df4bceb0e6

SHA512
07103993192eaf2714e11fdb6ce233ff14e00b9d7010a3603a82f17963b2cdbda3325332b7827791a7371a420a890a307f3b621b0fe2ef33b2d38296d6b5791e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9ce11a869f95e5e9188f08b0447db936

SHA1
f73700e340ba671ea80361fc0ca851de358333b9

SHA256
f1c6830db41f6bf969434722158739ae13e17644fa4d3d946e19eff41696055c

SHA512
5a0617e5f371e590def75e00abcb3a0c2c5126d00b73880e49db36a049bab53d3e83e88ce541a0bbf690b294a2dec6c5bf49c00ed0538d9dc38492373cff0559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
ec7d85057d6ee22df2b8347bf5d298dc

SHA1
6b795e090aeaf8fa46c8a90fe65be292957183e7

SHA256
67bfa76bdef952c3f50dc396cd0866ad2dfcd01682d27968a4f7b78520b02c7e

SHA512
0f4730404c3d7ba59e9f3141ffefeab10be9e61e2bfcf796b718b6f64a8d047d5741ca6040f3a39a69700a4a031a2f062d5a804cc1d957ba2e13a7b02201ac0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
07cc046f6aa9d4bbdb3325eb1f3da969

SHA1
4b08dcfbe8d91f2889659668632ab440eecdc83e

SHA256
ef9c248dcc9134729f0dc24ea2f3ac0c5d96d0fa3b330e8ad14e98ec05006549

SHA512
4bcc3ebb82f0900b0db67c4cbf9d1e4fd208d8e830de02846444919adf2985b8ced4252031c833da724f396720ca60d499e80a8916cbe062d5d77f83de6b6cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f018cb30733bf5c8bc26600296445abe

SHA1
41f72268f73d26c17fb50d88d52508d823dbfbfb

SHA256
d300e5b4ad91d118d18f3ea7adfc2bc05bb2bc3339a6ad811185aa964890289f

SHA512
a565bf13194b4fcfc01809c9f68eae0aec783b8e6b5c8f5825a771e1a82544c2be9a6f78ff9de05460c8859bb7b1af7721695c862caaa1d341095eba0aed8485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd138191f886b3d66a962f9e946cba5b

SHA1
b56a5e990141ce30806bbcd46ab83747d5dd9245

SHA256
2e70db879e3d073fe8cc41f891c59372fda0fec34e4e2ba6668e3d8c0d4800fe

SHA512
30b9469a3340af2661d7cebf7649efce7515117da5080cdf25ccb2a05f6fcf971b33a324aca25a1a0d806606674b95e10066f25d6c89e6507382cffc27e8622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ac34be1289f90f2a6d489b66374db52

SHA1
10503cbc0a9404e0d6c12a72d06006a7fb981e20

SHA256
1988fded710148781cf20d538777a764d978c55b1cab9a83e58cd032f31e32c8

SHA512
1c0aec641915a0acb55880825dea62697ba131161381a5bb229097450ed2c935957c85baf262ce85c2c069a709232a73fdf52bad11a3f6bca8601c26027d52e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4d7679a5499f1bfb36d45c27f56d9a8

SHA1
b92afe54d1513ce7d1132a174151a09dacd14364

SHA256
328b24a136990d73fa34af13bd693d26e30dd4af1fcddbe2b084ebbe3ac4f097

SHA512
e12894afb186068f0f394680fb04aab4462d738003bbdf0b4ed58b6cc15ca0c13ace309faff0b0af83dec0b9522466de1186b0f791157fa0351e1ad0bdcce752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9acd1d3f142c7a3a0f4def1842837147

SHA1
8a8daf821d011fc73ab401b881a24cb31fc4975e

SHA256
a2084c30bc3fdc1e6d5eae4715cee36618f36a039a1fbf47c9e0e2dab8105478

SHA512
3c7a5dd4f60db2ca55f8fe34567baae5d058bb6678b2c35a640436cfee705b61a38a11c3368da6f9dbd836948f0b952bba6b47f9779709a6ad3af68df4427aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6831696c-5908-45b8-ab2b-c62d44e6b000\index-dir\the-real-index

Filesize
48B

MD5
3f318af858315bd1bf5d731590c8ea1c

SHA1
353edf7048ee677b9037f9bfe69acdd346f24100

SHA256
a52a39528a5e23677c1edfec468981e71b6609b9a7fd40a1628f458f4b41aed9

SHA512
8ddb0a00ccdd7e354f795dd02cb2a5e61331645672383e7242f50de29c8efca1a3d7173df43aca064efe1d4971e0f8b3c53cb33a03dc9927d6b974f0ce284b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6831696c-5908-45b8-ab2b-c62d44e6b000\index-dir\the-real-index

Filesize
2KB

MD5
e9144e689692e5e992b026eee436666c

SHA1
0c40868e04720a53a800abc1514e8e517992bec8

SHA256
e3e1c74ac987f8f5ec6714bc629aba3b7326943b5f956df6d18b8442be9d2386

SHA512
7f0b40c3f2f409ef8e3fa93759f8efd7778c2e6d83a3b0c716d1420b23df0fd42cf3f591df9fa71455cd7b7c4cd3720d43fdd65128d935fcd6568784c2a9068f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7bbca3dc-4b4f-4dcf-9a28-94f2a4f68551\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b7a915a8-397f-46a9-ae62-38123a556f7e\index-dir\the-real-index

Filesize
624B

MD5
e918b5604164a1d9ff41e4e7fb2836a7

SHA1
01dadac6d5b8ced6bd2ad31bf74cdf291b10a29d

SHA256
664dfff1e5d08b75003491f6727cc052fce18f3408b5a1e53df8ac702a42f354

SHA512
d4cb7f4b1e834c4d76cd4c9d053ad3bcc5c67219484449f519925482635e5faae867257e8d5ae7733b602133d6ba19bbc135435707d248957858c297a96c2d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b7a915a8-397f-46a9-ae62-38123a556f7e\index-dir\the-real-index~RFe58216e.TMP

Filesize
48B

MD5
dcab3e51e1450501c5f36d0ebbbdef72

SHA1
c482e31a08093dc62c8524111ee7e76528c4ed94

SHA256
f24896d8e8922b4be168ea0289fd3c0bafe894f1cde78a52e5f9741e58a27639

SHA512
5f54d1240335a67ea9146a1dbc8000775b800aa9091c22ebdbf5fe9fc246c7ddbd8ffb8e5ba8381dd4b030adf10307d410ea193808df295035ce3c38e3137c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b84a505a747e1e2726351982dc662ea5

SHA1
3ddb50cdceae653feb33653a353e24fe25289be6

SHA256
ca39e40d0ae2fc1b2db648d188623d5226872c4ee78c3ad8ed7d65e856f94ba3

SHA512
8493c3ea916178247ae7c077cdfbda70d20b29995c0197cbb6e578d4f37947fce2276714562db114d951dca768d9da512080409ae3fd186fcaaf512b10fb0fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
c3454843efe20b63491f66f6b589dc09

SHA1
46b4824ece98eaed4052bd7afcaf38e2ca32433f

SHA256
a3b9435c6e6656181c2b554bba38d8775e8411d69233d213b0f0e958e603f35d

SHA512
631ccc3bbd497aa0c545dcd10bca657bfba01e3adbfdff35c29d7bb90e2e1ecb9b78b39b4a1ade3eabebcaa69e39d4b00971312847a7e8ec6fe159535cd1b10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ffd427deb433fd04641a8ad760286422

SHA1
e4ceffec29f38defcad95f6e033f89f1e1a10114

SHA256
4111da00f77f3b4c51deb43a891e3d967eb134ebb327a42bd386942e38d7ff66

SHA512
06dcb88ea79e89ee855a0a814eb3dfc6c81112fbfc0173e02d98a5457f6140d3b06ff42e9b434ef622b096e1a5ce5c2c60022aed7251b3ad0358481a98864d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ab70c071eabcb25825b0f7c6ac4c166f

SHA1
a92726a8826d5da620fc24d9a122797093a02511

SHA256
c9c33b9b9d0eb974170185a832371af0e93b16cb712d44cdf08833db4471c509

SHA512
8992c6f699cbdb79e0fec72d4fc386e00d14c5d0e88e3b987c9876f9687c7258720f0d13815325da97298795bab469db3323bb47947b6d9194c15c9b1480346c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3309eec926299112af837c5fef3044a4

SHA1
7fa241f938e174793031ef225d39b736c69b44b8

SHA256
8017ced0b7f28d0c9c1f3f56e1df0b9bacb851405cf0a8228b64a3d5c106a306

SHA512
c7d7c2ba01de78711792c180d86de294ad268c4981ef5ac82a01676e6bde3a80acd80789c3629d1ce30069244e097247014017c79148f65f13970c9476ee5702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
93765542e0d945193edd1b6fb5a49136

SHA1
de0665ade084fb8afcca0fc36df7b2a65d5ee622

SHA256
4cab6fd784e93f8e367dbf0650e58800163c305e1e6299eafbf460b7c807b0e3

SHA512
c0fffbdb452e7091dd582e2c918e1e3941c7bca2aca6dd86553ae6d85d7aaf3ed65f4c601d2a9784a5609b58879a89c1788195ab4d0e9365783bf78467c2c5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e1875ae252a5935269405ae950912067

SHA1
834cc5a32cb2af4ae3869cac1cc91e4037e5db81

SHA256
c1f66f87b4cfdec395f483efe1cb43fe222512e47489c6689d524748e6006a90

SHA512
a0e7dadd210b5d4314f0be64ddad95a99eaccb804a6820355922bec7e98508ec8de057e8cdce6cf1c41ae804bfb72273fc8ee82fbcd9b11a09c07c182cd928f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5802e9.TMP

Filesize
48B

MD5
cb0ccf21abc43e36715f04b4f9ed9cfb

SHA1
35a1e75730a7d72bccb7d45afc6ae8d91c3ae2d1

SHA256
5b31d0380a1cbf7fb0e8a344859ba8ccbe83e3c4f0a47a1bb483f3bb9e22c6f9

SHA512
ff0132eee4f9ea228418860ed786ce64070699903adad194d3c149eb8d9245cce9de9a8f08ba1eadf8bae60bb4bb9deba5700c31caa23556813f0135c2aed93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
96eb8263a61af7dfe5864878e2c548a3

SHA1
dc837dcbd4d4e0a706bc96be433307b45c2ad009

SHA256
586f2c367742224bd0f6235c0abc9374fea595ec24ed3e624d54064c938c5a19

SHA512
eb234212fc0a26d0d57af0f77920a0ae7fb23ae3ef685be341c7a22cc5c592b447d721ff95ec229182353fc5426d3dec63ef4a90d94a1367d60c3aed8cc73dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7a903ae725ad1da0131ff85dfbecea62

SHA1
b731bc0a6ceb2d64dbf003e3faf4aab23590c86b

SHA256
77665474c671beb33076c86e9ac3efa86eb4ec36548f7f0922008ed5b2919a29

SHA512
224bf0765fdf791313af35759df19cd4294b90d126dfa4a9cba829c564f46e1c87f4b38fbd081d38914c4cea885c15631a902b749edc6f64aa7bd4fb731b3c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d09e.TMP

Filesize
706B

MD5
a9586911a3bf470124250da48d57d421

SHA1
b04c1c239ed88232b75bab7c612cf685d6486b15

SHA256
763c1c4eabfabc9618b6b2469822e127c26d2f7bad822148eec98b390c7885a7

SHA512
b462c1f39b80cc4c5f61fb28c7ab51b0c61914b0f23f43cdf48bc9c8843feefd2ce6b4474ecbb4d912002aa2a85b9177ad3035188f16d4548c4c01c7d91a71a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7dbd1229892dd0d7c4cd0161649fec0b

SHA1
0927dfa4bfb5b161a1cfbbee8dc7c5ae17fd2d8c

SHA256
1773d56dae620cad0afa3b712f3edf0d7fd0cb4e1d1eae9b6e424839e558a23d

SHA512
532ad1d1a763df0fda77e17aeaf452f2bd6d55727ffccd6bf602a11781234d81d4e92b8f524f14a35181dad931c6e2c6c995097dcfaf835c1085973370d5a962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4904593d6ab1ab28605c13e496b38839

SHA1
aee081a9962c32b27ab6a6bf611ca1b9125b6d1c

SHA256
c75ef90268e8795b1d54b79e79c39f4f488b4328ee7085065902712ab867123a

SHA512
04c3ae204d2a857073aac359914bacbbaad02b270e373c34e557cbc877c449f9772737d6ab8a6d855efa386f3d02683fafd8e79aa02b9715c7670546b0eb77c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\23940

Filesize
9KB

MD5
8a17bd9d5ae8507ac7dbc0972ed073bb

SHA1
8a65a3f1016d9acef2cfa84505a21056ab444a13

SHA256
4f6c9ccc177ce203f43e1ec1063f83fb59614c7326a32b3557081263c2764205

SHA512
48f4d1f6b6775a5e823dd3b13b16b23965ee911edacc83b8a56d9c0764ba75c99660344c93fb88f5cabccbc14829c62a7258a9da24353dee265752e1b11af462

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\29455

Filesize
9KB

MD5
aa5474b0a8dc8e47515f7a383b1674f8

SHA1
f8f46787ebafa2d9f1598070f22eb8b93343c5b7

SHA256
4287b4eb7da55752fd96443a1fa0d6b0a71a39f9c9cdc5c6d95cfdcc1d56b7b2

SHA512
34616a687e9474e36f0917a9ec7c17c063f00ec04d4f00436c2c8b6065d2647e8462e141bc3966739d2e6ad0929b95e41643d289775d0adcca0cbd18a5ae60e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
27e7bb4fac7a0decb91d7aa97a90a4b4

SHA1
4bbf5d2a6255b4b531fd60f9896e1203bfabc74a

SHA256
79e3f7faa31579c8d7805c3651575bd680e86d1d3cdfddf1233b20d74ec7d98c

SHA512
99d7b4c7b5f2ed9c09a2e0a1a387c300a012f35d713a12d2111da5a5b949243d078b5914ac0084956ccb1e13df9f817a5375ccfb05d565e825961211fa849893

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\1ab4b676-76ba-4bb6-9b88-34f16563c9bf

Filesize
746B

MD5
477b14a77223e080a89c1fc21b4eb2ee

SHA1
2a5d857e33ebd225dde256511d68ad344c77f698

SHA256
852f6597ac00f330f501e684ba7985c0fbe2961e5f23818bc46ea79fd1ba48bd

SHA512
56effd6edaed8c3d5e09168b37069c711423cc688abbba48f16cf7cf4d619f9da6997eb53b8edf89ade70cfd6dff480f47f01ea23cde3fd25cde309a12031b1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\967789ac-8b1f-4ac2-b045-24389a7a956b

Filesize
11KB

MD5
2860557f15174fdb74413ee3a79d0f9a

SHA1
db916d2e24382e0e738de7f08e53f978b7567d65

SHA256
962fefe9ff0bbea234276763d8bbb9c68a170f676cdb8e283fef9d4e68d0e468

SHA512
85223ff0b9c833949ae27439bb0a9d7de32ada77d76b25f4d1ac160a12337fe09662dddadfb6b7d7b80c89592892e822ac68957e008ea400b7f561e7b1c5af7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
3f0f8aa07c5db863a6743e37197e58b6

SHA1
070e3014dc4216c2448237be3336b19edf0f0bfb

SHA256
c512d09a4abf6edd03724bc9af58757926d1b1d0d32b061f81ecc3f3247b8ceb

SHA512
05bcc3e0951b385ee7591e0d090b335de9d6f676981e25f7b19af87afcf3b9cb10acf17395727e0a7bd901931b23260b4944329a190ac421c090b8fa93507db9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
a3c8621dca523c00b984918117577341

SHA1
3b2f9e06ad5c27fff083d5d20c771a78e6d1dda7

SHA256
868540fb9083e90583addf5674258ba5fba2c9e2dcc7253b94670458fa674b27

SHA512
cfdfb128e9f5b147359d90e5606e598e6dfa922e9af92d1f8f7e525c5c379983313cd3addfee9243a6113f6d36cfe0d8e19b8f41c562642374dda5815d2d73e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs.js

Filesize
6KB

MD5
a4438abca48932a01cf60c1660b711a9

SHA1
72e4399d142a308b3e534c7294f4cdfe568acc7a

SHA256
fd8a16097d03afaacd42d620c4031d8a79a65cdbcf05fd4f48081f58034a14c6

SHA512
0521871148ec8e77c0cac648d72bf7997efcc70ed2f89dc5f2e0a3dffc00c1a935d7e580adb96b598e01491e9ed12ae2f6b431c5c3a8737f33546a429d91fc8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d45a4bf5898b42ae89fb81dd0f1fdefe

SHA1
3248f6ce23b447fe0ec41bc5d9c9451f52192a56

SHA256
a02da2d18130ac442725c8b9b6276aca24c852f2a42776ef8ca155eb1a042193

SHA512
ebb425ae43f7b2a31de8cbe196d6905cd1b31ed6aba474d56c8c80004fe4e4854dced8a84895a9e7409364a1913a8a2aebc14219733398da942f574a7141020c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5f584ac269c4e8fd2b4fc11dffe4fe79

SHA1
b5dccc78f6b20b597998707b174dd24e69b7eea2

SHA256
63ac7af751ffe319e17f4b11f491ed6cc3e2aade364038c33489d61f865c5e5f

SHA512
f7a8a605cbe0c78f7cae8fdd91b33b25c158d88e4fba7a8a5266112afdb62f7c98b794df6186106291f23a0f9bc8ac52ba60e8dec203bb5d347830e588e1dcf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
bffcf34d0c32227cf8c4a5e5f9b0414f

SHA1
45cceb6b24c62b8fff1f0a4a53ff0cfb8677ddde

SHA256
22fa02523a52d17fcf5f7e73e32cccd494d38e95c30a26da1fc6003b4cbdc6fe

SHA512
12c2d8ff7954da591ce485113374d3c06f8458f94a68de22ed0a729683ec09495f18d555b0148ab203ebee2ff805a61f4c34560cda3cec9fb8386cee23714b00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e4522d9332b64d9a5cac723ef5fd752d

SHA1
901d63a1fc571406ed2a34798b852af309bf4ebd

SHA256
b0dce07c7c1112c5e8d39c6bb87cd1d3162d22ce3bf6c5ba6a7f129599015788

SHA512
ddcf56c60707a8e2e6af3626680e62081df1cd8a59c44daef953088972b32db5730b99b6a6b6856f2856b314baef3901f27388af757d9ac52cadefab113ce065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
4b187cd97e9c4827fbb4306276444216

SHA1
35352694472efa275d172eb63ffe8df937f3c485

SHA256
153c5daf63e2ef61b70fe69969eddac0d911a5bb5e5ba8049eb41172d90a769c

SHA512
ec9b5f181909fa654f7e760eac71eee9b80bb708ac69894649603c95ecebb8035a4e4035cc9e8908aa3c1ea42c4e036491df65541787d82911c6d3b8a20f74bd

Download Submit