hxxps://ransomwatch[.]telemetry[.]ltd/#/INDEX

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ransomwatch.telemetry.ltd/#/INDEX

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
3336	msedge.exe
3336	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3484	firefox.exe
Token: SeDebugPrivilege	3484	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 1872	3336	msedge.exe	85
PID 3336 wrote to memory of 1872	3336	msedge.exe	85
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 2100	3336	msedge.exe	86
PID 3336 wrote to memory of 864	3336	msedge.exe	87
PID 3336 wrote to memory of 864	3336	msedge.exe	87
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88
PID 3336 wrote to memory of 4688	3336	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ransomwatch.telemetry.ltd/#/INDEX
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0ae46f8,0x7ffed0ae4708,0x7ffed0ae4718
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5077125778791467918,2573766090216969187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.0.1490088400\2027530932" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {875ba710-7a0c-4a24-a784-16399e9b168b} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 1944 1de145da258 gpu
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.1.1337410038\2078811397" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0bd422-61aa-4c52-9877-4a6585078374} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2348 1de13f3f558 socket
    3⤵
    - Checks processor information in registry
    PID:4324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.2.1638742818\354636926" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3064 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ecb7062-dbae-4a21-8734-ea2799a0775b} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2992 1de1455ed58 tab
    3⤵
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.3.1446197951\1781130651" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {607463cf-2780-4dfe-8fd6-0eee9f63054c} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3636 1de07b6d058 tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.4.1466848607\1639235175" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d04a18-72c7-4818-8fea-7f83c8758703} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3652 1de07b5fb58 tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.5.1464214023\767921525" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5036 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {703bf14e-b390-4636-baf8-fb14b54767c8} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5112 1de1a982e58 tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.7.1297588849\284593847" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c8e4c27-869b-4d78-8d9e-ada03dedcb99} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5436 1de1a982558 tab
    3⤵
    PID:5324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.6.1274604258\1918198165" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2999e4f-566e-46b3-b8b2-cab560fe1978} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5248 1de1a981f58 tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.8.1460490061\2113922054" -childID 7 -isForBrowser -prefsHandle 5964 -prefMapHandle 4684 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d565be52-c101-4d31-a1d6-e8246ee5debd} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2712 1de18cf6558 tab
    3⤵
    PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d58354580dddab62dadd944e7355199

SHA1
793427870bb4531e128b255fb992060b237e85cb

SHA256
b9c66e66c510b774d303ddd2a3cd21b6542917419ee6e26a21b55308437ccf16

SHA512
0c36c87f9326589e563edf832d828caa71acb62981308cb5f2e316b58744bec68c0d7522e8f905b45ee4a675d3590389cbe319e31e32e16e94bf30f8a4740371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e37c6c3da593c575c13672e158fad0d

SHA1
b156020a86f696a19cf917a22570fbab6b6d78b3

SHA256
605764f32dc6abbb1dc90eb3e2162ae0d3c78012ddcf0899337b073beb5d2025

SHA512
58ab4e590a21d17552dadcfe2dc63d38858d9a49e3c960a436d2ad40a35eaafa7c4406dadf905db9bdba1a31193086b4cf4c8d933bcbbda24cc04687b907761b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
bf3ad1fa6159bb2258b751c532094ec6

SHA1
a8a3eb4ddfe9ed68637452c5287a8fff58beb51f

SHA256
93c0a3e7ab1c62dd6ba39c4a62fc8c85e37e25c473c575a4d22622a1f5b8d6e5

SHA512
6ec968a77b0fbfeb91d1a2459bfea466e077c0d0166a9608fabb45e9e5cee5e65452ff585e22571c4bb2e07fb9e2ee8c00c0661238a1f768c83e9153df48d80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
502df20de10bbbfa841f4718a4b9e423

SHA1
1dcc631f76c3735ba45a0e5472b65d5ceb6cb78a

SHA256
8d000bb07111fb7eaa21c19a41f98d41db7b0c3600a6692fbd9be85be6e89a91

SHA512
39aaffe49403e252de1b6129fc529c3fc8e5e3fb985fd373c9608caa0c268774d02348173367ebbb773352c5262ba956c824138e541af3433036cb1514d47dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
82e4c5c47ac0f2d683132664a558a657

SHA1
ebb905df390132fda9b460a863bd58e899e249bd

SHA256
fd2b48c778e4db9aa223933e057ba767dbb9f82437de69bcfc872366d08671cd

SHA512
8510423a6d4e80388bb46a3dfa278084116842b407046fb2ca5d566b742ed49a1864f758c9228c86a34763fdfb69ac57a5726d29c4b2e09136e828551020f825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
120f699889d4d9176eae1ac8fa3be3e4

SHA1
54f27f182c6f260266da96f14dfe615bbb1c5375

SHA256
6d6fe282256a4c1b7bf06578cc7f99947bd0730274d69bdbd61fb15e4663f77d

SHA512
e354cae4e9e63096107ad10c3d96515a69632373252bfb114569042b709442477949041d3d6e8a70e47cec7ead37729d5a5ca333e56609335e5707fe59b7e341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccd9ea96246aab248b6ecbc48799349d

SHA1
4089aaab7f07872b8e237c9c413e78dbddb08a64

SHA256
1a651c14744177b1f4a65dfbcefd9f8acfae55b5c55c1b28e822761755b47787

SHA512
099c50f3e4b96864d05a03a7570f634b0dd76c3425e797475159ccd13b5c228ef47448f4f8627c87d2cba74db1454d0c57c93137ffae008757aae361fda17cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f4040d5f44fef21b0b64beefbbcae79

SHA1
1c02f5d3ae9eae45f0c8db21fb77e4feec076926

SHA256
960900add4c6c065c971cccb04cdfb96c49726a1bfbc984b5f680d6c8e0bce9b

SHA512
0204857e1ed0dac4a7e05c0b1d7ef168c5ac28341ba1bb78a1d740524b2e6540122a552f02db89d1f955b1ad9e80736e7a932d229702109eb992dc45677032cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7af28fc0ba304778b3fc22bcbbacae9

SHA1
61b47446949c45f94c7f0e3f76777925044a3712

SHA256
029a28b709eb461a1451289760040d052bc0bec082b92f2818b46f442b6f449a

SHA512
fec2e477d406ff8cfd944a1075b90b1b1ad26d319c2f90c3c36cd61e72835da531d6141a7c85b9fd96bf91c3482858f1a0627316e31b196fc5e5fdaedc63dabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2530ca7c9ce777614edf74aea6d272a5

SHA1
1a12ffe49c91e53e5093d29b5ab1d3ed93ae1084

SHA256
84cdfdbb3807a9ff88d7695fc669c2131bc11a287cbaf455ec5225c5aeb9e715

SHA512
8f5b628c0a4e619525f576889706db688640a5e1787bdbc167d7c35fd756e93b24b80252259972b4b3cc5ab4ce24defcfbb4c41b2948a121a86ea28cd828de39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccde0b8b33835b7d82c6d3f75a265016

SHA1
10bf48c227ccfd0c26d4361c0586eb89a28ca9c2

SHA256
0f44e132f65cbdc74482fc0230db244b78d5441cc4764341996eac840e499b21

SHA512
9ae6e31a2f3d4d71a66cfbebafff32e217b972bc3362a62d84c872867d8642a7413c048445a72adda06e239d8b7b12ba0b98602b562753eba444b4fb7697d22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3aa9daf927213f1956a2c9667ea04a09

SHA1
30feea8a872d7eba20ffa8bab48378feb247c000

SHA256
11666e1b1199d8e10db6005a936b20388a7a491f988d524e8ec5da1d2f36d844

SHA512
c8552e71b8e1c93df3d85dbd343cc216d6117826d74338a4a051911fc6d144a0194b5a6a7fce9dd0a1f513bf7b1f9e8d1ea4419a26592b93e75eeb28f8ed112f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9850328878aa35fa247f8607b001cd15

SHA1
68ada5251aaf5993442a35bd5d4d289e52e68da6

SHA256
270697b94a50f456c3c8465137c640e795f05f8cec420c2b6220b7d85a50b399

SHA512
c0041195affc8a48784b4a102a4c0d681162e68cdd631a62f4b4df8346e51a9647f0ce5f119f55dee4cb5bc9dafdf77b60fec8cf28385023c66c9d732303303b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
43899ef630fcc2e60f7438321465dc8b

SHA1
d497c104e4e9625200036a114ea714baac575cfb

SHA256
49783bbd527fe158be1ccd5ec0773d12e26ba9099f240e37eb7e4c7d7217326d

SHA512
f05147f96a571fcbdf861ae309f7bd3d34a8b96f0426f53cab430c085d6983096aaed978b17a774bb3a713dcdf03b721bddce0b932f6005dac684d89d50eef0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c059139886c3c6844439a24bb1b23d43

SHA1
fd26f6ae8746c650909f4f77621749c5dadd31c6

SHA256
1b09ee54f1d96f87366a05df11d9c7143f3f946431db7e3f762a75fd7b3dadc5

SHA512
5d758e4a5254d90683d12b480d337d2af0f96790420fc7f00b1d4c728057c36e50f39b9252b74f08f5e91a996631687dbcde0db7f6eb164847960e99bb578b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
37e63f674932e5754857fb467494ba3c

SHA1
96f91b2e1fb77a88b7e0eed384dc4581336321a2

SHA256
e45ade25d9f81fb1553a82d46a6fc848e813cbeab16ee1e7d29d73d9af8daa2b

SHA512
c466e723a2df9c207801aa27bca9373abcfd7dd8023610dc7d21ac02c756e86d86c48c9064810ca0f9f9379f5f8f50922f60f08353eb3ac10117e63b48152047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db8b.TMP

Filesize
203B

MD5
1b8ec6ca7f871926268d8b373c151699

SHA1
9f201d1588a0fe8d41848b39933ae9bc734c92ab

SHA256
66a6c30cff299e83c9a954cffbe949de0fb2d50cf7e1963238b76441c91660af

SHA512
d70ac7609e09beac86153d61f596a800a9ba566b30feb28840691cc8ea6db17db6b5cd683e1ebcf7336c7e2617c56dfeea226c97ce2788733cd0519a28d5cf97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9726538fccd8690db4121adbc877673

SHA1
87ee5966a66fed094811f969a5c305886e7b41c6

SHA256
9f470a52bd3efa02ced3a0bc4e4f1addbe82fb0e58138ae84a922db50308176f

SHA512
fb9a20fe2f7a134728eb2e973db9e1198ed8a349c3fbf8d9bbea92fbe8fb4dc1e039396a785404ac3c6ed2d420623a4d2987a97c401c9afcf301c6efe0a99eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
29c80d3c0d493c3e33afe575a6578ecd

SHA1
7a56be951099142610279e3ab2f8c885149bedd1

SHA256
42fd14094f70cf92bd3934f4109789ab5ac4d25e997d694fdcd26de01abcc128

SHA512
e9b77741ff45c9fe1ff824bbd48a76948bc033f21ce19f3c469bd54ba51917b5b54707e1b763acd32780ba359180d3f0f3f5ca345403fb887fad2dac54c8ef35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5eb7dcebd606508b530a24eb12c7f1f3

SHA1
974b05cc917544e2bb56093536e2e5a995d692a9

SHA256
7a4067dc186ad1580be8eed34f5e193aade1e71d22ca09a2afa33433b6f4d5ab

SHA512
ec5ef15c96e048cdd3618594ae05ab90fd482a1d79de91a359d07e5fac9484d57ed6edf882f5edf11ad7545ccfe88b1bb44a14eb72e93f27b57b9361e184f70c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4a7d930c4a40fde63dfe80f3f233228b

SHA1
59e36d1ee009c1e1a4b2247382c055d180049e78

SHA256
42319e4e70b4e8e9ac0c9a8cd8c0a371cc9bd9b3d10198b137c78f1f462b7ec1

SHA512
45762c61c5b598a7d74c7f95b91ff0f6cc3f875acbc550a665074f32181f6b9a36299e74e357cfcaced8d003d3e070253281a7d5ed387d5df15e4fb00b6c6022

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\949d009d-2b6d-4860-b8cb-9e4a6ca95581

Filesize
12KB

MD5
a8532f99e70de141b9813f91d8b9966d

SHA1
933448c1454587a5f8ee80a07a061cc00f8709f5

SHA256
705f3fd8a64b18cd05f51ab8d34077819853505afc053cf11e2824fecfa4a9c3

SHA512
ec00c1feb93be0de789013557843f2e1e2ea2ccb4f7a752a97e343db80c7617a73afe20717c9bdbbd766953023dfabca4d23ea6c89a50e3b378e29120bb14c30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\ff2ab1a5-0af6-49d9-880a-121bd2139361

Filesize
746B

MD5
5090cfe5f173c62c12e11809b19a6264

SHA1
70c2f5f4898683249da0ffd3e2356367b9898277

SHA256
5ba69d6f2d6ebf7e99f736ce4c2f2fa3d579f8493bf16711c1a045ea291afa63

SHA512
b5e414f809c1a9d99493e6af9ba784a525dfb0c16ef4568fa97f740a18b055c81373a6104886bbcd8f48cbb0c695fef2cb62d54073998a3743b37ce9c725c428

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
6KB

MD5
4714ddd12f799569260e79c68b5ea19f

SHA1
e68032cb9b21ce4a0b2ae1c9f43ddcf925a197b0

SHA256
c8dd892f4ac807b5854ad8b5a8e46022ef3f2b5ba71314ddd665df25a9c08abe

SHA512
b9ed2916717269af299fac0a637b517592de75aadde2896b3e0b0864de993576ede275891a7ee0bc7e55dce6a61513651be2b5509db5880d4a07951daeb02b0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
6KB

MD5
37095b41c679260d4ce492c39570bdd7

SHA1
6c65eb748f310edfc0bc7927f6e519e25362f83c

SHA256
16c5a565e9958d4c5c471192b4d0167d6fc73cb75c2dca3bdc687aedc3a54d40

SHA512
0fd7fcfd89bcf3950e4a6b2d0bdd2ad738a707e5ea7e1b78efe7b27c67112c745506f2c9448b99d1752b9d4bdcc97067ef404c4bb19f471040192a69909b3373

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
6KB

MD5
054771c17cdecac43ddb2f43d99bfa8a

SHA1
96dc404219255ef42a0fc72eb1bfb185ddb8b111

SHA256
a965ac269064648c0764670d9d8a858b5923f265aedaa35c4fd9f2defc5a681a

SHA512
a6986ac2508c0d0330979e6ef96a36c0f542aa0907eac7dc0e0f531aa6617d5f05f83318ab38d275b0116770a18c3cfe94371f4fc701e9756b42afd1a0cdb2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e1cb0bb3cb0940876fe58b6f2705b969

SHA1
b1cdb15439ccf956493599d6d4ea407f865fcfd5

SHA256
3d3b0297ffec0cd4dfb197fdcf5165eed141d0282105f0108cccbe55af0b4659

SHA512
c6791a933f74ae21a202e23d0026ed591c54e4cbffea07da6c96015fa6f4d046e9c07d4a024b23826f890c75c00fcc20d8c5411fb92428127915c1c18f03601e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore.jsonlz4

Filesize
974B

MD5
92bee3dbc386f8cf264965b1e75ffa58

SHA1
0a229a11815f405c7d5109f9c5af674ccbcc4316

SHA256
46f2677c70677983eef278ce61e192f721c1aea7b1be228e008e7e1cfbb9c465

SHA512
e598eeb6c2e699278de25fbe8a2ebd807381f1a016de9e81b613a93092a2644436d89945204d4c31bf0c843a133ed9c6ae312f37c5f705151c824548625ece89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1ef7ba87efc43a51014169e3257b978f

SHA1
1fe3ae81cab6866424bed865e7210700f3de8711

SHA256
cb7c9fcba2bdc4880c9d9e91fb287bf3476bb72c321026ddd54de1ccb0d6470b

SHA512
4f984e9216efd32dc7fa4d850f610377e52f9c7b02c53905fb0233a531ecc8e0040ee97e8dffa39caf0322e2904d06d6632fa8bbc10758455ae51818eb81e266

Download Submit