Resubmissions
27-04-2024 22:28
240427-2dmtbsac4y 1Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-fr -
resource tags
arch:x64arch:x86image:win10v2004-20240426-frlocale:fr-fros:windows10-2004-x64systemwindows -
submitted
27-04-2024 22:28
Static task
static1
Behavioral task
behavioral1
Sample
HELLCARD_v1.0.240417.html
Resource
win10v2004-20240426-fr
General
-
Target
HELLCARD_v1.0.240417.html
-
Size
903KB
-
MD5
df5355151cb608fc16044cfed37ea6ca
-
SHA1
c3aa763ef46fd63abea7cc250d7022682b75cfd2
-
SHA256
0057a052bb6292cde3fedf37882b4feb218fbc04433ebb92dbcfe700ec89581d
-
SHA512
68ceb14c12994e1aac69d0e55e70b1f2c12fba37147a678b3d2861ac8810f05c30cec45f8c9eec6fd9e5a70e8cf8379c66446c6b36127343a7fba0279ca49eb4
-
SSDEEP
24576:sBpm+cbo2wBQ+tqSxV8ThyFIpW0Rm+cbvi:K2wBDtqSxV8ThyFWW0wi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 9 IoCs
Processes:
msedge.exemsedge.exefirefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{74C00DDB-7F59-4ECA-A5DC-11EE5FE3FE0F} msedge.exe Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 4992 msedge.exe 4992 msedge.exe 1368 msedge.exe 1368 msedge.exe 796 identity_helper.exe 796 identity_helper.exe 212 msedge.exe 1184 msedge.exe 1184 msedge.exe 4008 msedge.exe 4008 msedge.exe 4008 msedge.exe 4008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
Processes:
msedge.exepid process 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 832 firefox.exe Token: SeDebugPrivilege 832 firefox.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
Processes:
msedge.exefirefox.exepid process 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
msedge.exefirefox.exepid process 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
firefox.exepid process 832 firefox.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe 832 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1368 wrote to memory of 388 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 388 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 516 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 4992 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 4992 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe PID 1368 wrote to memory of 2428 1368 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\HELLCARD_v1.0.240417.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6fad46f8,0x7ffa6fad4708,0x7ffa6fad47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=audio --mojo-platform-channel-handle=5224 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=video_capture --mojo-platform-channel-handle=6152 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=collections --mojo-platform-channel-handle=6636 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6696 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11921877432956124570,4317813489201406097,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6168 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.0.350922190\1652807376" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c5c047-624d-457c-86a6-32829dec9fb7} 832 "\\.\pipe\gecko-crash-server-pipe.832" 1836 1f73081e058 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.1.166158743\713603236" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2384 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8236773-112f-42c4-b0b2-197cf27a2649} 832 "\\.\pipe\gecko-crash-server-pipe.832" 2404 1f723b89f58 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.2.2048582038\378911122" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75d58b1e-5087-43ae-945b-975f572886e5} 832 "\\.\pipe\gecko-crash-server-pipe.832" 3024 1f7331f0758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.3.122230477\1704047074" -childID 2 -isForBrowser -prefsHandle 4132 -prefMapHandle 4128 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13db934c-8435-4b5a-a1d0-fb50370c24ec} 832 "\\.\pipe\gecko-crash-server-pipe.832" 4144 1f735ccbc58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.4.574133633\588043443" -childID 3 -isForBrowser -prefsHandle 5008 -prefMapHandle 5020 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {072f287e-9164-46e7-af9b-c37c3aea5f84} 832 "\\.\pipe\gecko-crash-server-pipe.832" 5032 1f737e8ce58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.5.216722313\1638054330" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f27d7f4e-6f43-4316-a4a5-d187ea7762ac} 832 "\\.\pipe\gecko-crash-server-pipe.832" 5168 1f737ed0058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.6.1763789238\32031027" -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead2dd59-56a7-494b-b7a0-0f891958cbbf} 832 "\\.\pipe\gecko-crash-server-pipe.832" 5388 1f737ed0c58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.7.397540965\1460368159" -childID 6 -isForBrowser -prefsHandle 5888 -prefMapHandle 5864 -prefsLen 27885 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {617c5d39-1dd7-4a36-928c-08adea3a00c6} 832 "\\.\pipe\gecko-crash-server-pipe.832" 5876 1f732492658 tab3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
26KB
MD5191cd87d59bcfbb734fca7bb92bbc245
SHA130514c4b000361fe9319ebbb84d5cf93b9b0a82f
SHA256cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b
SHA512a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD51ad69887ae03a2dee7d78d5197b551c4
SHA10b145df4f321fcfcd4280eead62fa10c5528cd1f
SHA2568e7a578fd7245bfc15a6a52986131a424fe0af43eea4558a65a253a8fdd2a50e
SHA51253050834489aed2fba6fb236e96d5ce239cef02264f99c0bbcc757ca9cc0c1c88a4180ff3c20f8c169d37ecc5f59879960f2716c980a4582b6c138da8c7584cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_megaup.net_0.indexeddb.leveldb\MANIFEST-000001Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
4KB
MD5bae80a3d5321658026fe9369c3ce58e4
SHA16bf11d17d06e3b9f73805d84568be2e463c4709a
SHA2568544fef7eb57a182591948383376b8449ab8e8a87aec09e940a8b015ac107387
SHA512b9e9a1de2a28594b0cbbf4bf2b647b62cd627b7458a68269f8657437244df78bdf76b640ec44304c3ffb3f5418e9c1899070c57afc453e4e6a3c10a11f0a7747
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
4KB
MD5a817c263e381b87107c6d2fa522fcdb9
SHA13917254ccdcba92574da70883f817b6a6db06b04
SHA25623a64fbefa7597400f99e32a9a076f6ec4c728147a610f29a44881868bd93040
SHA5128fd222762f697a46a237e6895501c61b5c7e2a3653eceea3f9d0ec1deefecabaa9bf0ef14f254386644a8110eb919ca8592a867e97bd4441d0c50d55ea2913b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD598fc618316cb5701ff15cf25b8e6ab7b
SHA1dc730757828b7623529d5560b04617f7a33b2bb2
SHA2565b259c77e9704d5c79c6c57a88c37b7b658159473684f00771a3d7f28c177e19
SHA512a6b2d807b19a9eec03831bd7245c95b97a56eb510de74e0a33897898bd124398ee5a2a5d299b57ea190145895f073c522018a4736ccef508de10ef336d81325b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b423bba1fd8939ac676bbbc58147dd68
SHA12cade9a51bf2f459f0646a2611e752a7d29225a6
SHA256fbff7f967c2d7900c6ce22560903d914d36dfed478c8654d4df1b5cb8b61253e
SHA5128086ebdbd08f745161c5ad312d4edaa2d7295487dee803d9b7b2846f02500633b232256cb26cc1da45217ecc1eda033e93095c9df224546a57a8d7cd13add7ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD577815c188cd860d1ddf67eb35d077e70
SHA166f5f767c5908083e1eab11840d75d5f8d923eeb
SHA256753f5c79d6b7fee125469bec80b6e76f5e12f93b3b024c037ba58c5d39ba7133
SHA5128c0b6ecf34f1fcb7f17e139afcf4fb842abf410987ff971b1adc389aa356336c2354144e948402717c6e0824e98aa27c12c66c6af16266c0de584879880d2268
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD572e488b2ca4f5ac9ffac66e9b80a258c
SHA1f439a1765a5224973429edcf67f3be0ac455c8b5
SHA25639c781507a57685de0d703f8f44c70b041c6233a5eb151eb160a31c5b65bd399
SHA512aaea63606920f96df2aa3482bd92c63c9a64a348a607b20a80f3f9bbd25c6bfb4867cd627e61ea281440609b1b0e23390e4e0a0a99ae0deb74c35479a14309f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5b204b470b594f1f89a6a08533bf650dd
SHA1f5471e3356a66e52687798f325237192ac099945
SHA2568d778cb80761b4e64dc078f300730b9f16856f1a8283770c2103acf1ae1ec04e
SHA512aad993025e6811688533229afe5fdc8df8eab41543b51ac67aa75c7bab63135580022b967fb8ea89780f693c7540cde107d530dc9376bd8e9086df5b9a67ed0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a1be55313918c85f2cd4ecf16e7867f0
SHA1a16af498b75077e5903791a2ce4618b0c4f65fbb
SHA2560d022716b0a4c4216979fd55c16ab50c376d2efe802bab91cc742495f6797dfa
SHA5122bc9f5d614ea456efd61c8a4550fc25939701db3d8411a6a813498a999c20f20a5fa193f815bd54d9377687966a20860a1238d391159100447ebb5318f9310f3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD513bc32d053e0df4de392e81878d9593d
SHA174803c67bc9bd6ffd11ca2053e07a12b7864b5f9
SHA25667cb3ca7723408d929fb3d9e356c582c264cc6f0a1b5e2c640d6ab5289c16cca
SHA512076e5dbfb60c435399a16225547e8155f8011abd02f77bb3597a58de9e7b82b501e5d177825d1680c73f7b1f93c221826a766d7afb73ed078c265016cdf303f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5853f7.TMPFilesize
48B
MD59e1c78d9be6b76eaf6b5654634ceec9c
SHA1d9a251c26e28e899fb60b471c8d6ba48a20389ca
SHA256391ec4c56a6ef817be2bcfff05d9702b685200ca543b0cf85a398e58fc1e4912
SHA512efaec7899ab70ef686627196c06782a603be065a422b2170c17f3a0dc079cd2ff24f4d0ba7abd10559160876893b8c18684c94e436230dacfb33f67c205cbf0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD52beca43a4065bf7cdb2b777b2260b0c8
SHA10cba0b3192c9a3ac47ee1b69481598bec430dea1
SHA256b1b64f02d0534fe69a3062c7181e95cd13e17df634e82a4d2c4eb50580010aca
SHA512f435c260fa3ebf07d3a8768a21a1440db4efd6a6a6878fc18aecc0bebe7f70a9caf3bf5bbd2f556605e8963707a0383cef3c784cc01e5e2d57760a90443837ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD55f7d7bca3280db113fbbbc3bdfd58240
SHA1b9ad4013695a54580faa2ba5978090c0d8caa582
SHA25627c2b081c08cb35038af7bf84b459e21cb893c98f6e29de4f444a565a56d8c5a
SHA5128f2ed3c0c177a0af8ead1a988a1a40d0c8fac754ad3955706e8a03e0d72b98a8719ed5240f95dc7f3b4f26e2fc82c8848ddd7137b2c80cf3ddb906cc1fe858bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5d4b57a865776353b4a8019f7ddb57a74
SHA1284a91647ae5c38d5d8aae2e94e4ca957cfd8df7
SHA256b6527bc7532ca6acfdee3cdb25f5c388323a52d338709adfcd6f7c2b5eb6ead7
SHA5120bf96a80082654fb5e04f79d2fc5323d066ae037cee5d44e220e09f67d7fc7dc022b68795eb2696472825c3311ae8d9e1cd3de60b134c26f39df67f4d65518d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801ef.TMPFilesize
705B
MD5da4faee00f45bd9b603910daaffcb2ad
SHA1d8102e331b97450ae607a924ecda2677d30f829f
SHA25634261fd0d665c824df854e04b2f60546c9f179b2f9dec99081dadcc6e7fdbf71
SHA512a60e405704a99b7358ff6d52e7c0d5b8ea70caaca729201cc90f497c209c382534885e694629256c10d4a3c872ef37ba177f09ee17cc5af512f98826b0197c07
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5794569300621fef91e2a6a94a1e35282
SHA1155b6c96fc6d197cc4ef91ea26cf860fc9c558f0
SHA256740e9cd05851bd77bd05bd27649a86c22721055fdd83eb65689907198a0fcad4
SHA512ccd2bae7b4077e1c1c2a83d2c0d0eaa1763da149aa867f018f597420bad5fdfc216212672850e5423cac8aa928bbd293e5023cf88a26514ffb51760ef601e9ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a2e6ba95ebd3c94aea53e6df9c17c4e8
SHA1fb53b6518d8ca3b33026c0bfd3af1ff97f58ed03
SHA256515ad2e3cd0d14ed69ebd84c48385db837813077c466023c5776dd7270edf94f
SHA512cb4ead55974f1c33debb783b25c5cf24ec9897a37c96893500dd17f387a3efc8d1afa71da1ad92eeb44077f978418b851bea74110c6a4543ff41bdabc174f795
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmpFilesize
26KB
MD5ef20e2d4bc4378fef0c60fb00e3ab7ba
SHA1144e0f819a6caa18ad22d01b4ee7c1f53b827f5a
SHA256d30d8796ba35a0e6d3977117b7994f350e39761a079e477caa1bca42e52657bf
SHA512c5f7276a03b86542243c8972a45fbb9211106872853bf4b38ef6541c4b91372cbf6c807c3f13f288c5a6edd84d22011d291df3366cb75248accafc59761a6263
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmpFilesize
26KB
MD53059775e03d553ccec42943a5da8c824
SHA1059bd57bc4f3a1858ecb56f64dcaf256728136e6
SHA2565a863ce3976b6ee7f4b299fe447fd6378065029eb8e3b04a93b8f39b44c75424
SHA512ff7993f038cf96bbf81569740c46a1b551ec7c82ff482e03cbf16cc69bce71e28062b6f4bf74c5e864eb85403d749209886ee81e071f819a8c63b28ebeca5fef
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\E0D3A67C52092ED0CE3BB268B761767AF0A818C6Filesize
30KB
MD5385b3d8fd54eed7912e7d493c17b50ed
SHA154649ac929b966bfe9e23667e4aa19b331464b94
SHA2560bd7c1d99c5e238f05df6325f430f3e4547d915f207bcad05b651139295ff228
SHA512ec624c7becd2521e0f037d0b54efb57ca92cb50e821aa4dc5003d08b825d3fae0dfe92435a4ec58de02b4d01c66984d73ad52248a44cea3800877caeda07d6b5
-
C:\Users\Admin\AppData\Local\Temp\tmp-jil.xpiFilesize
3.7MB
MD5b1d88bcc5787c5b9e471b8f005ba7c51
SHA11419ed5e0ff5183ed94ef5f4d768d31f1da4eb2f
SHA2569928e79a52cecf7cfa231fdb0699c7d7a427660d94eb10d711ed5a2f10d2eb89
SHA5121d80d44c6c9fe965c3f6bdc9355b577339669e992c2d2b46340c8beb7c84834e132d722567abdd667817a6508410ee7badb9f9f5f72a4b418839de7fc51af54c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\addonStartup.json.lz4.tmpFilesize
5KB
MD5f6457350dc7d79f65cfca6d56badfee8
SHA105f03936062ed80f4d684ebf47b5e6915799fb31
SHA2563e4b4bcbaa1a6a8066fd05375e3a60b0d56af82edc41dbfbc1e1cad989de3b92
SHA5121bd91a72a48685a2e024a5dd8de438f21fb631c1b9d9c6406f390c6c5f9a403d5fc11ca6e8592ec4604938ec7c7f27db3f0f75c09a649f5128f6021688c15cf2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\extensions.json.tmpFilesize
61KB
MD5a43fdf1a9da313ab80f07addd598b61b
SHA1c7202332f8c85d406fcb7ba0419ce8e00d89fdb9
SHA2569912e71f217754940e0153d477ae628c1de0bce630725259f5b139c9687c1246
SHA51214739125f4ce54a6af183a8a3d72b118dcbdf367f3e607912e9ea979f9e7c04b514c768a010778e31c70035eb17959867d44999531e0289d5f4f888700030b71
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.jsFilesize
7KB
MD552823c8b9133cfe7ff78aecd650f9c2f
SHA1ab2e69ed2b81c5fd3ebd9bc753990573991babaf
SHA256ffc1e5a6050165fa0315cc749e0aa041aea6df1d2a33bf037bda5b2db11fe084
SHA5121eb601e5ea10e9932df9db9997e4c0407e8ad89bf7300889d9e33ee8140ed633f1ebf1eef5a0535e78e8174a6c54c2aa9010b076172c1bcafb5b7319ac897f86
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.jsFilesize
7KB
MD5d49c3eb836807b0e104e317aba2c608c
SHA1f179c07701b13c74623f1cefccb94a3ca098cab1
SHA2565b56d283ec3325688903cca371797a6cc7f09058cfb85e7e76d580760a313c97
SHA51268a0397a6d8b32e8d5ed3185158dc6c3bef6549e5ec719ff6e72c25bfb13669dc80d31aa658b3361db42faf1b3006cfa75602d49780a7acfff435ea0dce559d9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.jsFilesize
7KB
MD5cee34c2906ceec1fdeb8e5f13ed4ecd9
SHA18fd8d4d78adeeb3bc959988b6f7613ee3a900eef
SHA2560a0cfb181a9bb42d6d8d24951ba4114acafb62816cb288f46179141ca17ad624
SHA5129b2f18d6554303602e96a05018430ceb4314cfdec168def03eb62dd716cda0ffa0b3abd0baf764be850b301650f6523ce1af30182c3936725eba39a5f037fd5d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1017B
MD515d62966aaa30564e6a3f3d78a8c69ff
SHA1498e0e797d66ecb6cb1dfc144dc3c7c8123a9292
SHA256f1528b4ab51575868256ed9f59f6bf32a3fb54f9b71c209b66c2f940c09471b3
SHA512ead286c7fcee04092a6f33df07bf319946c1ffb7042581c589639d2c0662b9b644bfb68a9ce9a92d9d461e79456a85c83e50b95a8747568c44b49fcb70caaa3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD53c3e21104eafdf09627ae3a9392e5466
SHA11259ba7200e39ea150dc9b596171132864766a30
SHA2567b401d79e7496ac96fbaab8a7e1a80694a7e827d7908deb42ec5ae84c5f27104
SHA512e48fc433fbfc9367dbcac5a24dc09e781f221640b7be7fb411ed3b4e24a7872b90206243051fc7eec7229aff8970fbf0e1d1763b5ac1b0fff0f64135f11db738
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD59c0216143fb1697a8e9cc6527da6dadb
SHA145cd511a55e51eb899e5d1aefc2c59594c3d4181
SHA256c1bf506d9479d9156cdf72f44189c7fb662f9bda770cf465db408ecd84eb9d93
SHA512a827f742cdc852d89cc34a370a30473b9d7ffdcf14c4f60a369148af8c22ebe13f26aa166f5ff94af261835195f451889998513596768c1d2a8a6b204ef3a297
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD52f053f10ede4ebc15727acf668f9d5a6
SHA10767469244ff17814eabcd3958ff2c2155967065
SHA256af7a1ecfce0074f2502c8601b94c5ecf5138ec04362ac5ae083879c10a88781d
SHA512c9a38636ce42259f8bf7371ad40b75f43c08a7b8b36efeb1a8d38f0363c2d6c23302cd505b9282419714eca79ec17f497d92d7cc1acc0e042ac6ae5552e14d5e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5a7d2e10aecc4a96c0c7fa1d08b960b0a
SHA13373d4168a50e3e2970fa3bbce26aa27bff9e331
SHA2562a0c1a0f1cfb286629092776281b1befb11f86c1dd584b6a783b48426051f910
SHA512737996ed5467db3ad2e6e1e0ccb6a41a02eaf7551f85386bd0960f51b48fd70da9a3efde016919f8cefb68f504d85a14d0bd2414d6f0c01468da5304b5539055
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\default\moz-extension+++6450b375-eae9-4a14-a1d2-aacf148ed162^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.files\4Filesize
1.4MB
MD508897197afd30d8fd41238107973d3ed
SHA1d3d3c9e5417c75bde0bbeba8e439e382871cd126
SHA256da164f467016b5214b4a07ebd040d3f66ebe05260bc05a770dfa5a945c5f5f07
SHA5128953385f2351bfa31e700dd5534be77558fa001982b7c64c394465e1b363bce61adca09179d7d1dcb27ec88db9eeb8a2d78c014bfebb53075414a4b5be551f9a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\default\moz-extension+++6450b375-eae9-4a14-a1d2-aacf148ed162^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.files\5Filesize
1.3MB
MD5f2e2ba441fc02f2e7a61fa4dc87fa701
SHA1dcc14b49a97022b74902da6a72ddd3e431fbeb3e
SHA25616333444dc15903053150493118195c89e3b762cf6d337727d5abb9b0f4dc576
SHA51233a4f675f73b3ae6e4359f10caf0589fa13a21251ec836a46562963a50b835cab9924df6ce3c1d9aae92c48b3d17cceb4971ac3abd61ff49e3f836db9f1d6921
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\default\moz-extension+++6450b375-eae9-4a14-a1d2-aacf148ed162^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.files\6Filesize
2.1MB
MD5e322c5487058a560d21b7540dc361aab
SHA1c0d6f05a10231b414b84e3473bce807f9020d818
SHA256867092dab41b2d19f81c42232f3803c5c8dc000e1ff90689ae86085b94d74650
SHA512ec9122c97ab510886599dbf97c1bcf101dfc539120190c7c22eeef0d25f3f1e195800574dbdf7bef0de96bed0c0c5f13b5852c72d98378b7188f1680b0dc22d3
-
\??\pipe\LOCAL\crashpad_1368_DJEUCBWJHAWRKHPUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e