hxxps://mtstmta-my[.]sharepoint[.]com/[:]o[:]/g/personal/romane_feuillerat_mts-sarl_fr/Eud2IT12INxBoAU9qZLfPBEB6rccHi-pQzPxNbwxIargxw?e=UnpDNH

Analysis

max time kernel
282s
max time network
283s
platform
windows10-2004_x64
resource
win10v2004-20240709-fr
resource tags

arch:x64arch:x86image:win10v2004-20240709-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
12-07-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mtstmta-my.sharepoint.com/:o:/g/personal/romane_feuillerat_mts-sarl_fr/Eud2IT12INxBoAU9qZLfPBEB6rccHi-pQzPxNbwxIargxw?e=UnpDNH

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652744164042862"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
3448	msedge.exe
3448	msedge.exe
1776	identity_helper.exe
1776	identity_helper.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
4976	chrome.exe
4976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeDebugPrivilege	3408	firefox.exe
Token: SeDebugPrivilege	3408	firefox.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3408	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4504	3448	msedge.exe	84
PID 3448 wrote to memory of 4504	3448	msedge.exe	84
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 924	3448	msedge.exe	85
PID 3448 wrote to memory of 1772	3448	msedge.exe	86
PID 3448 wrote to memory of 1772	3448	msedge.exe	86
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87
PID 3448 wrote to memory of 364	3448	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mtstmta-my.sharepoint.com/:o:/g/personal/romane_feuillerat_mts-sarl_fr/Eud2IT12INxBoAU9qZLfPBEB6rccHi-pQzPxNbwxIargxw?e=UnpDNH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff641946f8,0x7fff64194708,0x7fff64194718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=collections --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,11491917854546777173,6124507192995500579,131072 --lang=fr --service-sandbox-type=collections --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff51cdcc40,0x7fff51cdcc4c,0x7fff51cdcc58
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4384,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4088 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3420,i,13245775798684888669,8556366699469271061,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:2244

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec92b871-2942-4fbd-af2a-7a2b4c30e193} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" gpu
    3⤵
    PID:3076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7fbc2d-1444-4111-b4c2-62dfee178576} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" socket
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3420 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f754cc03-09e8-4ad2-8fa9-f6cb818f7271} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4036 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a43713d-4035-46ee-85e4-3ff65994f5e8} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4288 -prefMapHandle 4680 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e8205d-4b81-46b8-a5f0-b38809b737ef} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" utility
    3⤵
    - Checks processor information in registry
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 3 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef9af90d-6e6f-46e7-a235-5abd6bc5c7f2} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5696 -prefMapHandle 5704 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b567c2ae-2846-4774-ba26-b24ea84fa4eb} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43ee638c-6ad9-4791-b7cd-5bfd81b4601e} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 6 -isForBrowser -prefsHandle 5992 -prefMapHandle 6000 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5c3112-5a6d-4df2-a673-49196ecae1bd} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" tab
    3⤵
    PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
43fca3850c576b0558e95172f0614051

SHA1
5dd80e6710e68b7a58102cfc699050f59345b97f

SHA256
08205e3bb96d4d77e95cae592caa96566136b5e4fe836292b6b08215fb4a96a9

SHA512
8e1bdfede15c093f47980d59628de5d1bbd5e90a4c629bda913a34a2601c7bffb4dabfb66b1928112e81d0cc940c759dced35ffccd6bf71817e2c90fdd1df4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
57d5d23857a7db7eb6671c4488bbc37d

SHA1
94561e6a3854a2be43716d8f5cf8b2e3ba45f3c9

SHA256
641ad3c19ea525d3bcf20fc0cece66f806404f8d3f8d3c84484fc1621341b7ed

SHA512
cefccb993d5359ee0fe1444a6061278cde6eee52a67aec9898eabd1a2d8d7ecd69ec68d3cdb083f04038a2da8a180830c847dc6e134f07438c0a8ac17733216c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
640ea9a39cce46af6e0a002b09404283

SHA1
c80cc797d8000eeff7a62a30d81af1089a935bd7

SHA256
0c5c9456e8493ff5867d36d10ff360ab722feb30f0fe1d6a53d6709da2fad240

SHA512
b3bd67019ca54a4187cbf7bd3cea7dee736e88c1197125f3e655885c825c497b8e6da6948f15aeacb23e93f496e472d523ef4640a695dfa65ce54e5596763730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ef8a0fab527d404816df49dfad94b8fe

SHA1
bb767211f2d5a0a1b3193d25b6b0cf0fdf642d62

SHA256
09c5b25233666726ea471cff6447774bec3da7918c43336a82d4624800ff19d0

SHA512
decb937710173d4f7ae4c1588148cb0263dfdfab7d21074fd22e27c0f46901cca71a05d27f5e693f38392cc78b15dc0d43fd281e42d1869210bb140c76a08f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0595571d111598a4e454e8ccbb72f0fd

SHA1
fa483e17ee242d7e9991ab9945f2300da8554bc0

SHA256
b6bbf1347e95e6491f66d999be2098403f9d688033fad5b65a99953585117fd8

SHA512
04d364509fd8aaea067f4bc9eb46708c7f336b4d686a2a4d22acf182d8c5212fd3a753b62064141c1ba1b22954b3ee1faf783e5bec610b07243544f105828c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a2a2db73a4ae3690d0da3c77329e74c

SHA1
09fbe86f6ea933fe4638e481700dfdff74a1dea6

SHA256
265fe28945c8f91bfbf1027829ddf8626caf209d918ae5fcb1d5e6383bbebf5e

SHA512
56f7ad7927f6a0f2f351fb7f1f594f1bf000ba689a0e9b2be58c7ae3591399a904e33f251f9291424280c917b8469c2a0f25160bbe0ee756858a395e39a1d86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
8fcfa1de91d75c712d2ae74eb2606d06

SHA1
ef571d3b8931ec8f632560dad789d17a851b975a

SHA256
5481053c65b2c4ca3d4972ee5479165fa6aa9e4f7be106ffba2e10d382c166cf

SHA512
9a5f24f1101a2c835c80dc0c0c79d5974d355fec9e68f7e2b45f722e21675e299532f288736be178436c0a3d1da1725ebb2d88aab5e9da36e394cab0d24174f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
227d129ad51aaecd25c64574048a843b

SHA1
e1fc90f5395617ac57533d5489f5930322307d3a

SHA256
6bd5affde66aced829766589c33be86ab757fc1e70218c2730f5603c654f3ee3

SHA512
60f762863f590ac5a5d234d29f7c3ab6b7414db4093455a7ff1201551f0786c9d6d0a5b8de47791426959119e5d8e50408d6797689cc87ec2b8fcae80bc00047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5abad18a919e794312dbf808848175a6

SHA1
ec6de49c62fde36123087fa357368a0c1e05d310

SHA256
7ebd589d8e9c5e79df588e4ee07c992d72717f9633b1222aee967b880101b315

SHA512
47f090e0ba226f6f710d2ab098cb9ac28f1255b46bb94460455d8699390c65fb0e3b9e8d8ddfe0f0aaa36a37ffd6b6652d69695fa5ffc4184c540d51002f0342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b6565fe3723f475b3026e087ff60131a

SHA1
7df364b05e942081464b1a18bcea805ea163c6d1

SHA256
d3f695c008d48c3e0cdfff841e16a9c89422e71a3188cd8d421696451f4459bf

SHA512
623b535e841591ea379cbc097cc3d887e79ad37e40b9c9093875d2bbcec4d8a8e87a8d270a7172d95a1a44b774b67a5613e57a1f02361e3c7d0b9b38dc69342b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f2af5f03c770929b4d891af61ebdd23d

SHA1
36da19d31448ce977a198018352892974c84cc45

SHA256
c73819b72ee0a6cbe686102b0e20859a134406e577b5dd836e7051a92d314482

SHA512
7830f3f5622a05360cb626321c8cb43222238e4ef94904ae0dd2e558f836e4172cdeb9b5b0a5092716bd0cc1a3a4538b8e8c43a9f5bea075366aad8456616dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90762f38acb442cb5c441e8a15b9f799

SHA1
724560f3c9e72ec4ecad0dd310886a80acd84544

SHA256
b2a5ec93d2c9e0baf124a18c2b58d6310ad8ad1a83de45ece077d3f9268f4610

SHA512
9419f81cbab72d6af1e871d44b52fa8d6ae22286a630ca6e75e928ec1797338b75e34e6ae90e1dc0f2baeb1d91130657689308f16bc8ce8f604363341b4d6e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96aca8be8feda6552bdfb0745ed6faee

SHA1
083f67bd0eb8ef0bb240b3729812bf66f44db648

SHA256
f493f3c7240ce87a73b296040ecf5a6c4c0416ec16fdf60a81aa73b770493a0d

SHA512
2b28d41f8739284eb2e44b8d6c33ad40d96bd78bc155156e03e59b5ddaeb9159f4f2a14479e46d70773ce5f85c3db782ba9607579bb4259d4cd84329bc40e607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7528d2b558ebd7d28c4aad7417911201

SHA1
866ad49ca8868deb3c2bfed0a37f168c07a784db

SHA256
3060dcf3735e85e015d4d3d6d07cfe50438ac789ba5798513aa4ae91d025e832

SHA512
8e72b8e964dc390dc8037c02313457219b02941aff151dcf93764b2a47d0472fc7641823ebcd804b7f6d8a6fd2460b5c3b9b6fb3b61236318b287209abbda9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0acce8820b18f08200e588efd0c04ff2

SHA1
6a9c6ec673e835a0ee97ce38c1f7cd10d46389ab

SHA256
b671fdcff3bf92caf25ee9d894f716290dd1c575e92e178399cbaffb538904b1

SHA512
e69b875e197b85c0598740ae037441be67d2be06a796f2dc2405a3495ade2c305b65f2be9a908c836da7380da3e5ab259376fbf87532c7cb70ec8e6efd368783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
43515864be63daa2c4f7f0d54f48179c

SHA1
b24f735df7ad52182d403740264a7ab053f0d980

SHA256
a13d32cd4f9d4055bdcc83e2aee775a7259d6088e0c6d8d4a71469fdafd0d1af

SHA512
c68afd9d034263cadb7a110228c1015c6f90fedcad6c099b6cbea06320a53c76686817d7c64b218c15609ba6d1653a7000e18b944a71c5b3e3c6f0df92a4da5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
121c602337cb3918062ac9daba2f43e6

SHA1
6efb76622f5373f7902281d0b6914bcf824c2f4f

SHA256
3a632f8a2b4a8b914173f6faf9e7b563bf2ffe20b1fe3c16210121fd98b834ff

SHA512
c2dc06ed75e015b992ec628b0752ee39606ce844dab8aff9533ae7597899f3d4d806bdd2b614b5db0e75ace2f8861afa20dd11f1714e35489f3c3b521777863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2715821e4daf617ed849e82b1adf839a

SHA1
d5af0c20f806e68e86652801623310a4f8409656

SHA256
15208580c76f3219dba2d386fa0413a47f5cf5aa005cc66891887e21ed3c4de7

SHA512
c7d33131af62e4a37193ffa7c5be0775f11d8630240d7fc5c981d25c8332f69b70608a91da3c6febc970ff620655d57a5bc99857e7450d4f08783e6758c3a5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3b8c97916c11b0ed581a62cb00f8e617

SHA1
3993fa01738c000381d6125d3b5153fba8135509

SHA256
67918109135290e73facb87f358f5f5035d850b953add18e3a134e8ef769d532

SHA512
2bbcb3af6ae7f1150f353c00e30d12c8ed6647a1fe020ebd4833ce324405bb6fe42357da327f1f812076a83e0166714e370e89c0d2cfc235bffcc6c4bea20e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9ea409e1bfce794308d8a8ff2e34bd40

SHA1
9d00b48714f617ca8d8802c5d18e409e919e9146

SHA256
4b1ea2e181b3272c3a5d7058603252a98033a7730793efe7c662910a5b4f8c6c

SHA512
064b3a560611097ad062457d98bb168848edb78322dec610c7fcac9c178b3996379fd16c22b735ef694934576c492b466dec13f2a38acc1d430ac8729ba5acbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a41257b790dbc2a8db1ff7f3c57b6365

SHA1
10d7b9533a5cd4fbf2017385d69515627dca0753

SHA256
2bf0b820d3c4312b6dc8c1301aba941b5a6d479e476afe40ee1adbe524bc1a18

SHA512
d523116fbde0d02c8992a69d7ed2170e12bd25826dc04d7930751e897006fe39d991519669b73a6941a7252519099b4d5b60996cc516bd472803a3228e736900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5e0ff9d73bd62f87fe007ad41cee41b7

SHA1
0062fa320805411a67fb5a7419ff15e88b87e7da

SHA256
60850d861839de8a0696db5dc2a3a771374bd8e694688aacc8e22ab856a5f64a

SHA512
ed9afa1607ce79e8e5065c53c90d61c5109f6e7c3a9262561d5487af3010af654771dd92130bee67177194b330b52f5e6e4e4cf3335fdc079bcd5df9136d5bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a25d4c67b1cdb3307eb5a0e026c18b38

SHA1
af4762d546f98e019753be327495d1f4db56e2bf

SHA256
69a75ed56df1360853e364c181ecb56b7b88e10ff0d8a1d65b23fe0f44465b6f

SHA512
b95524205b8929cf7c7b820c1c784c497a66a516a446349b512280593d08f05cb1b1521a44ff75f7cb350ddbc7cf98867fc18e460a16d328262be88adac4ca3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4a6ea6e533c8567eafcbd330b45767e6

SHA1
d4ef972032eeebcb21cb670cef7f1f5894e21bf3

SHA256
7e44ea8d3347c65c1aae19d06b61625e4120f906fe978b1b4ef517b4987b34dc

SHA512
f3ccfd6d269de0d74cec22933e02ca802c4381f75f08c2d9e2feb4b0f2236f22f7597744074b160ed090b44175325f6ace90503d7861ccce5eb05b009e157fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
346d904f499ebaaf1339d2fd0c9fd3b7

SHA1
d592c8306b466c234cdd6d0dfc95982a126a5b14

SHA256
7e417c5d3e2904d06a91409d9842a9a33d7f161b49ec6ca3966eabde622b9a50

SHA512
479492ab501eae071afaf5bc72ab62ab9a773be9af86279be59dd92dd7d0cb4908f3dc8a9169058cf15badcb1c306782025d07f4f4b08cd58736d4c65f04dc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb86.TMP

Filesize
2KB

MD5
6ce93e2528a1f6ea481aa728cb2d6950

SHA1
96366757a50addaff4e8efa49abb74df7f95c411

SHA256
6b1504ac48b2ee79a581e5fb63a490cef9aa705c1f20573335436680302e9f90

SHA512
d9df190fd3fb67e42a768f95c69eb009507e33d2b607798c24a86873061cbe6b8ebfbb881a8ecd4ab385ffa1ba99cff17c1f8fb9c6a8d8d24b38b18f52f747bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fb77f09b47ea1fdc7f3921d44c8b541b

SHA1
8957f38e45e0d67046bd2398dd739a7a4ab7ecd8

SHA256
10c0eccb2fe19b61d07831d1a676b0862f9d58f70e0c76a796b0cdc989a21202

SHA512
04c4e8ed0adee5e06ced0662c2bc92c72514da08c86ab7d7cdf4571a2a8ba423dfb093e618c91561a88363bf4d34d9a16ffc86381ee3a6953832df18d9794e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff04887bf8524e9824481c8fe6428a28

SHA1
79a4c176e5a1736d482a1c55a46d193283bf86dd

SHA256
1c74605854331dea70cc02fd1003a4d1741df15c1f823d2d3023b1915f264130

SHA512
6a0c30db52b6952fa229d3c2e0d5ad0acb5acdb9bdb97180af0860a0a2a203560a0851d66b9de5ed409d9d23f275993a79034d504ce92f6afeac2190b7a63a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f36be6e8a380584d7b9292af9a6c7829

SHA1
fa2608c2d1b89074fbe98ab10055745093bdcc83

SHA256
21ede23f35c5b3fa67e705a1758aaa26aedfc4c5d180e8097e8ea20d3a184f4f

SHA512
5a6289d525a3da32f0f4e6698c92ba868e0f0fede7db7ab4d0bd4ae35719a4e570307edf6e0c754ebc28ed7e5ffa6690f6fa36acac2203aee82f9cc17a8e2109

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
8aea1fd79b73b53bfcd8371752783ad0

SHA1
ae2d82baea3b843e220b12f045397f7e396981c0

SHA256
0f68745f9e6bced4fd4185ca8e8277881bb0ce6049941b3739368a4c70ec0842

SHA512
a61d159c91ffb60d23d1ed47ec1a456828ed9ab9b734cbb7c984674eac17bb4aa46021b56afc20d1056f0ef149a82a1a92e466e19d6331212e05ecdd8228f738

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
7KB

MD5
282756d3ed7051fe18e4c5b07cf02395

SHA1
9742005e0ede92e4d9f98f84522857f5ec103219

SHA256
fb557af05c78cf850d76ec18969ec291e8c206eda7dfe55ab1a215e6b00ca656

SHA512
1b60a07a22cfc119ce2d6bbb34725e57599a05ce39a7960b0a75e234e618f8e9bafa6675cd103a0bc45161328ddc9e2483e8a7b5760e2efa771249034d3d0657

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
10KB

MD5
200898d79d02f278af31384434be5cb8

SHA1
0f957c578145042d0abe924fea29fafc78f87354

SHA256
dcf2240749eda36578947b7bbe96803be6206de034cbaaeb9d0f5dab69766413

SHA512
7236694d87b0ec143e5a32cd4782f9b2459f3458c0fad45ad18bf455516cefc0ca804f9a1662bc395f1f9b64eae0b22a0ae1a6337b68974183b0da8670c6e538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
465c0a9a2ea2daad30b996ccf7438ebd

SHA1
5e1d868b81cd001502f69995d5a50462ab6ba45e

SHA256
2c9b06e47affba87c0f4f59b337d8198ee8b75106bff160bb0d0b04e3e29a42c

SHA512
f14476100a549a255c64ff61baf3a061ed346110b5f3fdfdc78b48740c85355398abe665468290af27e019f2edda984927533651d2d19fc1a1922582c0079d43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3c9300ef7d0c1b8fab0ecb167ab09407

SHA1
487a54cf5530d9d0b531ae2ca92cf88bd89a73d7

SHA256
6d109b78bce94e48670901458a760464e66badb564bd178a8818c4230f7f6f1d

SHA512
dceebbc9ddef7eb8afa1e97a58c2d60be22174534647580449ecf4fc32afa2cf853d487411998d531f73ce389081190b6d51e5bc5ea3f0d80a56a2d41a53832c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
489a2db44f5c8098e45bafef5d9d3f2c

SHA1
ab7d66fed0f150f9b4877ae8068ea21e096502fc

SHA256
c7aefdd59e160143c016b84f33de06469db86a1927b569577dd3cc986edaa94f

SHA512
3ab213cf202191601e33524e2f6fe43fed9c8aa21f25bd2f7b7b0c4f892411b7dd74a3e56445380f1b1ef9f8d3fb980912e065cf885916c92513bd77d22ddb8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\246fdbf9-0896-400a-ab7b-649fa190314a

Filesize
671B

MD5
a6205ed43d43954f537d93c043db8ad3

SHA1
5586eb71749ae18e8a50e7d6ef4cb8b3a7131049

SHA256
66054515d79d072792abb3bc2fe236514739f8b9a5b15bebd245c4f7b21cb407

SHA512
858c2f3a585115404c97482dd4a75e8d70c6d45d32ed0a132f1eac72771b79a5596514bb291a2a3a597da3a6ec1a4d0d4be29ab9b8fd24cbfcfbdc42a5dc1f5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\66918694-b7e6-4691-a387-73cc3c383839

Filesize
982B

MD5
5e4e46971a34c391c5d673017dcc86cc

SHA1
3c0634a82ea130dcae4e42ff7a463a47a6a523d8

SHA256
8cd6a6e84cf2212c62d779262f4f311db941d8ad5e9fdfe165239a2e02188d72

SHA512
b18821e62e0e52c1070eea9ce4ed9e2be3821f76fdf6f5d33f05ed5a4d4833e58a65f868b0279db552b46eebe5f5c164563a816850d2dd22a4d871ceda209bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\82a75865-4ce4-4efe-9980-63478132ebd9

Filesize
25KB

MD5
0ce6fe95c4decb17d65e722dcdd29cb0

SHA1
69e5851ccb645155b351a3a162d3b7ba3328d2ab

SHA256
b67de10b73378ff424fcc56499666b92ff40d8f624b5f0ff9a6bb392e532736d

SHA512
9962647577c374fc8d497fc490987fde216dece070f861fa94483f0257e8ad0fb986de349cbc3dc023788154dbb8632516276dcd621d237f12fb69126af96239

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
12KB

MD5
797bd5900e1da012e2caa70b4a9325cf

SHA1
7581fe58729974bda845ed8e5c87b51890f929c3

SHA256
1909407794fc7dc0f44883386391c580e70b1b54f515c39bfea961bcc980d2b7

SHA512
4481e997dbc2b561f635dc0fb6ad3d92b5b69e353465f8d41dd365f69a6ff734db8910ff1280139d9e13c6e3336252fff0fd52894b3f905088dcff7d43299f0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a4678960b049b72eabb00b1f2ecc7539

SHA1
f8933fdcd4c6354fa017511bc59184c75f6a027c

SHA256
2979183deddb3845bbd6940101edfd9b511d53bc464555af490d9fbf994f2b92

SHA512
1e4afbea0a30124a6fdf0616f0e7a0b882716714267dcc600a9451ba6ea0baff74ded7f3a9e4603131c51779c045ded805658776d21a192e585355f9fb6c25a8

Download Submit