hxxps://discord[.]gg/es7

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.gg/es7

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	discord.com
16	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{A0031B91-C26F-49E7-BA06-E3F8120B2BA4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
1660	msedge.exe
1660	msedge.exe
1776	msedge.exe
1776	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3216	AUDIODG.EXE
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	3008	firefox.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 732	1660	msedge.exe	83
PID 1660 wrote to memory of 732	1660	msedge.exe	83
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 4652	1660	msedge.exe	84
PID 1660 wrote to memory of 484	1660	msedge.exe	85
PID 1660 wrote to memory of 484	1660	msedge.exe	85
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86
PID 1660 wrote to memory of 4924	1660	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/es7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2db746f8,0x7ffd2db74708,0x7ffd2db74718
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:6564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2308
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {948ea8da-cded-4032-ba73-60d584f08aae} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" gpu
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9626b4-95bc-4825-8982-59c2e48b7f58} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" socket
    3⤵
    - Checks processor information in registry
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2684 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2820 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9d9e35-79d5-4587-8d27-9f79aa859d1f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 2932 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ffe9d5e-a40f-4c84-8efe-e0eccc3e6b04} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90cec48-592a-476e-ba43-235a1b900010} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" utility
    3⤵
    - Checks processor information in registry
    PID:5640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 3636 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62daabe-2a45-4dae-98e4-da13fed49833} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab
    3⤵
    PID:6516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8914ff2c-a856-459f-865e-046e082ac28a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab
    3⤵
    PID:6536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5612 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0702a7be-6516-45d2-840f-2646ca64cad5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab
    3⤵
    PID:6552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e1c3013-a580-41f6-b1d9-11710c86545e.tmp

Filesize
2KB

MD5
e27e877fee0c54d989861a00e2d437e3

SHA1
5266d751048cc86f35b9458fc4e21643398e67f8

SHA256
64a6002ded90a4073cfe625f58db1e9ca2c80682100d32ecd36df3280c1e6f49

SHA512
f4dcb34a2bbb372b4bbee34d3899b65c7ca6b3917a06badd23152f3ecc37398ac0953ae4bd8e0e1860c457d8d807df7bec95885f3fe82d9986951505a55b058a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
879a8cb1cf8c672fad9e1523785e8428

SHA1
5344dd218d9886427cf23ff58b78a404b3eb785f

SHA256
bd9786787ed13d30f31ba73b2a87bcccefb7a75d662e21be7ae0b04edf03943d

SHA512
a2e6a87d711282d6a2a4bc865bdfd6b1e51a0ce20db116540185f8182e64893e2bd439ece2e2254bb3aa3f14a5ce1b51c077decef000b5051a916a4269a02dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9d6b76b00c1a6f774f4851b4373f850b

SHA1
ffaf2db3cd91c803a73eebd86ebf8764489a3d51

SHA256
1ec7fe8a03ca1e5cf823837b39530b5d852e8bed7f1747891884eae764141ac6

SHA512
2f331ac008c8fafcfa972cb69d84d477b7128c38a0d973176ef1b07de1550e9fad7c0b67545edd3006ce2fff8f4ab41cd771680dafe3479710c2579b76fd0390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
836B

MD5
0a1f48651f6f6bae47959470580c33de

SHA1
a761a248c98e810c70b4f5b252efa60be9ba72c4

SHA256
117a26c399e644846dc61572c63e73028b2f4d7610e23a97af6941aad88739ed

SHA512
9afac25e4909506c5792bd0e9d402c4a0976d3125f9d08be97411e09c910022626dcb9296932e37dd945b818765db0ccde06ffe6233ad720a5c033e4d10c3ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08da5f2b2460239b6668aadbd7de98b7

SHA1
f616cd036d7fd6bcb83fcafe6c9a1aafbdb4e602

SHA256
b6adf407128208b3adf00b116e5f1c71275aaf88628fe00519359af1bd483eb2

SHA512
fa8e7ce9660b327b339324ecb1586cb83cc65882072d89c2b62b726954b02b306ce5e6434bec1c6df56a32531836bf44e4e42aff1e719f5c342f2c9f5fcd4d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8044a985a8663bb6638f8218d630ef8a

SHA1
39a22bc69ec2310889f5210eb56da2340c463ad5

SHA256
87b6a20d9e56866c8c6c6d89a55132a6c4b5b3c375bc45f8e485a21bb0be8cdb

SHA512
2fdced4a0cb3bce63322e3a460f77ae4c8e0406be0c8451b4f3e7c55e96ba652a0356ebb6a3852bfe5fe38496178fdbbf866b1adab9c68a92ac73911728f90c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ae4330e2f8f48d869af1e7becef921e

SHA1
76fe6d18845fd34c3e6e025fc5e3a8ef4a131bf9

SHA256
5d7e009835f817d820038bd17132a65555642d000828f5cbe0db637a74987ca6

SHA512
232c30f592d4b40500b7dd9eff6593d6e362e7f94b7de60689588a80f67d2ed6901728dcac202a3ca9070128fc918c4bdca8190fd6e17d0c041b847a1e8b31b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5947ad9539c6d35d8e028b38f5cf7fc9

SHA1
02ca789f719c33c4be1f182b8a712c114aba2828

SHA256
737982b61f7b7e4891291c383fd6c0073f95d01de14f570ac1e405363546307c

SHA512
10e58e8b71b31e292147212f5cf73c4ffb4b6c7e11cb40b845a1f4a003c6c62c4b6474e553f1c78c9a1280a1dc8b71c2f7a9b2dc04d282471b6cef190dabde18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b939db50a3517e5d659b14e0067eadd3

SHA1
23657c69883230bf610c43c0a4a32508ed137eea

SHA256
78c06fc97e6c46a093f40de16e8d43f6c4bf7585f063be70d276d97b99f8f1c8

SHA512
09e161c378ad406fe5a9acd47cc55949f74d06cdc6d5bb88d822ce7981c19f020ee0cb0b25236640c30f04882bb757a77dae0c4556431ace4ba2d4de6ccbebf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d17369aa3e4b4be92ac7d3dfc8ec4e59

SHA1
ca110033cf535faa4e3e4328df3a67d4c3f1b3b0

SHA256
f634056e490cb7f56fb08cfcbd2d26f07f3738033c7f562d44445f3c8dcfff1a

SHA512
d1d7d942a0a3769c975a7847a1c6097ef67d00ffecbb3e41529c329233739a323a2434f63a15d00856d1ac9738520af514106f6eb53e63b0caaa1ef81ea4a942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
664769604fe453d78f5c7fd86acb7fdf

SHA1
e2e2875d766416b810a9ad0cd82cbef75f6af19b

SHA256
8da9c494937755895a852b079b992aef39626c060e552a575d6cd05e5a557da3

SHA512
c6c2a05bd140353c7cfbfc03c77b12c06f0d6d59f6ec3d36f5815b8af229b29566e5248f68956459455a3a58fcc17e21b793c88e7b1e7135050163a9bfc0e45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62b9da56ddd686876f843265a3afe9c5

SHA1
d3c74c27436818c255b944aa6c982e521be29801

SHA256
75e82cad87bb59179d2822f1685fdc36b6272a0c80b7af206846b97ec5607b14

SHA512
6e45372bd1d332a15bda736971b2a1696a24bcf38b816d03dafbf5ff42f3e674887884b2456a0bfd2a1e716874bdc7b4fd1c2db718d28afa9450c7e4d72416be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa1ff5becd2fdafc188746fb75f2dcd4

SHA1
532f544827c437cf8a9657d565526d0e62b04e1d

SHA256
815bdca7b11a7587548d1551823eb61aef71486a3857e20ac9d923da965bf6bd

SHA512
ebb29b724ae5aa88095bc50b902d9f3fd2a6d78bc942db03213fa6a59ddfaedda7f1e063c8d89df27e638a04b5090d741fc571f33b1f9ceb72ce15e88819ac27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3d35895beaa3d42e988c4cff6a4d5f7c

SHA1
d204b8f0461682694077cfb0341cab774c3fa698

SHA256
e8e30d50329d7781e38f3b1debdb0e8e04c5493c53cf9f02a339a977d7787474

SHA512
3216a0a6e8fb3bd893b5c472a59bdf9be2da41c7c0cdab1395a84a51bf39c0c503eb3c8d0690695e615bba851a7d9156015df17dbac5ae67e1cce58dd625c18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68066f5341256fbb906841caed9536f1

SHA1
23b24e24d632ee18329a5b956c641c973da12ebc

SHA256
19248d15fd1a72bd621f3864d70274ea253d5fe5a7287214f3695f2dae67ece5

SHA512
a61e7cf613c7c5dea04f1eaf3535a1128be00eb218fe88b0400d8f588b8093af21901bf72a8faa2dc76f73f43dd6c6b45116e1c8fd9637c1348c869f2177c932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
60d56f16593627d40ff283ca9afaf90c

SHA1
93881573be64026f9804626ae1e32bc58437e0c6

SHA256
4ef94fd1aa439abdcc129c71fed6424abfeec6c9b4028166095b8121452f8567

SHA512
1c768a16caaec5fbbafa2a58f90d8e7a2683d9c30a79b7dbfaaec9041bb6ad0fa2a8bb3a463486be073e2da9aeb5cd3449aff743a14d0608c7103cb54b02d01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3f50e00d3505e33977da89c866d3dd8

SHA1
eaba9f9dbaa68737ed09f0ca2b55e2db7347d4ea

SHA256
21720ee43ad444a3f9179255d2cc86b67f4f5a97d9c0e79a2ac01119ee800ecf

SHA512
9ab0c55dfd5d1ef4b872bf61ca7a089c7adead15d7e92f176547f7bedfca777289ccabaff17969e6578751dd73a189d6d872dc81d3e984c4c265958b79525f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6d4a04699454c4e540513308665955f

SHA1
ce5227b6c47e24d2a4ea1eebc1b8da59f17f7572

SHA256
59c79b6d909d6c8bee2c175cbb679bdd06fb99ba127448dde7a95022306340a0

SHA512
ef1002e4410beb33a40877b712741446a8e33a93199e6e978022e2ae951397ba7d698e030f281343762da8fb2f04e2bd541d4e09113e9bab7a4b97330b49b34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
432fd8628463124241aba80bf330d047

SHA1
c8c3b5fcbce746d1de0e1d5f0bd3447dc9a8432b

SHA256
747d897cb791bed75151bb2d4b4b3a7274382d06faec7ad3bc82433c533360c0

SHA512
ae7f3b769a3494158096492b79e4d3a830bf28de35028e541e125530ec93783c188243478f17935044c54bbc6ae06709fca41f99cf802319472ec8ccffdc3cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bc30b8c52c2b77032732289338f5cf5

SHA1
09af10dde28acf3c8a62490365e29276c08e10d8

SHA256
3bc498e1c0aef9e07c947b5a3faac026d14a4f0b9dfda564250e8906fb600ae7

SHA512
c73521f04325ccd63290ba9fc068be61d07f2a62b01a64709faa4f3608ffd7e3f070c868b59bc2800a1ebdadbb0622857bed9035f6a07a7a94fd8937c77f4b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800d6.TMP

Filesize
370B

MD5
49acd0cea68026cf1299254c6f555f4c

SHA1
99f34b98c682bdcff6682fafc38ef2158f014523

SHA256
91fa32babe4f23ab2c92083193a03c8e91f59a4de80e5f82867dcb6b2b31ad0e

SHA512
6cd290bd2d5a1d79198dfbd573233b7c538a1176525b5eceec71c7fa60cf985e9c2b4dc29ad8923fef0efba1ebe1777f0d06d339b133ef66db986bcfd67d6f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9f64ded2ea49e14436d8709f6c9a4ed1

SHA1
2323afc382af0f3235c7c83a12a5b09f9104cced

SHA256
9d7baa1ef6d5939cc8ecba5d756709083a3c48f4390eb66dd2f175a509a4d5fc

SHA512
9bae46708265412f5d7051d3f25af398edb4f7f9dcc1d7bc39c47e6728cc3086862dd83db226367f67ae7b98f0b0ba9d4379a93190853bfea0981d19fb02297e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
88955510cebaccd5dd4648ad5cbddd3a

SHA1
e1f258b61d046f1308dc07a277c5c990209e56c8

SHA256
f1fd29319fa2dcc3f3918c71b4fd415b0e9f7adad646f0124f7a97bea797079f

SHA512
4374a09d8b2fb6040e7a949f01e836f632c140cfeee1280440aa19a8f8fc835584cada9066ec384469bfa39195ec23af9938c68360e20d348641be3a3f05714b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a1f8edee3ee7ca2d4c9fc64dccbca1bb

SHA1
fdf899d0a289f452071683d80566aaba5177cd9d

SHA256
e7472e8ffa12f680164d16c9d472e6c0ebd06a280561d8531c7641b15772428a

SHA512
2d9cbcf0b9a83ff69a3d7077083b44ab13a53c3dc3a2b9ec6f68ece5c27bc4f5fa5a2e7faa20086eda5a6aaecf2f23a6ffc539015412467ba8ac94b04f3a73a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e3fb862c39280427fe78260b70a94427

SHA1
502219c7c636060bb9a7448774f5cfc1ce667cc3

SHA256
91f89c2454c23fd93e6f7d1d2bb3e700b3f5d670a884664bb283312fc9808809

SHA512
e5426361f2a723eafaba0c7beaf14c0ee40590737a6bea5651d6b3a8a94c6ada1505f3e5039829fe1f52f27d49bb066bf8b9c8cba198b3aa0a1b1cbb3a932dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7f1f951e2c8c7f1a16634d1e3500b76f

SHA1
2f261d7f7661b889f830b5e1fca15ecff473d17f

SHA256
aed4745617b782296ce15ad171478468e05a8acf843a4e1a9a213335ca39968e

SHA512
3c184bb78113355370ed5c0074d8feb041b5a2c8171a593f7108b1d330458e6e420ab66efd34ce1cb7cd8c65e7eafcac0f7a8996b988340c9d758ed105de7873

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
67730c20bd8e3d496b0e42ee6779593f

SHA1
0ca69766c9188adabacb3329e69d42569f48f11e

SHA256
ee515341406418ea6119f17904b813ff2507832ca084624f5cb0194abe18b6e8

SHA512
6c5c91d8d5b478fabea7feceb5ba3d21b6e3552e5e5e05dfd69afcdff7bea6279100ebc1f9c581b2ba878e48d9abd7d5d7f60cfe3deaa17b9ac1b493b936e423

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\117cd82f-6a71-4f59-af91-e89b8055df4e

Filesize
982B

MD5
f91087d3c6d8fe08331fb163309a0b47

SHA1
9ef545c4cdff1bfc5dc72c6d21d8b137d5475c45

SHA256
cac9fd99c01c8a144fe8285faa86ca2b09706915513eba6fa26585afb014f437

SHA512
2595a96a7b6f0723e4ce861f1acf736ebc602483ecd55d5ead4ad917fd910abe5f21560203c10b2a2b6063a3ff00ba19d4bcf1b0cb42f2b00e74ac423124dad4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\364fdf1b-7d5b-4558-970a-37ed178084e2

Filesize
26KB

MD5
57a058c57289c15a36d7c6fcc6d55f08

SHA1
702d25b4c9f068b1c5bbf93938352155fecb9a21

SHA256
8faae7d588089342e97d1c6b4a43f8c865349e1a75e3f5eb89c8429589d03cbc

SHA512
a3f9cb16d80f7e35e7efea6851be77b7b30875160517cfe3bf3c6ee3959c984d2084c557c96f0e70f1bb763652cbd5696c67b637600b46cc1d77638b6a1e7752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\94e2c758-488d-4b45-ad92-2a71ebfe24a0

Filesize
671B

MD5
9356712058397483b8f999f20ef89952

SHA1
80aa7b5855a49dde5027d4b1d7d883cba263c080

SHA256
a98d23a5d9b068dab6ca6e7746a0df23916479c730d5edb3d400b95dc12810d8

SHA512
2ccba6d4392a89f4a7f73c3dc2d78c0bcf27f7461de4b0b90a0d7530791275d123b78d07526dde254bd60a028d2d98e7dd46697fdd9794ea6826c9cd6bd68e75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
11KB

MD5
2d7b49d932b8095b6f1d0d4199238bcd

SHA1
86fd879f33eff6cc0754179f2faab95261cd39db

SHA256
050b72d61cc470410ece9c0866216d856a01ef9bef1e38d944321f5a5fbcd418

SHA512
b15762455ae6d4d036fa17263bd9de55e46d08d8943f37e163b60760edfa82f5fd451895125851f7db1d42a91823192d47c8dd2ef1b8f8d8e5cbf403bca45832

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit