Analysis Overview
Threat Level: Known bad
The file http://WRx.dzpvwobr.ru/vGysgPt/ was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 17:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 17:34
Reported
2024-12-05 17:35
Platform
win11-20241007-en
Max time kernel
47s
Max time network
48s
Command Line
Signatures
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://WRx.dzpvwobr.ru/vGysgPt/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50f93cb8,0x7ffb50f93cc8,0x7ffb50f93cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1824 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b821565a-2b7b-48f9-bb12-131009c7e455} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bbc2cc-9a06-451b-962a-a01261bef72d} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2856 -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2804 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d50427c0-615c-4443-8f95-b45061d9b3dd} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3700 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0e684b-6ab0-4404-89d5-0704e28cf806} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4504 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a84ada8-b819-43a1-8811-ef3a291c5643} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" utility
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 3 -isForBrowser -prefsHandle 5396 -prefMapHandle 5476 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24918205-90ff-4cda-925d-f5c065476c6e} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5696 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e9317bf-7661-4d1c-9d53-27c41606232b} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c46e8b37-36c6-4acb-9821-88f45ca50723} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 6044 -prefMapHandle 6048 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8fde2bf-3c95-4745-a63a-f0cc479ae9cc} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15233948481617448746,2766646880428821875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 7 -isForBrowser -prefsHandle 5896 -prefMapHandle 5908 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8605727-a179-44a2-9ab8-79b5b9c41806} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wrx.dzpvwobr.ru | udp |
| US | 104.21.45.79:80 | wrx.dzpvwobr.ru | tcp |
| US | 104.21.45.79:80 | wrx.dzpvwobr.ru | tcp |
| US | 104.21.45.79:443 | wrx.dzpvwobr.ru | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.45.21.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 172.67.189.38:443 | wjbrzysi1jmqiqhltbg0kfxyj5ctn5idpfay7ixsc8rlrdmsep5gqsy.bfcgpixdwnw.ru | tcp |
| NL | 20.101.246.164:443 | www.onedrive.com | tcp |
| NL | 20.101.246.164:443 | www.onedrive.com | tcp |
| US | 13.107.139.11:443 | onedrive.live.com | tcp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 151.101.193.181:443 | play.vidyard.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 95.100.195.44:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 104.21.45.79:80 | wrx.dzpvwobr.ru | tcp |
| N/A | 127.0.0.1:50035 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 104.21.45.79:443 | wrx.dzpvwobr.ru | tcp |
| US | 104.21.45.79:443 | wrx.dzpvwobr.ru | udp |
| N/A | 127.0.0.1:50043 | tcp | |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 172.67.189.38:443 | wjbrzysi1jmqiqhltbg0kfxyj5ctn5idpfay7ixsc8rlrdmsep5gqsy.bfcgpixdwnw.ru | tcp |
| US | 172.67.189.38:443 | wjbrzysi1jmqiqhltbg0kfxyj5ctn5idpfay7ixsc8rlrdmsep5gqsy.bfcgpixdwnw.ru | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| IE | 3.162.140.23:443 | d19d360lklgih4.cloudfront.net | tcp |
| IE | 3.162.140.23:443 | d19d360lklgih4.cloudfront.net | tcp |
| IE | 3.162.140.23:443 | d19d360lklgih4.cloudfront.net | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d91478312beae099b8ed57e547611ba2 |
| SHA1 | 4b927559aedbde267a6193e3e480fb18e75c43d7 |
| SHA256 | df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043 |
| SHA512 | 4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96 |
\??\pipe\LOCAL\crashpad_4952_VKZPQMGYICGXOHMB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7145ec3fa29a4f2df900d1418974538 |
| SHA1 | 1368d579635ba1a53d7af0ed89bf0b001f149f9d |
| SHA256 | efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59 |
| SHA512 | 5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5619162b3b21e3c4bc2148e2d0ae3356 |
| SHA1 | 617ea649340cdbf473ff378c7079ed924e8ca784 |
| SHA256 | 297a187b45c3039b81113b8b2aae0da24690f60ba972e27d33e657549c936380 |
| SHA512 | 4ab16c40cb29e4b9854a5c6ad35784e73aaa69ca8a8055c6de5956c7ed4dc4f149fba2f6b197ebbb5cddad7947b97610b5422fff26185b2a1f7d9a4672efaf8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2263751c86703e6b3c76d4bc35812ff1 |
| SHA1 | 88bd984ae6eb6054396dcfba6dc4fdd4c87d79bf |
| SHA256 | 2d2ef4d2c40514bd11442c4fd85d0f0b50e37aed279b8a95366e944ec6dad811 |
| SHA512 | 7b20200a59a603b3be6eba4231b7259df9f8729b23eb1f22b71ba17a1ed66c47a39828a242ce34790c1902fb89ee093a9a5174e5e6f39cfda065b9be16fb13e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12ece6f04cdcc113e92048d75417819d |
| SHA1 | 6a84d27d28f3a83d629fedbd5d1833a53de23b10 |
| SHA256 | e534534ba8a7684ed79adb3dabcd1f01dbc1d98784b164513b6dc33c85231b15 |
| SHA512 | 05d778b3b1478e24a70c6875f951d7be0de37e38cbc1e5b67b97f133665dbd7e8045591415f76c07946a8dd0a0138c8590e6cdcc725321ebd637d962114eaaef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584225.TMP
| MD5 | 3c38d1dd6aafe3d41d999bd3c7bb4ac9 |
| SHA1 | 052e2bcd0a9f8270d1b6daf2ab21f2f402b25a8a |
| SHA256 | f870911413c8e297f601977447f9af72e715bb1be60fcbe73dd683930a641a44 |
| SHA512 | 8f4f4c2898c5d0295f6f2feb7b04f38b9a882312911816bb9a4f0e50512e7998bef686cd496caf5dec43bd06727cb55f2b60d0e135e987d70f5ff459bc14e543 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b32e08a888515561390d17c9fcb6344 |
| SHA1 | b48f6f0a0a9472925088470eddc19342dc687aa3 |
| SHA256 | 8c14a96b04cafe4ec65f71c9d0f3ec1234b8d163f0e2885f7d9413e02e56f69b |
| SHA512 | 2ef88af8909fe3b4324d0cca81d60ad88a5c7c3bd3d91154b7656a3f90e07d67645642f34f0062719e56678258129d9a0239b377b6bfc2549bc715ec7be4cb39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd25e0c1161f7bbd422346971ea2c1fb |
| SHA1 | 6df8d95b7f3827eb96bde1748c7cb4f0d4d0fb13 |
| SHA256 | 40a1b81a2c29af34d40ae0d1d46cde63846cb74217668154ce723d9da5732752 |
| SHA512 | cc1e32b60a727e297dc7af1b22709a6c20812e4d1e0336cd59b3e6f22c31d719b06135b726e8a1393bc626ad83399c68f222a2325925a99e7e95b5f57f71ec41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\d0060f6e-6a04-41e5-a3ed-862d59afd293
| MD5 | 18e671e35e334f87c699846326c22fa6 |
| SHA1 | c8b91b57b40876884c390b77f5df4b02134c8be9 |
| SHA256 | 7f54ad25a876558dbc23162a901acc16757dc49ae7212934daff5f4e365108a5 |
| SHA512 | 72dd987ec30425c4b877d8560b58a20fc88bd40401f60c1d71757468a351c3c94562e72b6390fef2cb3979c5d83f11f5a8e11f156f5883e995f194bb1204885b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\286c4c66-e2a8-4655-9847-8ce45d429021
| MD5 | fec1041ed4c59755a57874f270171bd1 |
| SHA1 | 6a97f80f6393ab603d90378ba02fc857035ab18d |
| SHA256 | 211f5fa7aa822c01b3721a2d6f9d999909bab15f913950ca1de83fd2b636f5e1 |
| SHA512 | d9d99cece3a7cd3f9b819d800e7326e085b210f8074bda2dc6707cd9face6ee1e8178df55558741de39bf6e88511dbb810029f61ce3ad9a9c1e5f894b4806558 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1bda9136423298129a771c640505c9d4 |
| SHA1 | add4276a92568f5b0e93280c779a6767329cb3a8 |
| SHA256 | eb48f7782e435cb7eaba40f9ff58c7eb273cb420873e948142f2aa31dee2fb87 |
| SHA512 | ba439bd328bd4164af79a9745af2b67d79ff889a03376ff5ccb9b4c9ba37059d31329aec9abee52fac751d7ccb4f8a4c57bffc5a53c38e405d979b797b6c1f5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\93a33f5a-2a89-4388-a64b-c9511cf9070f
| MD5 | bc4c0a1eee3eb4c2170a4f820376696f |
| SHA1 | bcb4cc8fdc48d2f7789171cbffb245f2b0f1318b |
| SHA256 | 5d8a57fa4c15d4bd9d2db7d1298ffd21c21a1d54095c7faab20b1d9e78f37eb6 |
| SHA512 | 6a684614f69bceebc378392590d5cf42694ab427be501dba1d62cc3ddf06c301d0c146667e960925e0aaf0a7816f21cc0297b56c1c732d6b4f4665d7625186f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ded907dd0a17066777e6255e8a2dd033 |
| SHA1 | ac688c7cfb0ad66cf7cbeee2caa20fd96ef6f4cc |
| SHA256 | 59a49a6a2a9a1d9ca1f0e15ff2e3cc8b6c648aa2597dc333af27df3b8755cac6 |
| SHA512 | 12cf7b46bbd65ddb51fafb7a1597d59d9a65bc5069cd64e3584124746ce4a29a0e32fc3f5af2c4bf103993022befe3c443dd404cc2ab8fcc74ae961b71cbf2a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json
| MD5 | d2f9458805f8182bda01c515d4c21dc8 |
| SHA1 | 777ccb523af4e4164cb3c4ffd85596d0caa7e830 |
| SHA256 | 13de269977fec99d83377c34c15aa1d65aa0bafe8087e11be85c42ab40f621cb |
| SHA512 | 1c10a4460e033bb313babcad99f89d0d25b5bb7b69ca31dea0025e632f1a04a8d2bed80c5fe6feae21546e1a9ed6e6b6c551c948b78370a52f59ec37dc11ffc6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin
| MD5 | 41b463b80b08e4823d480fab55486dcc |
| SHA1 | 24185180fb12d8faf238fe6ded5910ae699eaeba |
| SHA256 | 089a54ac71de88152950ba317696294d21e8658d9fd059cddf48af60d96caee8 |
| SHA512 | a4f4a82ac27dda1e365741417d9eb01c20effd814520ace92dfe733c0b727e476ab5a1e78f62868d6dde2b0dbd74c7fffa0ba2be5df76da7f32d339ef97dd0bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 8726e011be1b02fb0e4f0b5e4761e3f2 |
| SHA1 | d2329508c8be01592dea159d367a49dad4e15bce |
| SHA256 | 957f90b4eff9d1a603da6be6cf562cea90b1ca49541fdbc70a8992405e2b2fc8 |
| SHA512 | ca85868f57ddbb1ef37ab3fa1d5b2dbc8b4bc4912b82f4d3eb98aaaadf381b1de980b5823f5d75b092423eaab7b47bbcb073929383c32987abe8acb2f9d50b4a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\67F2CE2524C65A3B84A462960F51C75B66D02EAA
| MD5 | dc586e67f06a4c4ac4375023831b6e1f |
| SHA1 | 7a034ff25ade9661dc7a8955e98d72e3c60d9d00 |
| SHA256 | 22563f4722c29d180f01df06b607f9e44d4af538d65add9f8c33dfc4c6666c0e |
| SHA512 | 9cdca96c1014aa6efdf2b546a0211b7d21c75c3843e62ec7567fc8b3adeb92ed691877008a8bdc2fd5427d09ca09cd0510e9d744af130567bd3d2dac9f228e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ad86b6be4015cb159bf5e0dd322611d5 |
| SHA1 | 4c511d8bf8d020f8f1f1290c3604ef938cc2ccd4 |
| SHA256 | a6862b1ed151c38f36a8ce2ea81f64e0c16cd83f5872a6c18fcc3ab2cf9a2a74 |
| SHA512 | 75df97161ceca24eda859cddce17ed6af47b455d323ce08f88ecfb8f4567c773e9c63235500d2e6df0fcf1602d05cfd215fb5ccda2dcb82897279064889d3ff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b5aa5e57d36c32741a4a4dc26a25b76 |
| SHA1 | d6bc83d838fb8feaa049cb02b6ad2628bb37dc23 |
| SHA256 | ae7278c63760245734005a81a210e86ee476d7d06ae3ecab52ecd12d88fbaac1 |
| SHA512 | 022aaf4c8950859aeac9ad7d22ee958941c31260c08e57662ed5bbe66f99414841c49147bd5482c2f6441622cfb4d52e629926f870369f834fc4412ad26992ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9005cc225d18d8fbe2a3eb043cd62c65 |
| SHA1 | 122b0021fc7b1dcd2cf6ac54d141537cc383cd19 |
| SHA256 | f2208d3cd311bc5c8b541bbcd28bacb1706b219df79482a9693f818b40401bbd |
| SHA512 | 783c07619c723a89379aa1f16a9852d8b1c95f972318926dcbd3c5174214e72715eca04c7085b8d0a6e344e8ad9197f1b0388b44760ef9308015915d59138f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | d7fee3030db00e660e6dea155dba03f2 |
| SHA1 | 71320c0e4ec30a26051e9e3057f8fd8fc44f7d95 |
| SHA256 | 0b7e9248b307b85ee08b43586d6ad6b522e38420f8ab1aff9eef132a00355235 |
| SHA512 | 340d5b46849796a1dd1fd3de503ecf047d78071d8cc061bc39e84e712a51a22bd2f2046965f905c3135b9b74834bc427ac5012bec4120db4c46c89fc0885ed25 |