hxxps://www[.]dhl[.]opoworldfinnance[.]international/

Analysis

max time kernel
158s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2023 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dhl.opoworldfinnance.international/

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8cb5a76a-5508-4d19-9789-f6d6215d598b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230521202422.pma	setup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "485510403"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000066da4589109564fe1eb2f6cb60e7c8fa0abb347c4103c05a5ec39e81fc57e08000000000e8000000002000020000000e8d054a53c859a87023144403d8cfac8830206fa35079af8a06b3baee5b4c23220000000cb2f4efa5daa7ecc450e88cde8c3dc40d95a665ea97cbf2d93661bc08bfa7ddc40000000ab4b8771d9486afc84554572bb58517fed4a1e5415c078c1ae462dbd47f0fb0d3836b7b438cc38beafb61fa338dce7222c02a8cc93e2fcb3e3fe48759997a5f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{44A91595-F815-11ED-BDA1-62507EA95193} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "424215387"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31034402"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000023f8e19a9fd8fbf1f5d3c4b8746298592c1e1ca94b46ebc28c17dbd47f3ea57000000000e8000000002000020000000c8e26d8b29b893c6fd613ab0722dd56a3529d6a4c3b7f40c9b8e3673fbaf054020000000ba596ff26fa66e29a70299b89e1a107a265d371aaaa7191ea5ca43aa358f41524000000007f45e9097edb4b22e15443c10e010ed766cd1b3c2dcf82f94cf2a62a870d1245b6777c2af8bba66b49907ed37f271ae5fa9b101d1f387bea33b84a65d0b993a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391465556"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034402"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034402"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "424064220"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04e0d20228cd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0901c20228cd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133291742983366107"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5916	msedge.exe
5916	msedge.exe
5544	msedge.exe
5544	msedge.exe
6020	identity_helper.exe
6020	identity_helper.exe
4408	chrome.exe
4408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1584	firefox.exe
Token: SeDebugPrivilege	1584	firefox.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1600	iexplore.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE
1584	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 5012	1600	iexplore.exe	86
PID 1600 wrote to memory of 5012	1600	iexplore.exe	86
PID 1600 wrote to memory of 5012	1600	iexplore.exe	86
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 3764 wrote to memory of 1584	3764	firefox.exe	90
PID 1584 wrote to memory of 832	1584	firefox.exe	92
PID 1584 wrote to memory of 832	1584	firefox.exe	92
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93
PID 1584 wrote to memory of 3280	1584	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.dhl.opoworldfinnance.international/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.0.1850798859\911963412" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b40b7a3-bddd-49bf-9732-a20776d66e00} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 1928 1ad2ced8a58 gpu
    3⤵
    PID:832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.1.337538616\918909148" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63550131-a7b9-4a10-9776-58fe06bd964c} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 2316 1ad1ff71f58 socket
    3⤵
    PID:3280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.2.388010424\1737809867" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 2932 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf655618-55e0-4cc3-b5da-022c5e31ac8f} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 3184 1ad30bba858 tab
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.3.638448810\848920840" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 1116 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {543d87f6-bfe1-4d71-b156-737df2273e00} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 2452 1ad1ff64458 tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.4.980213583\102023233" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f11b08c9-48b8-4c6d-9fe2-3bb887499903} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 4032 1ad319b0758 tab
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.5.1437986752\184161093" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 4716 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eab3486-110e-442f-a201-918dfe8d914b} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 1616 1ad33547558 tab
    3⤵
    PID:2220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.7.642975615\1052805014" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5248 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c9d3d18-8aaf-436c-bd18-6af3a6d7fc75} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 5264 1ad33c07858 tab
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.6.182108286\1888621234" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0114ed4-3944-4034-aed8-ae3d1e007144} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 3076 1ad33c07258 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.8.1969425482\437533547" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5648 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a11a186-0e27-4489-b0c4-73a027601d7f} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 5720 1ad326c4158 tab
    3⤵
    PID:3284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.9.530371294\205247309" -parentBuildID 20221007134813 -prefsHandle 5992 -prefMapHandle 5900 -prefsLen 26675 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6b911a-bfc3-4fc3-bbcb-0eef37db7804} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 6000 1ad32bb0558 rdd
    3⤵
    PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd96ec46f8,0x7ffd96ec4708,0x7ffd96ec4718
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6dc4a5460,0x7ff6dc4a5470,0x7ff6dc4a5480
    3⤵
    PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6306334482213712903,4801297561090630867,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd9bd39758,0x7ffd9bd39768,0x7ffd9bd39778
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3392 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4768 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:6388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5228 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:8
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5260
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff76e1f7688,0x7ff76e1f7698,0x7ff76e1f76a8
    3⤵
    PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5496 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3488 --field-trial-handle=1840,i,4058983004484218733,15865937129957107948,131072 /prefetch:1
  2⤵
  PID:6972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4BA6A8D91C3B08E41F1FE2FB4FBEACAD

Filesize
503B

MD5
cfda8f443db0746a4a6097468e10338f

SHA1
7d2fd252d74b82125e61938def2bed81239bcb67

SHA256
56edb14ac9a108d3e8ab0c97794b03d92c4041a751499219c4ccdfa1a58066ae

SHA512
ea015fc5c8d393b76a075bbeff15c0682a942bead1e91f41be5a396dc6f3f1f484a5dc6d9e3a3fa8715749c5a250f87e67504d886dc5c62bf6f981b2a59c799f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
a8097a4f7a963b5509f30569f4462de6

SHA1
41355936181c0b47435c1288699f6c1a2a65bbce

SHA256
c08e0aea2cfe04fd7c88ec8fc408f357092920fc187b2c7749af69cf29890e3c

SHA512
724ef849054d5aaa124092933ce7785520b162189d4bc6fba623978e1a8b2b7b0193420dc12699f20e8980e840729bd614f36aa9d3f3ee022a9e67d3642f434a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
2f1564d8c80699a0286e552eae3e14e4

SHA1
da380cc685b6a56d5ece5490d868f8e19bc7b34b

SHA256
f4f10efc146516cd5b854c9ec77d01f70f58357a9ea54760fa80266b8123ed78

SHA512
8e018ee0028b3da0447c9596e9b61cbddbc733cd8467196f66887f3e209a38cb37b6b493d5b5309045c7ffc5c3ee876ec99ea094d8393ef0a2f46c2a7748a5e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4BA6A8D91C3B08E41F1FE2FB4FBEACAD

Filesize
548B

MD5
1c7710bda475a3934663a8e82b9a411f

SHA1
27648afa3dbc1d286f9c31983d6f18c5ae3bea70

SHA256
d9805535d14668fb6dad0d16d52dc3e17567d1b38d966e1ae6e78786d29e9dde

SHA512
6bc95546a6fa61da5813ec83d1bdab6b5110c51fe1912adf2f687de8c1bdf95c7872fc264808488bd2e7e73b075618c11fea7dac755f78b776fd9e29f47f33ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
6f2fbdc0e60795b83b384e8d49895232

SHA1
cd79afecd24b69ba1788b27c396362ea21a7ff78

SHA256
e94101125084deb01d3f0164b26fd14b6642c1c1ee72fd9924bad965bae56d22

SHA512
fa61a03981b45f922cf94f741a4c900528f907d284d220c28c63c2206e284b10c6c6faf9074409c4bdfd08625a772cc5eb93fb02c6805f4c72b98c2d6437540c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
23KB

MD5
bdce48f6c82a6fa916ed46cf3d9d28fc

SHA1
cb8fd26b051c77a072197febe2b32ce195c609e9

SHA256
16703a139728733bcac29eb42904ae6db54b2a511e9875f787134d6fff91e343

SHA512
40ab038da366fbcb26c3873dff8849b163667062a81d6bea02b5a853590e4e45ba751075453dab5dc005e3f560117f54d75b24e26f2ac3a78a059fd5785a4830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
17KB

MD5
47552e3bb95a0fe30f0c8c69ede21971

SHA1
62a551018dd74111d48eb2a05faad02f88f17e82

SHA256
1cb6e2d198604e46210befad247046c07277d82e56c6c041f9480ed1ea02fee7

SHA512
0bb5fdc3ad7f83575cb2e5a3919d391e343434471a21b3cd5a3cc12c2c71c51d186499df03189b571bcc709372e05f3dcd3286901a3520f0a917b4884edab7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
23KB

MD5
0f2e7d37e730fdbb1d8a1e8638529ecb

SHA1
c21d16978a858baa75be15cb7e799ff000929429

SHA256
cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0

SHA512
9f3f89d8bdbce9d6e6d75054073f7c169fc64b9d5f68b4da3f40e23554a29c8277ce8ee3c7de2434cbbf92931e2550e0e5b2c284a9d40f391f046d18f1af8ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
23KB

MD5
ec53eff7c3fa6e1f5e678c961cb696f7

SHA1
2571abac82b438611deaeb840270553e1c18256a

SHA256
9a42eac0158f840ad2d468407682de7121af78017b662a05994538f45d421006

SHA512
d80d0c705b58648e6fc3fdf5dfd6df08e84941649c5ef949a749190d6504971c15741868359f3a460b96b64ec38749a3aa76aaafd29b8a68758e067594fd3df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
73KB

MD5
5e2f92123d241cabecf0b289b9b08d4a

SHA1
7f6c682ade204e641aed8f471064c56b6eddc263

SHA256
dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed

SHA512
ee5bab0dc2971d6dbf60d74823ac09c387f96f8e3ea6f10e1c24b6baaaa2d7bb1ff89e8f280de873cda0ee8f50c2f2c8f621c4e16db29b133c8fd83f2d083bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
29KB

MD5
812f649ceb9bf2d06f01c1d35b9c578e

SHA1
7898bd75dfdc67eaf2945b2f97ec2b8a6831ce2a

SHA256
9f943c4f78a9f5861422bed377a99b2eaaaa9cb104b9bc9be41345aa27b45183

SHA512
bc2952adbe85eb397b4b7d3c405b07cf3b30967e73d77933633deef8c9defab5e6fa3682606eb1bfb1002d0d4a3b0e07470df4c2af99ffbc8043b4bbd2cb8679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
50KB

MD5
3d49bd516c911724a9c8a1463f082091

SHA1
8e8e98c3b3d36a836041bb6b62655d89aa699cc9

SHA256
1a86ee0142aa18c9d4b807d8ee65f1636865a4b7501c4522b1c3f9ae88bc4d61

SHA512
99b72ac6a407c82f73dc6eced97972ad2e282f778bd6bde567e8540bb50b6e927768c2bfce0e402919f21e9120c98a74907b18efd90b526ff7efce92e386adf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
79KB

MD5
6ab428255f1a1b1e92bbec030b061525

SHA1
cc1d52e5739baaa99cd7753df042a4c435da454c

SHA256
8d0dbb66576f613acca2f9b0b6726b7edbf0469e4a32395d47efd5e6384084b4

SHA512
731ee559fe4a234122beddc3a35814eff6e123a8a493f12404462d0455d089c5b3f58afbac612c6b6b5cf9fac60bae718355e56a22393eb959067943a89c7e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
1c6f81e96bf8749d378117d91c40eae8

SHA1
62fc06ed717c7ef339d7b62b34a70f1c2d8764ee

SHA256
3da9ebb640d9ec2387dc18fe91f515e44f390a1dd78b79d7d419a90660d9b16d

SHA512
b329f8b18a195cc26f23b90ec6a04a8061a81e10c9f8a340c1530bac77c215f83fba07ccf3f1281ece3a8347ebcd54858ee9b8b0ff95848be686618ac10c72c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
321459e11ba6c5c698e7f3efc83eb3d8

SHA1
62cc8a46c550de4d09ccb63fea522cc1c4081e49

SHA256
b6e43b41d3a34c98dbe1e34e163ead6b6140fdea9354cbd5e48cc77978bf956f

SHA512
66423dd249f69b8ef724a6a1df6e4120c4f4ad3134f7c3422a8f014c4d97ed45a129f863405075bb120acbd2d30c6036cf655b5dc3ef1eae86f74a52ff550b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
337a75c0668fa3055a3b59d4054bbd55

SHA1
e33a84a2087e3d707c7ed27af527ed7017e7e0a9

SHA256
4c731a61583d730a0b95c8abf613d2f09f604351cd37dfef39958651e88d649b

SHA512
8b1005f61c5a09d42fada8fa7563bb4cd19bcda5f8edbdb791f7eadc8370de2ed670917bad85a1c5f705ae2e419914fd608fd2162f557d37f6f385f4bc3cac86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d329433fa5b809956e9e63819b38caba

SHA1
0d61ab9f804064620c7d75552d85805fb52e30b2

SHA256
5ffc84993c4349f8fc2a6d3461fc4374b6e7fc514637e7918d3a39e604f4404b

SHA512
d1daabbeb95c4e80e4b0ccf0c69ae51dd183faccf13736461b17b5392edf5d234abe5a85b45ed865a533a235c7e8cf7707dd4693dd39a4643491f51b44881615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
6f0c24c22a93e9b3ca9302cbb01f10c3

SHA1
b7c6f53a5b999ead32cbe52a6d0b7bee418405f6

SHA256
6f2a3266e81fd1ae0191ae3e343bcf6708777f2c419b253484a32c8d8fd609db

SHA512
7b66b4441897b9855ecad248c11cc00a03a304e540a7b483b5ed4a12e6d1235fc57275e635d258a1edf36783ab06cc1d0d619e5390535f884d442d0fc36e0779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
285cbd47aa4446dc5bcc4f54dd69310d

SHA1
60becaa7d9f15c15c0b58bde27b8e4347539c382

SHA256
401803f71041daa97c6dda9057bad6bdabeb2d0634b5dea31ae941bae196a688

SHA512
90f8acb18e4ace801ebef52f3e9b13134a0abc7186a8e459150817466739a233320c0c19d98120e5fc7f7d6855fad0e902173adae9d66274390ef679e96a8118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cdcb.TMP

Filesize
97KB

MD5
88edd6d37c4abe1ced5a3631ee087b71

SHA1
26490c1d953efb1dfce00bb6f916f6be0ad81a7b

SHA256
e02ff405cad49463a9f0b5115ee110167f7acd9d14276d0fccfbd31cbfe12cb9

SHA512
f41406345e45f9cf78084065b307e1c76392df25f89122c36ad8f168c8463c2d62df95ffe61ab320a2aa0b55f8be308ea72ae0228d4102b86c12b1eec64ea6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
aa8017ff543094884807307e898cf5ad

SHA1
894c0a18920bf504ef665f699e8ee6e27a7085be

SHA256
f8741b000e87a97867ffe5db2b634465c21d17350d05bdb5d98f4014d2a51268

SHA512
6ae8c8c95028240e2b2bab4cb9ca3a6599567826c35dbecca3e09afee3a81a36c2222f14e13f934a1d8dc678553ec9f295b095c361fcb4edaec4b60bc7f9871a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
60df7e644081f5bb50e078380d190ad4

SHA1
2b8189fcf01386ab07f1bbb6a2fe06d695e0fe93

SHA256
5f3d40764ddc231dbc953e45c5dfc1e48b8ce9d5c22a9d1d999b9d6364ab1c78

SHA512
9fceee4db082e2d69271d965f279e99f85db49ccc1803a5643ece6bbcb61f94c7c9f738ba767db1dcbb3d778a2552d3fe67a0736c6c9d5a61f7cf81b9fffa71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
da4cd4e0c0fc89f569d54e7f98e3a9bb

SHA1
f3c606e8f994c52c49b5e16f4f9e4aca68cdee8f

SHA256
23037e3fd0827fc8052032de221fd51c96539adb36fb24460d84ce907810ac1a

SHA512
c3c277802400736454c69091aba81c5696d2dcb20a5a568d5d3694bc4c6b737aeb8515dd9b8e4f283849c49d5735bc8238b5a209f084d851c246075e631401a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d851f998647c58466678f8d9040b3204

SHA1
ab4b025aed8dc3e7d182151e06ce266ab7bd921b

SHA256
175980a14d9537176fd812277eade731665ccfd79faed9f4cbf5e678e5130d02

SHA512
75934d35eb1f8178cb4fe5070251a399f492208d577ffd08d979a4ac0b7614ff1465b4f02752de7de8806ce2bbc0ff6b369df45f1d8c76ac16d1ce9a9c5dffee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
76b750f08745d9de98663d76778de2dd

SHA1
ffca253b7fb7a86510c5030adde1ca71e5f1db9d

SHA256
9fc7164d351b72b847fca7c5a896a6db6425b7d726e58287405bc4bbf00a356f

SHA512
32af1a3ca70cb3925ac8b0f5612e459190cde4af0fe41c671b1785daee35a4adf155e9c9ae2aa33faff228458a928c30399a37ceb63342adf5b7089587bf35a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a8651d8967cc40e788114a469c73034

SHA1
67548ff97647efc1893237c85dd1f83ac7a3e023

SHA256
de06e3a887216cd7051fe29642597f0ebe0909fe67d7389db4aa2da0ded4b930

SHA512
9df4c0d2ecce06ddcdfbefc3b9ec58d0a1d3c29d7798f8e64ce85227316c938226adaffcd4683e85f0c528f467664d0bece9a44fd05f6abdf9c891e9884ff687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52a3ca6cf0353640bcd45c351671c45e

SHA1
731f4521a1331aa307293d9cb7a8a7af832c9f33

SHA256
8730ad73ee82d8b7131251cbf69d2e87c88a07ee9685cdf8ec437fc8be5cbb49

SHA512
5523081db72c68a04f2cd3d9d794a6793a9ea4f23771bb5f7121f97974b9204a46b2cccbe2a37fc0a914f799bdd084d34b43e1232d5dfb7a5ac1cb6a18962b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14d2e9715e228067da28913adb396808

SHA1
dd8cde51a8736665a7efcf4760c7318deb739daf

SHA256
bf1502caefb85162b1dec5787ef1802e03d7d59c2333ff4fe759239546115b49

SHA512
6a0e3003a2e8bcafbef4397cd4ef65bda6fc1ce08156f150f67c7f1e56beb64aed60835211c5e297b0538fb6a064636abe6d8907cdff10a423fc395ee4d60424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f506346ee44c881a379ce04442ccca64

SHA1
810dfb6be0ae3bb7d564817ed97d2d2203531f06

SHA256
893f01264f291214ce25b2577c569805ce09b11ab6d62c7722260f31ad78990c

SHA512
949141ef5a96893402a59e3809abe062b6e65da697152c50979d1aac98db11e5754f1455a311ed953f2fcc7e14b4213b56d42277a77eef77e94cada8257ab517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e5ba0451ff36f3ea9e13836ff06ff26

SHA1
29d9432a220b56a8aff2ec973bd6006dad895117

SHA256
be939c53dedb05948868aab0d04a7a31d9883884262e1da601e23cf95ca80951

SHA512
10247ac659e1ad79d1984e617f9ded79cbddfe9c69177968f385729cf7d934c3ca82d4da8ad5dc025336b2ffdb0fbb7629fc0c400896304a5a71a001d030ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8424ea7db402d657b5a1cdafc3293b00

SHA1
fa7a639f43f69f0bf8fe9297a19753c17f9bae3b

SHA256
1f99dc4d9603a53da6be06ad3ac844aee6a0215ed3b1fd5141835dfedd259db8

SHA512
af6c8d4e3e4f3894a9ce3d9b67984570226f56a132a376c784542a02b6d827821932530479ffeb21afdc7c5607f4c378d50c543b32c1eb486b6776faabfc72eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582313.TMP

Filesize
874B

MD5
ea3286ff6787584e7a16d4d8d229e0c2

SHA1
64550d61733d6a49f40139807ef56e4cf160a8d4

SHA256
8e81d465b97c3ee5b9bbd32946ef231b86e3139ba2eb35c436242deec3d8f8d7

SHA512
d3f3880b7ec0535bc70ba143c27330313dbd2c7ac854be50a97d9672e12b9e95f3d4c583a2de837d0ea7668c364bc354bdd549a83a0b9df6306ba32a6435507d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e5b64cd946bff823394055982fcd7aa0

SHA1
cd5a3cc9fbf10369989ffa767302dd010db89f2b

SHA256
94eb9ec4c267fdc3e45e41843ec6dc2fa47cf564696f5b09a3be51c01d9f9de9

SHA512
3884f2c941a5a8dc41c2b676d821deb7ddb043678328b8f9f79f31788638d6e40964b7fba6ab5b68f0c127e96b07b1b300487505c970f4a0a94a4fc4862c7980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
91c2b4cbd0d95dd323bd5f85e651ef43

SHA1
4828a63ede146550115e9bcc1f12ba28af88578c

SHA256
1c3c48aaf5fb3bf61e838035c487f7961b6657b7b8f33010a9f5a453561e9df2

SHA512
865314581090fc57fec3f5db8efb3d6f65611566ef03892e284f5647289075f03f9f7b5dd8112d7f30a888f14adbeb089a170f441f5c670571e146e261bd6b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e6864e1700893b6035b30e5a5ad8a028

SHA1
b9ec839bc97d54b99ad5faa3eba01019b70c8002

SHA256
f2193c388dc9a74f849976a54c31081782e7460ee4fa2cd37d3427909b9ac194

SHA512
56ed46f15da9380dd12fb72fb232ab77b01e7303dbd002478f2d86262365cc2921a9c2189ee2ca4a4e9ef4188316e62786d3ae24cc0c14040b0a2ee8410f96e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
157KB

MD5
d2c26543455d20b92439dfc36623c8e7

SHA1
d647510f93cdb1d76c321ad15a97e25327ffe9f3

SHA256
a96f67ff1444c249f708a15f073db4f389335a85b1cf019a72ebec10bcee8878

SHA512
928ac825063bda9c41cf82b6f55c2c678d0c33477c32e65934e4bc627827293737d8733ecea4ed20b0851828ccb2dd26fbdc389fb77a376bec86a172c7df98a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d446f7d3a6fe0d8bfd3063dffb4f62a2

SHA1
c4d421d958e635f58aef1a3db83645dc2d943136

SHA256
b1fdd180cb890718081d4e0e6cac86ecf60778d3605fe92ed102f8354f59cfe2

SHA512
9f0770d5910ee2fbb428e1be6c0aeb972f1bfb358148b5c3b89f1519347267c6b1bb617b24fc5c611a95485407719cd375e8c8f269ef5cb4ffbfc03475dfadcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
2c7615947381b5f0d4a494d018749f2a

SHA1
183945d6d1fe0b2c13d983fef9d830c57efa587a

SHA256
a6b42e52070c0b323f4bdac99829d40f5a4e432944224a6ff5ca862b36d0f7cb

SHA512
6c07826289421cb359f043931ca7d42fe1a4fa43342e5ff946f3c16dc1b820217baf99f74b1d7dbba79dba09dfba57a0b29089706379c382dbabf9307d0a4b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
4987330cd3efd2f24309bf8d7cbb7c7b

SHA1
d4ffe98e18f43874c14a99e2e9524b1ad385a00c

SHA256
5acd6cb6fabda186dae77972384d366fc2afb3aa6da3570cd47666bc37083d83

SHA512
c3608de2c54167d61a46af430e4112f5a74b590617468b69728c6a9f36f8908045aa22de43c5552c71e2ed8a1283a13c56293630348bb2146f7f34e6cf756f65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
b410a26a56e5f4180c6f45c246b1c9fc

SHA1
0edd16faf3fec6d42cfcbb48be050d5280cfb377

SHA256
21efae31cbbd60868200a86f888b9c717044c538c0353cb3ce4c9096c4efd341

SHA512
054dc9cb36ffe275919916de9c9021ddc6f9de33983a1abd9eaa37febcd03c7b3a4765cb1cfe16709b80bde8843504d2bb8bfe05595cf1b2019000020c8b2065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
3a5651b6f0373172845f538a1b0e40d0

SHA1
3a7083e6af55cdd664acb6ff15f6fa193efe6199

SHA256
26f621dd74b25d6b7cbf558c5934330817e5460ea0b96a5ebb9525b32d47424a

SHA512
3f5b064ea2c9e07420d4c3c16b8270af4b7ebbd5398ad248c25d41afd6129b72c750abc0e0ac313eef27d3cc19240b83275a18a0e85418713973fb9ca4a8d2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
48b388950abec2e84499a5998d8eca57

SHA1
b8620c49d27640247ef60d6146366cee33c7f9dc

SHA256
7bcfceb096c7ff9ccc4ad77d62bd2a86450dcffb9052a5a0c5dfeed7cc8e676d

SHA512
52b6102c27c3b8fdd4b3574d141d08a2849b09183f43cc093ba4c614a68c7c7acc83e0248474e99e36e3f0336f2bbddc087f02a22ae7f1679a8ef889c8e49059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e307bed3ef11d71da4286db52de08385

SHA1
03cc33991164875d3adba409c28d9c5f9aac180f

SHA256
aeed76a6d752df9352d0b58d7fd48d9139a40953f3ad3300941e175b48814d29

SHA512
34b768cb1ca370f05fd248d31ef6f9cd445eefc8db45706c343d0d0002bfdaf99231b78e3179881bb9603a943096d826e38d306e1d7f643c5b72afadc510e5ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
28a7ca6f9e5d2094709745371048c5d4

SHA1
1fa80bdd27a2f429e1a03ded295c5bae3e076e09

SHA256
666d51a72f749dd516af731a467b38b2868cae57134ee87d8acfccb2e8f13326

SHA512
82bbb804866eeead0335ba8dee9eeff1dee531f34193932cd5a15db2dbd598112d2385005a6771b65a55532c6a39c01c5c18eb6cc2b7e4c1d787870f9d520d22

Download Submit