hxxps://wx[.]mail[.]qq[.]com/ftn/download?func=3&key=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&code=372fe281&k=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&fweb=1&cl=1

Analysis

max time kernel
182s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wx.mail.qq.com/ftn/download?func=3&key=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&code=372fe281&k=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&fweb=1&cl=1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133480280051028864"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
2120	msedge.exe
2120	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
3256	chrome.exe
3256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5388	firefox.exe
Token: SeDebugPrivilege	5388	firefox.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe
2120	msedge.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe

Suspicious use of SendNotifyMessage 55 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe
5388	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5388	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 4188	2120	msedge.exe	54
PID 2120 wrote to memory of 4188	2120	msedge.exe	54
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 844	2120	msedge.exe	88
PID 2120 wrote to memory of 3004	2120	msedge.exe	89
PID 2120 wrote to memory of 3004	2120	msedge.exe	89
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90
PID 2120 wrote to memory of 2104	2120	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wx.mail.qq.com/ftn/download?func=3&key=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&code=372fe281&k=ccc84566f548dce9febb1c6667323831ce0f32666532383116184a125c025c0055511f035202091c0705000748030a09521a07575254080400520a51520a1e31d4ac8a83e081dea7b4d389d08a8eb0d6a782dae2f4d5b1b9dc8bbb4b8289b0d698981c1c0c422caa16fabd62a4a3d34a928b5db50f30b26aa20118&fweb=1&cl=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccf3846f8,0x7ffccf384708,0x7ffccf384718
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,12199196189679831573,3941246843596832884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:5292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3200
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.0.1520185843\819373812" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a64cdf-f433-4eaf-bd5e-a243f5bbb6b5} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 1964 193a8cd9558 gpu
    3⤵
    PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.1.207071114\1419937550" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {241cfebc-b57f-4c7d-9851-5f382b450fe9} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 2364 1939c472e58 socket
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.2.169438079\2109983899" -childID 1 -isForBrowser -prefsHandle 3372 -prefMapHandle 3472 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1788f5c-4ff7-4320-84a1-d3d996c3d14c} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 3380 193acf17958 tab
    3⤵
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.3.977851753\1657243799" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3668 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {552ef685-308b-4150-bcbd-4da0752e8345} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 3684 193ab82b258 tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.4.1191680040\424865661" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a0ea373-7307-4db7-93f3-abd7973e638d} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 4516 193aeb3c958 tab
    3⤵
    PID:5884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.5.1456425219\470040410" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f10a353c-e32b-46ce-afe4-597e817ca68a} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 5236 193ad1aa258 tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.6.215873957\2068820291" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5308 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {019ed220-62cf-4d3d-a399-414b67eb5afa} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 5336 193af32e258 tab
    3⤵
    PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.7.482239752\27174826" -childID 6 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87addab4-a88a-491d-a228-3f6df3cd4389} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 5508 193af75b958 tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.8.1875798099\1976201701" -childID 7 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f57fdb-4cf0-4f93-b0fa-685b6cf1d482} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 5928 193b085d258 tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.9.536914420\1665542218" -childID 8 -isForBrowser -prefsHandle 2736 -prefMapHandle 4944 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd361a2a-23c5-4a9c-aa9b-f6effeff3179} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 3284 193aa399b58 tab
    3⤵
    PID:7108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.10.295939447\485207970" -childID 9 -isForBrowser -prefsHandle 6180 -prefMapHandle 1696 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9ecd10b-7f47-4708-8a46-dd5d9e3ee1bb} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 6176 193b1fcb858 tab
    3⤵
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5388.11.370167178\133756114" -childID 10 -isForBrowser -prefsHandle 1696 -prefMapHandle 2980 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f887c38-2195-498c-b2d9-267f4691cb6d} 5388 "\\.\pipe\gecko-crash-server-pipe.5388" 6420 193b23e2658 tab
    3⤵
    PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffcd6b29758,0x7ffcd6b29768,0x7ffcd6b29778
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:6728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4072 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1856,i,7950262730156825539,8583344441695981988,131072 /prefetch:8
  2⤵
  PID:5220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
25KB

MD5
769be356705bbcc5693379db3f57337c

SHA1
6fdd0209e6f249a484792088e6f3486fc752e5dc

SHA256
9d4231ce08030b558cd403f9fc0f6164b554fcc179e0fd669b5f56d992d4ad06

SHA512
637781fb824a121b3a46d5415c92268c95baf686001fc827225edb47d83b7e43de68bf2d19dbfd13a6b4271f4be6a9adabfb785d647550881b62d58d9d4639b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
184KB

MD5
a659d3fb8895195739e86f8e46cf0cc9

SHA1
4ff99a122dc89fe9714dc596faf9812c5e0bf3ec

SHA256
e073c63c11f849d87ce0c5f4b2715d44394b3f649defb19c33ce207c2f4196ca

SHA512
00687f3c68de990fb427b6fd63e53c82005e2a831714e8cc1fb7da64018fb1341ace2f899d90621925029c225f8e0f5d46df34dc126a70ef065e7d835c84ddd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
874f4c4a1a408940f69d39d1dbbe3006

SHA1
3ad82b90cc8f42563743229e6df6e4418283e61c

SHA256
6d9d9ca2c76b8c00a4a40b827902a3cc35ea8a366acef0bf383b55635504b30a

SHA512
d21fc7ec91a951385bd98cb2a1b933c77b63019a33e677d9e8a18d0ecb42e976b0ad2767bf0816f9306b8093cb3611f9028f9a634c76b15ef816992ace85a9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ef3b02f863b159c44724585c171a3610

SHA1
321ff9ef830e9bf1d05de43f550b263f42937b94

SHA256
125621a4b731d682c3f45a4ead21664875a2ffa75c13202b9764888af2f05f7b

SHA512
a73c3813e2c4a53f7678ab03cf271756a4fe7faf4e484b639f3872aa008a506aaf22173fd7c2e98223b25e2e530d4045df028b70ada10035685ee6c8a096d56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3259b7d920b1c426620485a45413ae59

SHA1
6030d87d7ebc1402784890540f1c242917e396e8

SHA256
a1f6fa205733ff0d5f5126bc44b2e16f8f1e31605b4949cb2c482e52acd66ea8

SHA512
ee8f1d213003058b37d26faf3426f83077d21d17635b99459afac7d922110912f972c17bdbb46cb2c460b1dd196bed02f7b4edf9bff10d4f3416bd249e6af726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07406a99edd1646997d03d6f1718ef7c

SHA1
aaf1efac9b2b6119554a89072bc6a29f85573c95

SHA256
5a1084a8aaef4f0116bd6e2ae1b9ede7e6f222dfcb98c1f4a853d6e48b41bfe0

SHA512
40c4df44c19bb7f91572ec14c03cde6a01396d41201f7a041fb1f2977ba0f94567cd2bf17df89551c7c6cae9d99c9f024093ccdf390d06df4adb8dc99d25c0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9e247d419746f9a1316008026e9f75a0

SHA1
fd68ce953478e9d67973dc4553d4ba42600dd381

SHA256
073fa52267cf10b77750f3cdbd3b3a2272b0667132d4b90769e890bbf221cf15

SHA512
dddeaaa3a45e92fd30948419a4526ab3c5f879db0f50bfcf40b91971ac62114fcaf4c3376806059f97940dfa7c9d853095e05dab15aeacebca14456884af3889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
f897aef1bc41bc0456136eafeed4e6be

SHA1
438cb37688a627f261be5df38ae6f7e22c076056

SHA256
a8627c8899b7b8e2e760b0004801f8b7874bb532e62c6cb4593b45206af20bde

SHA512
26a740eeb7afb9078f8b76a2c0df9045e08eafeed4ea126c1b85ab18f5e9ebe08efd066495fb3fd8d079669da10826e54ec169b8758bce4acefba65bc9fd6178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
226KB

MD5
ed116d4dff6fe9c57897fa5d86efaa54

SHA1
431803c80c58377a991b75b049f8d6bbfa6b4470

SHA256
bd467d29885e6e909c6afd149ac60753eeaa46478dbbeb2a6c6508c5ea6b5bf6

SHA512
4007f9f8b3a2df17396edc31a18956f6fad8d85fdfbd1cd0572945ed5dee60775a61355d1d23003e81d9e156318520e74bfb6edec76611e6a0ca8a71ed18d5f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
440fe129794d7ccb9a9a392187f56eaf

SHA1
c7937ec885193acf8ca02d3b00612b2fd33f5dde

SHA256
03a2aa34550c46e6c7847974daa99225b87b90a60f41e3c0f455b302287642cc

SHA512
e68495d4fedb4dcb8a832d1f202a2ac8aadb04b44899fd70c63dd64d2b5db46c1c34abe656b629aeeef7c57c7a256f7b1b5d13aaf36f6285c78a9d07460a3f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbc69d09d75f34d9478b4e2ccdb17beb

SHA1
22338bc6dd04bdfac8b7a9ba6bce5f6541b17b88

SHA256
a8e0d8bf7c16ab70e29fea4468091192c74f0261eba62c3f5a23b7b464625b3b

SHA512
6c2e4c9e97d3a24b1f7de4236572df33c582fac204e17f68d95b3c3649ae196a0b836dcf71fe548def938c6a8a98c8c22a170d946d47606e0831cda78a3bdf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca450af207125dd0f2cb2ec4b8cb9e79

SHA1
c49d13aa2dc806cd248e8c1f804a4b26dfd0b4b9

SHA256
63297a8737f17f119de10a81feff496f2e43a9dbdfe4bf651286b3aec9b43f66

SHA512
c9a6c5a00aa196b2484891d84b46966ff8e30789b4c7c24b7d9151c449307b3de84d959a55ea4f966ddd1112e87e4a193fdbf1a1a4742742b659be1141666f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcd112952e204f4413b21b2dbd7f408f

SHA1
3af1a5b4b4e1ba5eab2eda85753038059af1a9d4

SHA256
0dac8083126e1474a851621eec5bdd68c8aafc3156de97237fbbece047f50cfc

SHA512
04bda3fd350949d0eb9c7d3d4bb8b5ab41773f44dffcff31fa0355e894b761519aee34c6d43ab5d553fb670f380dd4ade8b0fae34a2dc6381625e05551c514e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69ba5156ffe8c7ab24ee7c0bee5290da

SHA1
1e5665fd2d0dc9176aaf272506a803c9633b1f2b

SHA256
f8c68a9dec11aeb09aa0e42eb2672d44e9795999d4a88c59aa768a768fc33914

SHA512
b42d398cf4150d3d5d7730e321779377d7b84a62f4d200b9fc1ca6efda86c3007848da1fe7714de839e9b1f3c106b2ba73e58dd64d2686bcf2edb9e257cf6133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e712e942efa0473344d72901dfcf118

SHA1
5d57ea7867a282ad729caab50626b467be6619c4

SHA256
a85b744923c115b18d84a0addc423264a99297c117d63806dc5b0605a1aadfef

SHA512
97de018d17727b70e1b1f718966db7ed5982210f70e810f39f594b5c9e8a2280e2d9456a4d3ab55ffbce322a042551b137c2573fe4bf502d282ad036e42cc19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
80b15c79d5316d79e638ebd711f5de60

SHA1
cfa46e7afd73c5c136c2c5b17de6a245c88dd6ed

SHA256
4b2c876bbf61a8f92f56e0175d91fbbec7b8fc56b2b1a9d075c3edf83f1af3fe

SHA512
51bd97972fbab2d88de783a8b291d537569801f6ff947dc67ac39ffd4aa1c155a4d1f968684705b5955d5e59498474eb5e62616b5530298d913d4d18b794f472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94adeec1f554385df17635bfadaebeaa

SHA1
83c4dea75ef686ee7c85ff0e6b8ea551c32d71dc

SHA256
d44eb105757c9954e3702ad27841ee094b9cd4de18db87c1a8aaffc9e2949112

SHA512
313c5e73af66152e3a1edac45057ee850397b91119dddba6e9de9d66d291b900b1e4d5928e34dada654a1dc2653a90f1c9a643914c15e6966c359391e506bd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f5677edc1fbb06b806570df6bc166a8

SHA1
f590afd9e81e1e326a44717b6721406b6c4b19cf

SHA256
733b0d6508f0deb905fc7344f63e4fe5e96793af46b6ffc687e480953ffb7ba5

SHA512
7e8a4c860801a65189cde172da9871d106fb8b819f1c75b935e4563de15e36e9f90c155dbb30ed862c82f9b4b9f5bbdfc20b252fb40d053a84e684b03c61c015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
71c310e299fa5a6f58d80755700d2955

SHA1
11f3638d9046d436155c300825502d14ade47e3d

SHA256
536de155de03992c75ae75b48eedf860de8dfb048a23605521c231629d21e1ca

SHA512
b50085d6cdea210f3edaf0c887871db287bfd4b2c0739110ca20a38a0c9534e652bd845294414c93971f70ffa6f5e82ac098048d5273b4108eec7c5968861979

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
0341a405375a0793854c7a430738ab38

SHA1
fd24107c521b78b6dea469606e5d59a5d8d82840

SHA256
4f9ee82938a8755d387d9b3f3fb3383236d05bcf0521dc2686c152e2c4fcd906

SHA512
2e7d367f7b06a3278de281726d3cad2966a4f6bb8970c90f12572a3b3dcca515abf24b7d8c0ee51c880a1086293257787cd9223705a1666987a46632b911275f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\68869f6a-0a3f-471f-815e-d18fbb1eb1e8

Filesize
734B

MD5
541bdbd86140c0f5db8d714aeee843ca

SHA1
60c52e5c1243824c58417b05f7681f6f8deb2bbe

SHA256
8375dc54d6bdcc9976598f00cdd350c8e0fce4fb8ab4b8c5f5df433dca91ea57

SHA512
911f254e4b3548f964d18c60d4a021eaa70090e6935604206260cadfa75bab402ca8f1c838b94f8b58167efc99a35bf686a0577eb752dc30d55991ed92a8b086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
399626ba97f3204c00b8f4d6679b6af1

SHA1
3dda4efcdb045a4b6174b944e22adf9f7dd24ba4

SHA256
d884b4ae323d6551f48dc45cb88dc3ed45d4bde248e3a68a02a632bde797df6b

SHA512
9e8f4ad2997f859968ca4d1a2739c105381b880d1206b2a2f71e3b5d7f2c900be4e413ab0cd8ba43b2631d4d1dd057e12b60e3b79ff65efbc36d43444f8ea700

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
e1b4ee0c4837fb29f565b413d32af641

SHA1
c999e29c5d9cff5019f900df03ca6f9632c633f3

SHA256
11c0f1df080d33090cd56c26a6c7edb4ca4aa381b637bb7e5584c30232d8bd1b

SHA512
57c2f4ed481dcadde91698d269fe67be525d8510179f3e88bb0788ff9eb073107557a864e43b96975f58dca0dd93fc00fd817ca5a875ac993e389593e6156301

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c50e0fb31db7fd0a45377c2590bd6139

SHA1
2b57100be0b67922feafe24c98e6829fc54f46d9

SHA256
e2fc655f6636e155f2518b17f6bffbb701daa7ef715c668c41f46630d385843b

SHA512
05450318356f9cccf2a990c1693a40a4ef5d8a35944da436c78a44be9d38291d5dd6393b6ad4c5f77d68e080c6b14e9955a9fa7d6381d766a1abaf24f912eb48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
239ab3c6410671984c007ac19514080c

SHA1
d9e2ab239c02e497a417ed9fa9f11b5b2cdec885

SHA256
e0022dbbda8dfbf55fb262ed2351ad3d2a349e59bcc82e9e167e888eeea0f11d

SHA512
b682413aa3c00e447b4518c072235481006d1aa725bd0e32dcb7222f4cbbdb9b0acf56748a5198b0c333f3c91bcba2543cd8a9d062ce007ee5dea7fff6dbc2ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9a9d960c5a8aba0d39d73612c5f9ee7c

SHA1
d4f8c2d7b4f4f37f9ae31808b04ae7900f761099

SHA256
a8b32c6adec7068f15dbc3d730ee0da349cbb20919825dd49042944fb0beca66

SHA512
42803f2fbd3ab2d5dda427c68bc704beea072e7b69856452976259da2faac83f3dffe67c76c1b5e22b68a0895b9637ec6432b27a2abcc982be40558eb1843b3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
e3eaa5b9bff532715b19f5fd7527ead3

SHA1
6f5c4789bc517f0310a04b892127f61e14fea17a

SHA256
e4f178eb578e1446d6b5f3fcb860c410c07d9f0e2b3352f984dff7f69ba55290

SHA512
6cb668ff6b773ff40a25b73a38949cecc4f81a34f935cd422b4f4aecb0ce6ec46fec75c4da2ed8315aeb8a7c5a9cee134a6120af6c2ac68fe45e0b86805244c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\default\https+++www.virustotal.com\cache\morgue\198\{d92e53a8-646c-4d71-a44a-59de0a95b9c6}.final

Filesize
45KB

MD5
339f17273a43b48a49001ba9487da1eb

SHA1
520732347ddb6540647a379a342f888095f27fa2

SHA256
f6fe9e3ee84e05963466fca43f5272397cf46a64a830724e56343c40e45f9765

SHA512
08c6a8d9fccfc6cfbef06f5a687c4ddff271b0d20fcb326bef64f8c25edbf46bf372bb6296e2f086809dc3bbde1f1752282a794dde9e82bb62581606c147596e

Download Submit