Analysis Overview
SHA256
a8d95f35089dd32803a83a7179c3597a38e9e927bea848715412b942a926cec0
Threat Level: Shows suspicious behavior
The file IDMan.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Reads user/profile data of web browsers
Installs/modifies Browser Helper Object
Adds Run key to start application
Checks whether UAC is enabled
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Checks processor information in registry
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 07:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 07:58
Reported
2024-05-01 08:00
Platform
win10v2004-20240419-en
Max time kernel
85s
Max time network
90s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IDMan.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590240139038463" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "121" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDMan.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\IDMan.exe
"C:\Users\Admin\AppData\Local\Temp\IDMan.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b47b50a7-b231-49ab-8ee0-c60b87968a56} 924 "\\.\pipe\gecko-crash-server-pipe.924" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2356 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc5d4a1b-291c-4e14-9b3d-6f3f43c348b1} 924 "\\.\pipe\gecko-crash-server-pipe.924" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1228 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {121ed3df-603e-46d7-a187-76175875207f} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -childID 2 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59c92fc5-7466-4719-a59d-2f80cce5f0d3} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4636 -prefMapHandle 4632 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7b84010-2c96-42ec-9d02-35bd5ea18b89} 924 "\\.\pipe\gecko-crash-server-pipe.924" utility
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5248 -childID 3 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e04b8e-580e-49c5-bc5c-bdb83810adeb} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99017127-a035-46d8-94bc-34d7575d43de} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {863474cb-1145-44be-993c-01b9940fa5aa} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 6 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88371bb7-0a31-4b62-be73-188cfcd20c87} 924 "\\.\pipe\gecko-crash-server-pipe.924" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.internetdownloadmanager.com/welcome.html?v=642b5
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a90a46f8,0x7ff9a90a4708,0x7ff9a90a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4760186313202457600,8264444467701723570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff99a7acc40,0x7ff99a7acc4c,0x7ff99a7acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1984 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4824,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3856,i,6380647898436871656,19941000971356514,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:51425 | tcp | |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| N/A | 127.0.0.1:51432 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | fast.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\b0cd5e36-0e2a-4c59-99ad-e700b848a171
| MD5 | 4c26f5e5d803f444777af6d8784c1ed2 |
| SHA1 | 1ad15fd456bb6558225ab69cfd4e0d950376618e |
| SHA256 | e2e8c39b3f2b896c44c5a612e1195d1ed6ff39c1534e4f4e6d5e6fd3ca688fbe |
| SHA512 | f238f4b07eeb2e059ca05988294b1b5c84ebcc9dcc4d86f4ec159546d8700498abaa2be6c1cfa4780a4d88741f2a9d88dec961f6ca8bc60a2e82183f2ef977f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\f7c3189b-6ec8-43ae-b774-eb0b24b6ca3b
| MD5 | fdb1a3ac0d76d2449f20b5272ed73733 |
| SHA1 | 70bce3a4c19f1abd077741178dbfe948d5224344 |
| SHA256 | 6ec12569404c787423250951faffef227bdb43838d0ba6c651e4c267b85bdaeb |
| SHA512 | 76d243057289d88b7a03f3c1c8f5906f506ff1100803ae220863e45127787047371e62a3722da839c2fe080ff39c56144f77598bd11a8eb4c1da097b9cbacc55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\802c97b3-f2d6-426f-a65f-93f56c01ba78
| MD5 | 13d7ed579efbe45483f323c1c089dd3f |
| SHA1 | e52ad2f0d42bd39eabcce8109e063c50f6c6a223 |
| SHA256 | 7c076b961f9079d58eba996ff435bebcf0c94494c96c6147d25d44acfea4a9c3 |
| SHA512 | 6fc13af24c6983181da717200697a4cf6f3366c7400918a21a538b7d25b4014706587a3021c1ccfb88d59c1e5187b9324ffa6f512fccb99c401456d6c7c2c127 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 587ae6eaffccc28f597f3d99796930e3 |
| SHA1 | 10e870c13338c3e62d97b991ed9dad405d3549be |
| SHA256 | 969a6f1686e95a6a5ec1d09499847222b8879d396fb3b3948031d9825d2fe1cd |
| SHA512 | 06a5e96868b1c08d0d75ba10aeda934350e073b55d747db236433a1a5c42eb4a6231e7246a5751c4ce2baa78e0ea0df279676c541ddbe78dd3fa9aef149d353b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs.js
| MD5 | b78f61428cc76fe18c515ac3d5657615 |
| SHA1 | 579ca79fb2c89d25a937c9d594f281bc4ff7be18 |
| SHA256 | 1ae5b40c80d96d61d42ab39ef96be0adc15b4e32464cfb685f9c1ab752028202 |
| SHA512 | ee10e756e6acd02375d12ab6450607bf6435fffec2f9e142f795dac354c40e086d93d1e4128462c5144534dbd56e489014307de9dcfc90ebcc8405afe5023c19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs.js
| MD5 | 02ee320da95d7f55974d0d7dbd828535 |
| SHA1 | 7b65d3570b08fab95fe811d19b948d662b1e8ba4 |
| SHA256 | d0f7034123937bd022f30d200ce5f9523e6d00750b56faf86f602050949aadef |
| SHA512 | ab303cdce29f14fa4d0c4b1ec763812db9cac85be3cd6b29665169fbc4c622d04c3ac24a1cb0ee2dec3c8f64c887ae663ad8c0c1fd7b8eafaf5df4697e278195 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\a9whdnbl.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | ed842c11adb9c5e1191774311936f926 |
| SHA1 | dc4bbacad89eb388781d3c806c0ecc436dfde602 |
| SHA256 | 656bbf2d1ecede017a2f96e74e9f64009ecb15f396e03415201f4a78dcbec972 |
| SHA512 | a798a8a72ced55c78b92b611515ecb9618b213e315f01d07434dac5fe0d729e5f76e28c1e3431a30983350b8e3b081416e676bb5aadc102355d7f95dc692e6dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a9e55f5864d6e2afd2fd84e25a3bc228 |
| SHA1 | a5efcff9e3df6252c7fe8535d505235f82aab276 |
| SHA256 | 0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452 |
| SHA512 | 12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75 |
\??\pipe\LOCAL\crashpad_5344_IUOWSEVVYQWLFACO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dbac49e66219979194c79f1cf1cb3dd1 |
| SHA1 | 4ef87804a04d51ae1fac358f92382548b27f62f2 |
| SHA256 | f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562 |
| SHA512 | bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93bca354bc715e282b29b840d844d8f8 |
| SHA1 | bd9123faa191b1217e82cefcbf452458ddc1cd41 |
| SHA256 | 4759db2bcc28a5a6a06eec9d5a70048aa2bbbe344b27dd0bb7c7ac09fa902e5c |
| SHA512 | f233caf1ed5b781ce9638425ae9bf4502cb150c2841e5bbbe776cf15f8871d345f4290c7f3f80ceaa480273fe2cd284f77fe4413d4df00b189bcfaccc3b62f80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69ea47f42c028e1f886a6b3170b6d8aa |
| SHA1 | 09dcb29b2ecf5353b50d3ba5719f3f3caf0ddd13 |
| SHA256 | 92cc3a5b60fa909d89cffb445df76ade945cf2d241d9f44fee36d453e92f4c9e |
| SHA512 | 6eb94adc033c7b5051bad4fb6e2e2acea8d6a95e30a2a9007a70d0e494e1b663432536a24b0e2f6ee2f1c1f7ef0faaa8f4c88a170458f2541c3477cf8f662a8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 53afe296daf9d103a4a1d2110d2c2bc7 |
| SHA1 | 2195a1efd27c64e1c6c8cf62e6f4d2142f74b04d |
| SHA256 | 9da4eddfa4a909aa9011c10092e83c3c15a4909f9415508a968b1fa3eae90513 |
| SHA512 | 09476ac98a069189db20b7545cbcb0dfe8c3a8ea51e47135bad47d037555aca4c923f847290c480ad068eedc3a64f94a0d30409d3794561425936b73774c68eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\474d2abd-f2b6-46fc-94c7-a96e5e8d10f6.tmp
| MD5 | ddfbc0b0e14d242f067dcfbfedb07dcd |
| SHA1 | bf53a82b9e6a9e53d60b36263e2c8f99f7067a72 |
| SHA256 | dd1612490fe3ed22042d96c4f3403b76fcf0d0c49605ec9a7ca777dd58367f8e |
| SHA512 | c8e21084982c6640400bd4ad3c131c73e7f4dafdf5e058063dde155224de7a10e85c4007fe209126cc4157eb5c3c4daecb7151fefb4a6e0d1d69a9a45ab5639f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47851ccd74c20b357ae8f4787ad79cb6 |
| SHA1 | 65c8ef532dab918df0fe4dd175e038fd99af53a5 |
| SHA256 | 08406cb0a1f5b06b217c6398442132a320ed0589e5322c0a592e74d28ed789f7 |
| SHA512 | b77db2d7f41b2fbe1a74fc1274f516334714ad888c7802b0689eb8f6bfb0656c94d6c478b1add9d90058c17569b75735f36e7cbfa2b818fd619ed1f6aea9a896 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2a77e333d274cedc3a611a363538db8 |
| SHA1 | e732137da25b5b3f0daed5e1337f2ded78129e38 |
| SHA256 | b36013dd0b4fa5fcb3620f1700056a5089e4953a294b8b37258d756f0441bc40 |
| SHA512 | c6a48e84bbff5f49821fdfecbd2a7d3ed07e1bd37aad75625640d873c73c091a179569410125cd25031c0e30508008f1f5898980721c6b9993af8da34a171e3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9604b2f71643831780992443905ce9ba |
| SHA1 | 8489fdbe2ea404a434cb8f9ccfb0321da7224743 |
| SHA256 | 2a0f98f96c2e858a72e29e4dd851dc5a516cebd3d047b450aca5da46fa08c68d |
| SHA512 | 8e8b4d58fcca7369838cf2e5eb224bd77e0b49244cbf7015ea3b7626401c249d501e46011ef25f35b60ab84bcb1d05b00f729e98b9047c1b0872ca51e63126e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6cde1223b661fbaf46e5d594259ca8a9 |
| SHA1 | f7cef2e760723a9dc013a8170e9498569c37edef |
| SHA256 | d7a924808bc057864dc977a428add97b73010bf4e4cb6156f3f3cd747f6dbd1c |
| SHA512 | 75609fed63be8b4c7d621465956001caeff5bb3284dcd5ae45c51d590e66e86953906d0b859e5acbdb62a5044fddb9f1f78567f08fc7d1bedc1c98eba4c51fb5 |