Analysis Overview
SHA256
b4260a647d6db5b7c26bccbaba6455bcff3d7abc6d5740f1b35bc9cc6fd70bc7
Threat Level: Known bad
The file . was found to be: Known bad.
Malicious Activity Summary
Phemedrone
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Checks processor information in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 00:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 00:54
Reported
2024-06-17 00:58
Platform
win7-20240221-en
Max time kernel
100s
Max time network
191s
Command Line
Signatures
Phemedrone
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34A29821-2C44-11EF-A38F-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd5edc43e3d02f4cb954c672d0fa776f00000000020000000000106600000001000020000000b5dfa436aababffc004efd7229375eb345a8bf2ca5d77838cce9cec78635f4d8000000000e800000000200002000000074b4ac81439f0ddadd710a51080b74b0bf37a4f40f10470cc67af425af9dda7a20000000ef8c7bd8b354f397845bcd5ab11c30c221b6ad7a68d77837425db0d83479cc8d400000008004235fa0e5448dae33def8c6d3583baf5b7302ecb2ba8d82546da3ec9db559bf12ea22e6f984ef050e26cb76b436094075e9547b09d24856746a890ce2c057 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd5edc43e3d02f4cb954c672d0fa776f0000000002000000000010660000000100002000000002b867a3eba5c4473d7b3060f3a529a320289ade658687d93f9439083b63dbdb000000000e800000000200002000000065f9eaf74d0e03f4a9d41375163ccf68f133921058fc8d2bc4bb3405a3c2504e90000000d05bbbaa8d91b59e35afb3ac0043e3286e01297bf93041cc08658248d7016e9cda2fc5e6d99290d27e969e6ab2b633286d26b7721ea06693200c3beb95101835021ff503023692d07fa022abeacf674fd55f4980e8ba82554c4e58e0ac28f54de301d39242f7fd9799ccff5004daec5d61de9400b2a72f0d676078c150e7dfd06845523a51ca0858c2d36cfc410d3c5a400000000e74bc963dc09db29e549ebfbd48d3119c61ff28be3576b9a96dbf11b31f67ba5bdddf79b3f3724705d8fe7ec363a05fd66fe07334e8014fd843b612f53940ca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d070310951c0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6669758,0x7fef6669768,0x7fef6669778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2124 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1120 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f467688,0x13f467698,0x13f4676a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3728 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3444 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3276 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2636 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2820 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2156 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3892 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4068 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4160 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4396 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4372 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4608 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4536 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1396,i,12125340767253770328,11583443198838689623,131072 /prefetch:8
C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.184.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 142.250.185.174:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 142.250.184.228:443 | www.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| DE | 142.250.185.142:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 142.250.186.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| DE | 142.250.186.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.206.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.16.194:443 | googleads.g.doubleclick.net | tcp |
| DE | 142.250.186.74:443 | content-autofill.googleapis.com | udp |
| DE | 172.217.16.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 142.250.186.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| DE | 216.58.206.46:443 | suggestqueries-clients6.youtube.com | tcp |
| DE | 216.58.206.46:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| DE | 142.250.184.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 216.58.206.70:443 | static.doubleclick.net | tcp |
| DE | 216.58.206.46:443 | suggestqueries-clients6.youtube.com | udp |
| DE | 142.250.184.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| DE | 142.250.186.142:443 | youtube.com | tcp |
| NL | 216.58.206.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| DE | 142.250.186.161:443 | yt3.ggpht.com | tcp |
| DE | 142.250.186.161:443 | yt3.ggpht.com | tcp |
| DE | 142.250.186.161:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| DE | 142.250.185.97:443 | lh5.googleusercontent.com | tcp |
| DE | 142.250.186.161:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nsk.googlevideo.com | udp |
| GB | 74.125.105.103:443 | rr2---sn-aigl6nsk.googlevideo.com | udp |
| DE | 142.250.184.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| DE | 142.250.186.74:443 | content-autofill.googleapis.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs204n071.userstorage.mega.co.nz | udp |
| NL | 185.206.24.31:443 | gfs204n071.userstorage.mega.co.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.8:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| DE | 142.250.181.238:443 | www.youtube.com | udp |
| DE | 142.250.181.238:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| DE | 172.217.16.194:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3843.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3934.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a79b80bda3727bc72060233416b8ca |
| SHA1 | 466b206a38fb6b6227803cc5b8bb2d0c988889f9 |
| SHA256 | ff43526633df59089c110b286fb9e22977b41660eeb75f09019c343125450442 |
| SHA512 | 9c838a6a028e58346212c430386e3b0d796301ea2129356a527ed046bb75cec5bd5f185c05ae72f1c7726e6edad153e6fb6a55a185466a9158fa4e71daff25af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 302f024fd592bfb3b73e593eeaa264b6 |
| SHA1 | 1aeee444faf42613e85529b3e3eb5573bb0986f3 |
| SHA256 | 83aaaea0e3a9c0fdcb0a640e0518531620ed34db404abcf27660e6e6e71756d6 |
| SHA512 | bdfd94f714585fe815f49fa70cfb2cad2378863006c5dcebdfc03aa46313719ea50cddf026782711c83361e35c9329cdcb7ffc385ca7550f96a835b7ea07924d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 378be3ed332fe5cacf8346695c0a4ed4 |
| SHA1 | 6d54f177fb6a768def8e263db06022e1e8df2301 |
| SHA256 | 40206628b707e5c21759aab310a0da30d19fb4d214a9176dd606d05791032753 |
| SHA512 | ed55c14db6a5a769bff0a498e55839dd75b8a4648648bfb6f27b3ab26506960bd4e83610c0b834788e28cbd4bd74f4918e0d792974b1db368877752244e64787 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5de9ab971ca4ceebc1ffb6a15405ae8b |
| SHA1 | 87216250f1ff432c394cb30f20109988458859d2 |
| SHA256 | 1242a8715555b362bf089e9dec8f8567fe4ad40bbbf9d3abdcb5f3893c6ada6a |
| SHA512 | 974f59a8269db279d49bad87b40cdb88c4713756e86de514a9ed5ce08e1324fa7139c4650193af79054a03a2bc8a1005a68febaa82b1d329c6ca0cc4d46e930e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24c9d27565d9cba2c25581050c99bbb |
| SHA1 | a1c2db1b1f19d70cc72320147987bc5494a0e631 |
| SHA256 | a4f0445670a9500b026f40242ad2990cd221d440607661f9d8c4b49a8bf7566c |
| SHA512 | 8a3f310716b82ba483f7fce44fc83e499d65b0e28cf49006a946cfc33432941affa625638ed80e0e02f7256640b6d1d68c3ec0413ddc063da54a15441caf8e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1283acb91ddd21d4427c21b4088bf6a |
| SHA1 | 2ed8b3d700b846c291d39afd343f72c418430386 |
| SHA256 | 0895787f6ef8f3a83911fc58ba47c6e54921406863f619d9098a4a39c35f778d |
| SHA512 | 29adb05bcc54f712a7296868a68e5b5260c62706494e5c7b392e88f773491a0d45fded59ea5512d2b611fe8874bc617ee8a7af4732fef188dc5067731530f821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b5f7ca09b5dbe5050578e033d7d1db5 |
| SHA1 | 307a64d10991f4704681d8682f912d7d4866e3c6 |
| SHA256 | 888d35d5d876241f0f889da900374131b5d2f21f3bbd26190047b7f11291d68a |
| SHA512 | bf34a1d2471eaa9ac9761a55faf4be6496c81cd47ba1c310c86c996d586cf079830c62467efd0516f25bd68ab73a17b99965d80d7fcf811eccceec9df571248f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6f1e68510591c74ea60586994f059e9 |
| SHA1 | 26853284c2a28648e728c5a53709fa75c431dd08 |
| SHA256 | d7428d4100c430178bde4f31298d7ff94714e7614163ade6db045cc4163d5ab0 |
| SHA512 | 75ee272fa001f5451d3ca941354f988c93747b72400af0729caa480af49cae56f1b86f3da22680ad99c97aaf6e8fc0ba5e59652e092d9c9c1036c9cf2f520521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b27c34d763901a0772cbc4e6e88a3b9 |
| SHA1 | 3b30467be9dc3bcc836948b22d0ff911a53a3f06 |
| SHA256 | 0c29830d658202d4d758cb65f50a24218a91fa0beec9824097fcaedb0ac398a1 |
| SHA512 | 88dc259cd9a73d41a2c867814b6ead2d656555ec4420dcc82d685829f7de919ac71a3dd62c44d4f1c4f99e1671139c76f44cf6654341d1447bc160c04592354b |
C:\Users\Admin\AppData\Local\Temp\~DF7541908FFC6DEE8B.TMP
| MD5 | 0a148a37ef89631b679eb37727dba98b |
| SHA1 | d880922f11b5b020e72617b576ac16958e298b4b |
| SHA256 | d4c5cdc8f7195850e936875e76c5597aea895a34c45746d509b48128cd1df01f |
| SHA512 | b69c17759d50342db6ee1e34ebb5022ffec9c721172a9fcb288d5523dfd7db8b677be8a32e4ac869bed7ae057b99dada04074ec84755ff90c1168d73620afbe2 |
\??\pipe\crashpad_1292_ZAGVYQJPGFGUOKVZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7729af.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b37dc3e60cbe8dd8e731893cb982fa85 |
| SHA1 | be2681374a9aed79e021618c44e65217b71ced59 |
| SHA256 | c753d9322ad47296ecb1eae7d3832739709edb42b85cb10f86ce2d5674571c18 |
| SHA512 | 4e6031e4b284d41109a126a0fc3e6a37e9c8af284249ef0def63a0450538538700624e27b512f270ccb4abcfa2549b7df80b1701b88c3bb5093945e56b4b6831 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 657d6a0f898555a53251bf3badab0f34 |
| SHA1 | 5a3b7e18909b3a2a62e433441817768c448a9389 |
| SHA256 | 8132a7cc3d22b6fe92d3355d61dbf75fcf337eb8fe2418be618a66587f54563a |
| SHA512 | bafc88c2f4d75bdd846d670e94f65cf6650a5108b7bd9dcc964af45b2fb68180b2ec0c4e8cb5618da6adecf4e35e56464f2d5894056c30567b882864543944d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f3f064c58f27f5caf8530f936c7ea1c |
| SHA1 | 6042d6eb40be023316bb422f7c5bba5974b4511b |
| SHA256 | 6edbb83ba8c2df50f4e0d9b741dc152cd087fd1513938491c183066af9f14dfe |
| SHA512 | f456d9b58924afdc41d1da9615951bd190baa339b7a617148962199d436e4b71cb69e30805224cb53f848cfec52a4bec29281bf17845c735f65a4b34ceaa2ba1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8edc780a1571860bcd4ff30e6955e76e |
| SHA1 | 6680c8fd7b2a91c6962e22f5543b8be265902b7d |
| SHA256 | 44c19c55aedff05d74c5e03cd078107075f4e7fffb28ce0bed1d5aced6c2b818 |
| SHA512 | afd986b0dea839b4f8b7e0610f3103d3326c8c7dcc8dadede7067564980714aec56827bb3aa6529762de01fe52013f17ec7f35d2d1226e114625bf0e55991d18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 006b4e70f0021312dffe4ec2a0908829 |
| SHA1 | b1ba916b89973fea7dc27f455bfb19ca4dc65aa3 |
| SHA256 | e55b1e756edffc20b8c593a9e8449b8c782c19d3b329220798b2f70019c3eb6d |
| SHA512 | ef39019d7e6b0a1a74ad575e8ba59b5f45e34c89f444983d3c76e61bcf38434918a7d0edbca001c2c06c19ac97cc4b1d43a2bf46957a3d9fa5a83289113a9a07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2805c148d02fb9466d232fd9cd1eece1 |
| SHA1 | 7193eadac5cc0bb037a48267568c5d42103065ea |
| SHA256 | 735db0f218276e3d68d958460b409f272e278c90ff594a36f61a9cda0b48868d |
| SHA512 | 79bf15de1d858bfdd1583027ac00bd5319ad413fe8e40c7f9a85e55dbc0258857278f156ca7acb794d497ffab0898b68a49e757aaa43daa3e8b89d9018dd3ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 492cddedbf408baccbd8da623896fe0d |
| SHA1 | f20b64340ac0f602ef6126cded10153aa7ca6684 |
| SHA256 | 955b186c22f8c4b38cc8489f16fd510f707cf8058e24a5902147121c557f9ac1 |
| SHA512 | 89bc26e95bfff1df72269c0bea044c3e5a34a3d7e718a8aa80826df00b28f48205665a78542249c5b5e32e6e97f9444100e985a51eef2c35bc9877d3438c59e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da44141016332d3c65028578605ffc7f |
| SHA1 | f91584c65d79a28a1409fdc92d2a699d96d2b915 |
| SHA256 | 415ba2f797289c32da233f280e725622a25181c3517fd6495a00f2a4f042c305 |
| SHA512 | 865dea12b2160f21d565f72b74ebc2fa50591dfe0139e97837245b10e55ff1fe4218975f5e424b1c4a8f551b9418994abcab2697fc470353455590518dd90963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 26eaff7a8efc5678b588a366a470fa5c |
| SHA1 | ecac47649a0cbc5332333751ef378b1a28b84d35 |
| SHA256 | 225a41bd1f87247a3f2bcd32357879be83239859a2b744f6b665eee67392b600 |
| SHA512 | 84a70e1b132a4e4f6aa4dfbd00468623a71e5980ec3791b07a3dbbb49e32ff3aebeb7dfa02035ace2b0455fdec580cb8cba407a608d20651d9b6c0f94a862aa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea8a21ba51600083b734c30550fc2825 |
| SHA1 | 905e632b65f7eb206c98a9e3d292eae0b330f9e3 |
| SHA256 | d6c476acbe52518047e05d4b6237f59215fef20f564b55c57907e55887450bdf |
| SHA512 | ab9714c5abd00e3d056b255ce32f9b35dc9418b9ad82e49563fc7cc69e06e19596bd0bbd4265fc6f0deb575eaf884cf89dbf3fb7a098add68f4843a6c7f2d68a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c7e509f9ab6c97c264eda2cfec77f958 |
| SHA1 | 63452d8d83ee1ac1dca6bf99a91edbdd13fbae58 |
| SHA256 | f08162dc27356c58e71f4e1bd80d9be7fe6f70bf6f2ba85dfe1e77566233529c |
| SHA512 | b27c94da32086e8064b2ab01643666432e0bc09ffe97c9a076564f9a3c97430b72285fdf65bc4c34082964cda5b9a295b6aeda3f4bccc4d988439eabcc69b0a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 82e30acd9b53d8f7cd8145aa069c48d7 |
| SHA1 | 2e139a9bed5719ae0f2149ee3a6ae6b653fb2dbb |
| SHA256 | 62f38ef790978871fefef4793ca9582fddb14a803e8f394721d5676f7a360d8f |
| SHA512 | 6534c84807d82849435e79582809186fde1379b5664c74956c9c632352a3ff84ff4ce03d459dfcfc479b6f86954b2db76aa7f57f6239013ad02c3c59b267c7b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\807b3314-55d3-472f-b6bf-0e48f23dede2.tmp
| MD5 | 626e6f525f231fd5dc2f8a48cf48fbc1 |
| SHA1 | c39f5ba89469f7a3965830bb2b4ad8fe2a538aff |
| SHA256 | 566cdeffc98b2702c46d9e188ebf22b5bcba9bafbfe861ca623dcbbb6813daad |
| SHA512 | 1fa2c10f109757cfe68789b7f20fb452fc75731cefe839efbd0f9d7e5489cdc14734daa2749fe477aa3a1285dcfd6a269bc2b85c3c2a561ae9fc950bc932e1dc |
C:\Users\Admin\Downloads\Loader.exe
| MD5 | 9957ff72b98d2fd3819a1c3a5bb7c266 |
| SHA1 | 27ee49406e1eaaf4ca84e9119baf83d79e199df3 |
| SHA256 | 103b15ed69b33225af3886c39dca69d542aba6907567bea4f4854a80fe9ca34e |
| SHA512 | 52e8cb098534a39b7ad5c251db05fed8b414012f824ced61ba6dd53e29cb8f08e870c19a74906112f2fa3ba60abfcd1d7f3170ac27481a918b1b818bebcb251c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f03c22296d017da5c920ab50ba5e0936 |
| SHA1 | 3c682b0956acabbc3aae68cb071b447fe3bbb09d |
| SHA256 | dffa18f2d41572587618ad6ea8c6c17843c735905490335c36c50d9cc82f05e4 |
| SHA512 | eb7fac28da201c0783af8bb4432b53805bc7fb9023c122bb1cf6b331e9a93744e9d94bb3da86f593e8e6e514a7917f51d27a4c414395ae3e22eb01ee7156731f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41231846-66c4-4a50-b896-b789e8a25a37\index-dir\the-real-index
| MD5 | e991440aa8bfa70cd498890029cddb19 |
| SHA1 | 57e15cd09f7a7f4bfcb050876f39b409c95d1022 |
| SHA256 | 3a6c830edb8f708708763d09ba66de6942a524be77038f0f58a7bba9092161c7 |
| SHA512 | 4a41cd3c76efff6c0abcc822d02a61a456aae4eddca92d3a6952ef8c0b641fdc92ebc61db66c9215c0f637db389a86c6045f45ce94bf7bee074b2241ff4c82b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 520fb43b4f3b4c3836cb032cf0dea14f |
| SHA1 | aeb12f0f4c9231ef0c4c2b9aee9017d6606029f4 |
| SHA256 | 03482aa14ed15bd355b378ffb63f637bfeae92b262d91c1d0624612651f9624a |
| SHA512 | 395acce7e003485379e33166f87a81654516e804420163b844a6c7538f5d9bddb15375961d25d9bf47364d45513fe304c129132b3ffd54973ecbbacec9c3be26 |
memory/2540-1340-0x00000000012F0000-0x0000000001314000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 238beffbf913641ce440edf173546017 |
| SHA1 | b9b64e82c84ebe73a6bdbcbfb0ac8c8ec587ab02 |
| SHA256 | 47e9dc10c056b4a732e35bda445f49d6c0f7a98af6f2d577a69c25f7721dc167 |
| SHA512 | 32d2444a24a5655c9f2868f1133f7eaa6592b7f48401912899b0d1a605b80855cac40ef402761e552ae45d30be40eca28502ee4fd87d606646bdef33c3731d55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 19932efc9df836c3fc88ab3aea7a51d5 |
| SHA1 | ee5989e86d8811fd5a046e9e04d0dd52580947d1 |
| SHA256 | a8e00eb17acb576aca3547e88d68fe51a0f948dcdb4eca46e17b0abb5ed8e220 |
| SHA512 | 47fe431198d94a2351673c8a387b4a407a72fd0e4f6f4a040c977d1671933f10100f8caf597ea95ed6c4456e180188d31337dc7d022b074ae29b6b7c173e95d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | ef750794a66912f324748aada72b873f |
| SHA1 | b040c1818861d4fdb222a10ae60a1fd976170ce7 |
| SHA256 | 03ee39f7c4cd618eafebdb58df999cae83bf0235e8f581c676ead38de2e129ef |
| SHA512 | 74db249e839033c38ed09ea03b81beb47af60141452b3863929a71ce3e5b9f0b936a319b047d256df531b36ac41b064c01685988154a890b2618099782fb7ca1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000009.ldb
| MD5 | 9ff84e53382d9ea588bec716df1adccf |
| SHA1 | eb869bf546dc48edf95a5bcf05bbfa5bba0605c9 |
| SHA256 | 03e049519053676076d3ba3b37660b0cab1a64873f13e3a7b5f879fe22a1e022 |
| SHA512 | abfc93c575ab4355bb3381fba55d27f33e5c3b7339ae03e6a656d5dbc1613e1bbc5430546f8d57cd6da637d7a396315ba217a496b0cc5d83529c54565fe932e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000002
| MD5 | 56ba1e42dd809a8930f99d6518616d0c |
| SHA1 | 78436e23f803d5d58034659293cc483091db6af8 |
| SHA256 | 67df20d82ca552a62141caded4f2a14d392789fd8b2b414248bd71f483001ac0 |
| SHA512 | c659bc495ab004a1058856fb1ca3e09820b81d161431d79607c97aab33a64bb973605262885cd44e84890ab33c4819d823c9a91cdcaddf71080345cddf998b62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | c0d0a6070c92cf8f57e5a47c489308ef |
| SHA1 | 0abbb270df485e16cd6e3f805127683287ce2ec9 |
| SHA256 | 629ddf0eadbb442bba48f0cd37d7cbac5d2020df47803c007eaba30ecdbe51cb |
| SHA512 | 06d9b1cc8ec50405dad53de3d113cf5e8ebaa144bd68aa1d6afd1b44493c0795b6d3f1c7d2f71761cc0e70d527d2a3de32cc0f182149403b600bd620872de660 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | 485f751b5065d7913ac84dcdccf83a44 |
| SHA1 | 7756a593f30d46e86f34b5c165369ad3a46bc738 |
| SHA256 | 6b65ff03daa99cb4c503b4dcbbb00fab3637fcee803626793cade89dc7f1f121 |
| SHA512 | 260e772e52db9dfc2e55c9f07f5bb33345140079f1d8369d724318c2039422e788dcce22a40253b965dc507d05c15a417fb7155185c0345040a5722f7eb54069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | fe7ac6296a783949264d5abc8d69b443 |
| SHA1 | 32bca04fb95f953deb38e3bc05c0314362420b76 |
| SHA256 | ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2 |
| SHA512 | e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000003.log
| MD5 | cdd424e9c750a0c8181f26f70544b08f |
| SHA1 | cb3e9a09a694eabc565a6217924aa5abb00e5398 |
| SHA256 | 996c47519b29977f1de0a95088cdb82bbac901b3c21d35e8ca7788ab25973a53 |
| SHA512 | 2538e4556b8df34ea0ece40885e700f0131c844cb1b8da3042de3e2c8c6cd3fa25c46f3b779c9eba815f29883d2c22ffddf401ac9ce1ec4fcd88c7e8242670a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f5d9249a9810d71211069b9ed5c7b29 |
| SHA1 | cecb09dbaf7992b28d533f8cfddf7431f7b2ee05 |
| SHA256 | 677fc5e66a4cea6d47d26a0137c06c35c2e9eb09e09bbdbe5cd0f910526b5646 |
| SHA512 | 9b9c632aa0a78879d905f48e0323215cecf303cf4b612bc66b8c9e57e98e9cee2723bd169f6a2bb7adc56db4510a94f036b034ae38f6d4be355907196329e1ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33efc9edf964b9d2ae9bc1525169090a |
| SHA1 | be89c95c05e03c7211712fe8551437b270ca198c |
| SHA256 | d0939693cac36205ee16d654d9aae3c079cde8e0269237bc25da1816da5daf1d |
| SHA512 | 31d7df31430641c7efb8650676a419ceadbd34aae3edb278ce088e1f97133ecdc8caffe46fca6d7ebcca6b9f19f6bdf90320139e207673eba825c3cd9bbb2eda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e31bc1d4a6a3e460c903cf4707b3b16a |
| SHA1 | 787a8a18be1ece7dea025b79c683795e9afdf6f5 |
| SHA256 | f21b97efe76a1d074258bcdbfa3c25fe0e8c62626e586d3287183143866ff557 |
| SHA512 | 1e036fdb9efc9c2a9f7091fea2e65c07bf7722735ea5ceaadd32c631583f92325352cf55d83a80af51aa6f8ad0879ffa98736a70227184161eff54ab1d41d06a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log
| MD5 | 7967dc4224c4fde89093b2f09fd68005 |
| SHA1 | ab860a4f12e85cfc4f91ff293a935454972bf076 |
| SHA256 | a1b3a75262e8436e8a0c90a4b3d5379ea0d8e8a42d447970be029b07c8633cd7 |
| SHA512 | ab19ef44579b38c64ee2cfe4df8dd68f2664555b0bbc49eef227dcde444eca4b0f6a366db91fba30b760cb621ab6ce1e70410dbd7869377046532180104580ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
| MD5 | 39eae0ba8e02209d3902d1c056072b33 |
| SHA1 | 1db76544378d5b9eeeb3ffdbc3e7d1b384674ce5 |
| SHA256 | 101b7b15c27ddca1be62d603a99608cd515e3b40632bf9d77fff15b55e8614f3 |
| SHA512 | 1895ff6f0120e2c3e42721fcfe5cd9b16127ff716343a704953d1a0f7aa665e3108f580ca92ba22e729abfa6f25d3eebcc1f24dcfe1552342a477c9a4ec25421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 4da6abf521e6c8b946547d98d611efca |
| SHA1 | 8fe0b1073e58eab675cdb981319ac58cb6dcdc72 |
| SHA256 | 750e9a99e53661bc245b7223069333dc8142f5fc6e7e377467a3c55d9a68f632 |
| SHA512 | 7e156cb7e6a599b448eac3045e3a7cf396788dc2a64276093076adc52a825e4dab7b385d1c9a6ad0ed056dd63bc7fc55d7684f960568f4c25b55fa1f94d196b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 6b1e5fc88f941b6658433f7fc7cb5d6e |
| SHA1 | 6674287260627604692b0b0aabfaa3e4dc6b5bc3 |
| SHA256 | 6f1ff07d109c20386cb8cf8b858131ac32360b1ffda7988954053a0e961ab0e2 |
| SHA512 | 0f4bf5a6aefc89450268da5565338ea363563077abc4c2ddcf76bb59f6e97fc21f020ebb91a95aba746975c11f4c75d086a48662d42306edb9cd2f3d2ec5af8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
| MD5 | 6c0711a1f3e316f4b724f4cef64ef458 |
| SHA1 | 87bb9d6989091ef737dba0aa11c3d09eae84817e |
| SHA256 | f9add18e673b02ac0384978d9e140187eaf4b2e3317246d2ba89340e7446157d |
| SHA512 | 51d24cef3c54b3e3b01d614530f7459cb629ad5330ea32b747cca0196d7f6760a7c593ec2fb59d8e8fb05ac094ecf5667575b70c8d8c90e00e937833f6449230 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | 4d8bd0e295b9fa2482ce50e72d9dc827 |
| SHA1 | af54906101cbe1c7c2b116b7f1e1c383fdf9c77b |
| SHA256 | ded2599daea7f4136b6b9fd627d2bba773c32fc16b58100c3975c4b5ccda7d2c |
| SHA512 | 5db72675cc407e5cebcda776b124c34b65e5d7af17af0993681ce7266d40fffca96267bc094ca8b4e0b555b7494d7c23d688b0fa79e4d723f50b335666bd2bd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | 00e41b1ce5567f92cab0d603293b1daf |
| SHA1 | 4007797f9bd4826a21b9e968b845af85e700168c |
| SHA256 | 18fd044a93a2036910d474e08619c6a79c2e94d81cb549563351afa2500dbffc |
| SHA512 | 1ae5d3bb0b19bfbfc51e4d98025e4d617fecda7132522aee1be676de0f7b3bb272bb0b3f5718c2d48525a0df0596e695db9b35221fc2c4f4c9bf1f9f377c433b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4c055802d933e1af02cadb24bb25e429 |
| SHA1 | 8520f56890149615b3143ea1cfd7226848497693 |
| SHA256 | ff1f854e30885d7b8755b0cf26e97dca2412409328bbe5b2876a3f6b320ffb84 |
| SHA512 | 07f4768f582d3298101a0d49818915ed31733da4810d868ebfffb271b8907d645e6c3dc71bc2ae821d580c2c2133c9fd9a02158bc5405cccd8303b5bed05e735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | ea098b38bc330427223a9cd13986cb36 |
| SHA1 | 2f63fc9aaebbcfe182b1a967612213e2dd88936c |
| SHA256 | a82a63796dd1f02c6decb19fd04ed480541b549b8ad83e43e11dace61e81c72a |
| SHA512 | c2a7b108996a219ef2ba8aad7c76e4e994b83831faa96b78410c2127b6317e6c13ccf08590697269c230542ff423a29b85ef378e6d62118ed0465bc8f6312084 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 4a614266b380b55ad2a7a1c2d1e24fd2 |
| SHA1 | 8862e05783953910fac16e7201df0ef32d1a06ec |
| SHA256 | 8033d7d216d2f7e9c6510cba7a41bbc8cd96978336c4965f568c901047974408 |
| SHA512 | 2f1d865f8241d1f1c89df904354a016a24312d8bf01f7bdaf7ad7520af616ed4120452a66414bd4b1dc95d2c589917f4b9a260559a063588ed50563e9e88bd3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | 1c0c23649f958fa25b0407c289db12da |
| SHA1 | 5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574 |
| SHA256 | d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf |
| SHA512 | b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log
| MD5 | 95ab7c38c6c7a5f6907c35e662f807d9 |
| SHA1 | 4c86f2eb9723b18f37147678fb0598cc18957ea1 |
| SHA256 | 75e7c1120908706e8c2cc114e1a7d4619e79509ee326b01af81825b7cd142d53 |
| SHA512 | 60b3112d4123370cd7c3fadc22ed26bc6d4b622856d6206174881048d99c03613a6ded3b32422d357fb9d65e927d2eeb379b230799a2bf8c33e646bb5979184d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 16d2efd307d1d0b3f1cfda8427baae64 |
| SHA1 | 7cf6808e78c0bb20d11e88cf83b8660c12f12c64 |
| SHA256 | 95c7ac60af447b18a13fd95557abefab9833c1d7f9bc03dd39a36a00e0a4b6a4 |
| SHA512 | 78b860b09c8404487566269c63c07f58d0e812cfbac6bbbdc57ee9caec949030d328679d711d0fa34a9db291550ceae48d3b6042aedde14da28795a284491c78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log
| MD5 | a4c32fb545e72e08d26b64e09bc14d02 |
| SHA1 | 94efa9ba41fad33daff870955b7fd348b0b57b52 |
| SHA256 | c13e0905801fbc618a29ad89338c15374029deb117d6419f4b7c8fe797a4181f |
| SHA512 | a84b2953390606a9b9a8a41f30e6f820e6be46371ce5e12572f1bc296f5a3bcaeee12eb2d717b5a86162950bafb3c64b65f0548463b69ad840995ae8d2e91e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1b9b7e41c1c1c19f6bc6f66dec7ed541 |
| SHA1 | 5518d2afc56e664420ef8981e4491eb1ec261302 |
| SHA256 | aa025a320e03c66c5eb3b3294a292f4c84d0e2c4d5de06913a89186f7c8fb637 |
| SHA512 | c370fb9e77cc8336d7f1990209072f5026ca19d0b29d3d74429691943e1bfd0c8000245020b0b866c067713e6f080ef38116b3d81a7810496e690a1bcf482e04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 5d4536e9f9f46a181d8948e1b4fc5030 |
| SHA1 | 6998465bc5a84abf59036b09502e62507ff1415d |
| SHA256 | 339aa5b79be140358a70c7cf16d891821198a62a5ca10339886171400eb03dbc |
| SHA512 | 8a5f3f86d9a74663dc5cc3aa3283a483bc59e749e988aa0462645d7da62f66b7965f3c973fad1033fb93b1d190bfa5c974ee63bff96ce503bd39284afb363c76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG
| MD5 | 5fcebe04dbe2e76becc3a63c2df4d759 |
| SHA1 | c6916a5ff4247834d7e6fb6c60521576e3fec615 |
| SHA256 | ef8913e8583a52e879fbc4528f2f71fce458fb6b1d7ff951f82a2c828c87e28e |
| SHA512 | 864441cbc8df18ac5fb6a45f2aeceb02d7fa749ebab7d10d4b82a7a67cf71915b9ebeb317ee98bb19f0d16211b884d64956be24b5a80b6bc70786a2c9bf36ea2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | ce9ede5bd5853c6c573a41fe3434007e |
| SHA1 | d477870b1277b3bf046e5721d6997bf574cf7031 |
| SHA256 | cb536807e45814d67aa5b10d2c1a89e34b1a5b5b8201d1ece3888fc60494cec5 |
| SHA512 | 56ea476ddbec8b799d2021b6a6fae5913090a02a0e31e2368d8df4cc2ed155671be710b7ed4165626c0d17e01d73fffde4f091c73e718e46f66abc6017419391 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 44689c9c684d2c6170f93337b8220b24 |
| SHA1 | e0161c8e2388d78d26dd42e78734b724298f7564 |
| SHA256 | 5d814b0dab0419e16bc7d66a4cac7c2261573daeab06d66264519e9d44911988 |
| SHA512 | 1bdafaa0b369d99d5aab32cfc1d9ff9da1e4330c2ef97c60759dbea3adaf8d93cbfc32c5eccf13e48205f10920d3c4c388e5b9ba79fc3ca07568e3370a1c531a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | 03d881fc5a4ab4013bd1b30988abb179 |
| SHA1 | 9ad861569715575d7b676e5683b14dd3cffec304 |
| SHA256 | 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8 |
| SHA512 | 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | 59fa727a3bf3e324386f1571064bf5ba |
| SHA1 | fab480c8228d69fbc824187830f796b76d245d93 |
| SHA256 | 9dfbc8cbfc3bc5b50377fa870a3894c8e3482df85ff7e06b8978d6fc0760e0ca |
| SHA512 | d7a99bb46ed6b4e5bb5933959be9538a579f7957e5d7ce540900f9ecc4f6b3f48c0b812f864a2ba0f5671b6960a0107f7eebba108a33cf22a49b48005f154b73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363059346324400
| MD5 | 851a20d67a86daf282398cc2afb28471 |
| SHA1 | cbad605a5c67d257d2bf4578b3cbccd5d4b4c767 |
| SHA256 | e0520302ad38df80271bfda0d5b57d24ced6e83606e093b4fcc532bfeaf23eb8 |
| SHA512 | d1c4166a39153281090c01b9975c8f3ecd1abee95fc1bb5d3167cfb0b0cf2b8fd4a160f25401a7dddbb6ad9045687923efcd96c71c4b66912ac15db7ba59269e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
| MD5 | adc0d49f46a1a83a4a5b0b67c8fb9bad |
| SHA1 | e2c492cbcb6a9f97f4bfcdd4d407ccb17dfa683d |
| SHA256 | f66fafcd32137f09742b20aea53f3b811423c43a141705f703f05b8890e009e7 |
| SHA512 | 31aa209f9f69aaee6b6dcafd92b8284171a754c1c82a065fe403900e23fd73de0c455d3b18234695a21f516502ddac7af9bfa53125fba421ee667c73eb866f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
| MD5 | 86c74536258dad94a9407fb97a3a5eb2 |
| SHA1 | 81f936477ab228b32f0d808b242b4c974364de88 |
| SHA256 | 5e5303ccee3fe8ecc8bb8b46902e7c08bbdb507d7e14ead8d600c42e1b51dea4 |
| SHA512 | c45a30ee9c7c9ad3978d73ff10e6e464968fd1b152e210b11aed13c079ac511ddbb334f9f5999768ae8a68de6599828ffff9efb63683639ea8dd69b6bd13c10e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
| MD5 | 89f95cba7df4701a8173efa00dd6b94c |
| SHA1 | 673fbd9811b91813675b1f2a42cc8bd96450a0a2 |
| SHA256 | 7334dd817408a2ad18d3ffd643e1707504159d52daef7c280db4f14d9c719129 |
| SHA512 | 9cb34878f8fa559d0ee1ee637218df7763f33aaf44c7aa01f40709e0c7ec74a131dbd9b96c14c845ce29d665bb97c077e81a24bd6b8a797fd306678a15820deb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\LOG
| MD5 | 45e9bca933fc1c11859b72b4ba1a3350 |
| SHA1 | aff3853b90807dc3be94f74ddefc45cc8462a046 |
| SHA256 | cf9f1e7a807892e0b08be65dffc6303b9016d77674c057496e58293e49276774 |
| SHA512 | 1a8dddb018f14df76ec7d85cfc3db534c6017543b8d20257baf3a33044b90d1118cd054efc9c38e6946847ef35ae52827f05e69a4491c986311acf840105923e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\LOG
| MD5 | dd03d141edc2e6d59646e052b56637b9 |
| SHA1 | 3fe0e224792ded34220435c0abd5ded34e95b1db |
| SHA256 | 106c2f7bd9c07dc52c819f2d8cf4be8791377d2444f04c46d3c809eac5e767b5 |
| SHA512 | 3ac6c10a18c371e9e8890435fd7052721a12e2d606ae975fabc1ccfbc1e7529f051ddf950f5ed6862e6617ce11669f890dcc1d8f089332ac1e45f7ffa682355d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | aa514e03caa20bf8567e2dca1993aedd |
| SHA1 | 63f535719e8092ef997c21f7e98f50a6c3e60856 |
| SHA256 | b077d8a8e82efa2ee8caa39202e7df620be888e0a1bc22e5b2184157766e5988 |
| SHA512 | bc8bfb77a3897679e45598b19ed617bfac31d90b3ace4bb7367004516d46047a2871001dfc7c0a110e93e9020d049d5b017bc1caa00f8db491e700be8a96a025 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
| MD5 | 123e35f9e84008b60e8c8efdd4d31174 |
| SHA1 | e3c8514a530ef24880edf44eef38734160a05859 |
| SHA256 | 2af5247fb85757ebe912e561f47db44f62f54137f24c407b5bb4f944fbc7c993 |
| SHA512 | 0c52b6b03d3f38c758ec1fa85b15e67fab1f223be539fda2c4842b38ffed2e01b63539475da45b4556a1afb2d2a854cd2c7216f32e55ca9a32229664ce2909f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a53842b68ecb53eb362ec7906081ee8 |
| SHA1 | 37728e99e4655216ec6ad6de98aab308cc9ab76f |
| SHA256 | d42a39589e701b4d4715f763e3bb6482215dfc402e60db76dc3f8bc34132c8ce |
| SHA512 | c118a700f63eba536f372e18981320a8fc5e70492aba8b82bc93b284d89796b182b368ebbe1efe7a3f0315e6d52e6e1f05f4a4052c2974205bbf55607f3fe142 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\779c3d19-6593-41d6-a21c-a27259882332.tmp
| MD5 | d30d91ecaa7eef32f8f260749f61506d |
| SHA1 | 4596bcd152b01e9be91e218c79d8b4a4391042a6 |
| SHA256 | 8722b58b157d692e33b82d3293d5886671be54a9ad79c88dfd624dca64362aa9 |
| SHA512 | 2baf90e1eb55b402c39fc1a6b9da88d862b48296ba8adb520d675ebd71a062a559269d0f8a43dbf86ca99a04fb9bfdf765fc710ce0d3e8459df66d7fd9a7dd21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c33b6c6bbf68d9538d646880e0b44ef |
| SHA1 | e1aaab59e6c941be7ac2bcb4a0c2f509e9845849 |
| SHA256 | c92b1693884b27d67376b665e3c8f30fe8b9cd274bcdc0b7c13921dd9d44aaff |
| SHA512 | bf8b08d7e9ea5316675d2ca7a974bde765c38107022e381b856328c43a5189d3d06ffdc06869ff800c297bf6a84727f430030f81906569306af91322bfeac175 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 00:54
Reported
2024-06-17 00:57
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.0.272561494\959304722" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38ff4028-f06a-4d7b-80d2-42c3a98e183d} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1868 1bdfff0cc58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.1.1649181781\1488071523" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f26e79d3-8be6-40b0-87e6-b1f8aa454277} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2436 1bd80477b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.2.26103850\1403813617" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e09ca3-6160-4c83-bf20-bdd797cf326c} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2976 1bd82e13558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.3.1735393914\2123149446" -childID 2 -isForBrowser -prefsHandle 3980 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ba19dda-c0e6-45e7-ae2c-c105a6f382f5} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 3992 1bd84ee1858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.4.2102530848\1483394796" -childID 3 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36a36e08-5087-4ca3-a3c9-577f4ff49e7a} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4924 1bd86face58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.5.1829464513\1192244629" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8275a7a6-668b-479d-b9e3-c2da63a25bc9} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5056 1bd86fad758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.6.2026437439\736219995" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {836e1493-56bd-4a19-88eb-974b8cfecc24} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5252 1bd86fadd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.7.2045694814\1173471097" -childID 6 -isForBrowser -prefsHandle 5072 -prefMapHandle 4924 -prefsLen 27771 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3140a475-8e33-428c-b276-791ceafe180c} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1544 1bd859fdc58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:64879 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| N/A | 127.0.0.1:64887 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4480_SUBTBXFXOFZUJEZZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d0eaac24a3843dbbb36a547fa479b24 |
| SHA1 | f2bb80633f0799830c20eeb3785887e91678fe3b |
| SHA256 | 8516a165a512fd6666b5e834a2f997c88db325e821b27df5321c42ecf1753f92 |
| SHA512 | 49d29c764acc11ee2a1f214952922f34de0e81b0c7787b86c416a6613b7f9865c67851176cde8ed2ee10599e3bc89ee5176909c3ba0f7523d0bdd954ecc1afb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bb424577a9a8552d77e18cb5c79be1ff |
| SHA1 | 48d9e4197b01be61e4e765a0d2ea8947e9c55886 |
| SHA256 | 435a40923bb0719101f422b635b2951ced54989e25857f66d3a4ec250c49616f |
| SHA512 | 2168bc6b4f765c0723a78b802f8cba6d49c8f63c4017ac1b4ec5cd43fc73ec85f4f1050445d86e33bcf3b342514fa5af627351d51c9bcbdb4ca2dfdd494d48b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 9f05ac59e4a1693b29b5ef4d20921735 |
| SHA1 | 69f667226b467f2182a7e627c70d483d74097415 |
| SHA256 | 69fb873e40282e88aa2b7a7cf332c4f087379f78564b271592daf1b81652dc11 |
| SHA512 | 9bd4237362c379fd6386755e4cd16b69786b59fa280e0ad476df84fe1927912c9dfb4f09846655bc50998869283706bcaa414db9839f0f3145ef7d51a0a36437 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | 32d104cb6c1a2a5418d31c20a0c57db7 |
| SHA1 | c46dc8e4f9bd5ea95510dc6e7d590d0486b2fad0 |
| SHA256 | 0fed42ebaa10c24e09391cdec82d2a27fa62660c9522d72365e67f18d0eacbc2 |
| SHA512 | b618e4994408f9dbd475bae273bc48f2be53718f1c7370b906a83abaf5818bd20def50c3e2520717022256f937e585684424b5108ca410819bebd33f6211c6f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | 9166423aed7d5494b99d6657aebdd2b2 |
| SHA1 | a3a1ae2de1c8faf2ab87c3cab7fba74c405729f7 |
| SHA256 | 4f9ec5b7671d0bdfceb1f7dacd9238a2a4b9c891fec68620d20d47adbb13fd44 |
| SHA512 | cc67ebc4f943b712083f7961e262eed53aeef84d6ddd9a849a5307b6fc466ba898eac7348150b387c8b9c415d69d7ae8f14e1a058e7021294acae32adb8a35a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac12fbdd2dbc03bd18cc85b43fce9684 |
| SHA1 | 7bce065c640b6e0caedf961d5710a48e0f6f082a |
| SHA256 | 2fe14d4c8c509505bce2a80449631c78312280440020c1bb75c346013fb4ecaa |
| SHA512 | d340e8b356340c50da9a9876d166c59e8971e60a708fe329581ab8366a86afb47cccb7abf4d8d875b0a82d86b9e9ffba1dd6733541e8f7c10143748645aaf3ad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 19b4cb0b4437a038b3b9af26f3e4cfbd |
| SHA1 | 5254be36df62e51c46ed2a2387ceb84e54136f2c |
| SHA256 | 2fcbeb001bfde2f42c5ae93875940b2c2a72b81d7b93c8f6b81acd8eb080bfba |
| SHA512 | c9bd8f736e2939f80ebcd583268618396585127fbdb50cf0443de136b6785a7533d2916b9b90a92eeb55376323b07d25dcb74107baa2c4b56af04f00506d8bed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fa25cb1ac9a271f5caf2e8e202027fe8 |
| SHA1 | d218f86e37c00af6cd49011277aa129971e37468 |
| SHA256 | 7f0099a1bbedc6e7297aefe925be810e3a524361eb4d240fd4c6d03f0682963d |
| SHA512 | 766e541e448424a471400240673f7f271351cf08f5d4f4bfff8816229f88bc6cf1b438eb4a28d27617543b6d0c2dad0286f0333392a1f1de685b82b11e8b4109 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | c3e469b6377c9344279f39760d4531a2 |
| SHA1 | 4dae97ecde1184358a2066a460b6b198d485335e |
| SHA256 | f0d451f83ee36450942a3564819ed164725dacdda15108cbb2dbc22b2b34384f |
| SHA512 | 006027f9b2d53d5a5f4c53cd95ed719a6c4848582830074b81ff9742b090bc9072a959a76d31f1ebf3caf5796286badd0d03d4cb99caeaa61d6c5c49ca6c0a06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 51c7b8b9e4f591c993861988b089eade |
| SHA1 | 64d11345b6fc6183b9c9be4b9c6ed2aa0028e886 |
| SHA256 | ace8238226e96d431ed1a6ca9c287a3b6d5dcebf2ef5ace7dcfee4711f6140aa |
| SHA512 | 4fb39d4fcb5083785f2350e16277f076a51b482a82dcf204007c6358b710b35b37687e7267e674651c956d35e6407f6fe6df3600f135d27608ffd2fc07e72eee |