d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe
Size

89KB
MD5

e849fcbd9edc396989ad1b2c5ba42366
SHA1

fa688f5928207c789136735854c5b26935975107
SHA256

d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af
SHA512

f7f690f82621503c03600df73aabff8c2cbceef69ec82268a4512eb3a820ef8fc5608ed4ac4fbb1ee5baff789914756ed9f6a0614a3a9d56d8aa9c24dae473a8
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf9xLG8Oq:Hq6+ouCpk2mpcWJ0r+QNTBf9YK

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652425164560473"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
2016	msedge.exe
2016	msedge.exe
2764	chrome.exe
2764	chrome.exe
4784	chrome.exe
4784	chrome.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4784	chrome.exe
4784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeDebugPrivilege	3048	firefox.exe
Token: SeDebugPrivilege	3048	firefox.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3048	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1724	952	d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe	85
PID 952 wrote to memory of 1724	952	d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe	85
PID 1724 wrote to memory of 2764	1724	cmd.exe	89
PID 1724 wrote to memory of 2764	1724	cmd.exe	89
PID 1724 wrote to memory of 2016	1724	cmd.exe	90
PID 1724 wrote to memory of 2016	1724	cmd.exe	90
PID 1724 wrote to memory of 4856	1724	cmd.exe	91
PID 1724 wrote to memory of 4856	1724	cmd.exe	91
PID 2764 wrote to memory of 1036	2764	chrome.exe	92
PID 2764 wrote to memory of 1036	2764	chrome.exe	92
PID 2016 wrote to memory of 4156	2016	msedge.exe	93
PID 2016 wrote to memory of 4156	2016	msedge.exe	93
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 4856 wrote to memory of 3048	4856	firefox.exe	94
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95
PID 3048 wrote to memory of 3408	3048	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe
"C:\Users\Admin\AppData\Local\Temp\d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AEBE.tmp\AEBF.tmp\AEC0.bat C:\Users\Admin\AppData\Local\Temp\d869c3ff6a0e0308c158dd21355efcbbf8a0f705617214b92009a719c513e9af.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffae509cc40,0x7ffae509cc4c,0x7ffae509cc58
      4⤵
      PID:1036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1920 /prefetch:2
      4⤵
      PID:2912
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2180 /prefetch:3
      4⤵
      PID:4176
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2248 /prefetch:8
      4⤵
      PID:2928
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:5136
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:5144
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4680 /prefetch:8
      4⤵
      PID:6084
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4680 /prefetch:8
      4⤵
      PID:5624
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4944,i,4014351511198991486,17603459702770806527,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4980 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffae44546f8,0x7ffae4454708,0x7ffae4454718
      4⤵
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:4320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:3320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:1596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11182703714412297181,1952601177728849514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3048
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb0943f9-05da-4675-906d-7ea0035dc64f} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" gpu
        5⤵
        
        PID:3408
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b736492-ef70-4913-a00a-ef8345083950} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" socket
        5⤵
        
        PID:2812
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 3112 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7e489b6-601e-40a4-9f30-fbe55ddda9c0} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" tab
        5⤵
        
        PID:2996
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3432 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00a8abc-0cbd-4ac4-aa61-0236fbd8d51f} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" tab
        5⤵
        
        PID:4988
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4276 -prefMapHandle 4200 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b058db4-39bd-442e-9039-5122abf7728d} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" utility
        5⤵
        Checks processor information in registry
        
        PID:5812
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {390618cf-b1f8-43f2-8549-9326e64bc719} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" tab
        5⤵
        
        PID:5716
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b32f9065-7a01-4f6f-9693-37ba06b975aa} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" tab
        5⤵
        
        PID:6024
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc15a93-e4fc-48b5-8b2a-433fe23a7d7b} 3048 "\\.\pipe\gecko-crash-server-pipe.3048" tab
        5⤵
        
        PID:6052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b87b2b7066840cac9fb235d18c9699b8

SHA1
80a480c71c67844b88df1818170d77dbf384094e

SHA256
f66024d8b26368b8a14dd8e05d0efdad5f29835a8e2fa890c2d1df3f457d91db

SHA512
f435c09f119825221a196b67a3934c5d5eed3f4b28e18e5b174ec0d9be766366ca45e26a4b8608fde7827a3a1a837f9c4a5b30e10dc283cea3f0206d6663f131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f3f66b0da245c022564ce3933a7a7d8a

SHA1
bf98b31887374e5b0c810cfbeeb35a198b33f5f6

SHA256
a25c65fc0215d8ac3fcbc55a54bac8d93c54d3fcb939fe770467ddbd12f42e70

SHA512
3c8e15dafaf774c5d254498a64e52830a7d4591e028bd8114cc3e0ef7a8bfe6fb5520575f6127c400075990ffac029dc4cbc8b78f3d57136366800664d952532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d5cf22536a330e46d3ab2360451fef80

SHA1
9ddce45df0b589487aacf413c40701ca47a5ebfa

SHA256
86c8994ab6fc65ccbcf28911a43a4c0b5db9b27414e60bb4b6bcc5c84036571b

SHA512
49b4f900baba2833e1a9b583bf92b39be06f367d54ed7dc175e59d6af1146b9af87d2e45e2b4c6d42eae8d1575dfae02178d1ec899ae67d5c4b6a8550ac20e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dc5f7f40ce9296e1ba6827c1c6121b4

SHA1
ab0b5ef97844d404b59e90c8fbc097133310eba0

SHA256
e8190cb70663812dab386c7f4957768ed15fb8664026693126de4f7ba067b04f

SHA512
110a43a82784a3c20e05c363859288e4ac4489c31ffdfc18cc1456d2a85725d6ad405c9c46722d17b48efdd8289bd1355155e0665a236c738242ed4d4043a931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd8b0b2d878204dd7914c6cab47ca30c

SHA1
b9af1e38f4f4f5dac91c4572133338f64674217b

SHA256
7b68d47980139f05624ed51f2bb2d808532a14e80893cc7465b75aba58d0ae4b

SHA512
9a762f9cab6343a75f54b4820c2f447db50d02f3ac44b96af70db1ca5d60e19b9370e54919a5e769cebff5c1feec50e7ea83d79f00339b9ea725e0a132e2e597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8be881b3228fd5918b5eb59304b07ae1

SHA1
9222d9e7d9509ff7702312ae93def359b265d405

SHA256
3fe1cb37bd91143ed1e6e90d558cd5448d0010fc503cbcd5970426789425e43f

SHA512
a324bf2c1fc9e44dd2197ba91cabfaa54de43f4d00c45de400aa4b0b7417fe373d5d967a970f9d19879adae409f06730161435e3d6f2749fef44e54f5b6fa462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e75ef2914633525c73de8558397eaab

SHA1
6817d6ce5521c66a3d29105094609a0f2962c183

SHA256
5c28bdd7228c1e0a4eb08eaaf1abdebb3004fb2847e04d19bab3a6dd90f3217d

SHA512
6f8117f07d35705a7b9cce851e4e77fd9e23ac8b43106996a4a29f21eae30765589a02e3c3bfda1322bbc2214a7719b4ef0e1769cc9f85acdc77d03b7634abe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d9d7c59c5613bdaa0daeb556688023f

SHA1
ea38e9815a03a3ca80b6d5bcc804b3b771092aeb

SHA256
ee8145ed930345b1c18e4381ee5bdc98ffeb685a33c005bef6db88afd343177a

SHA512
1599a7e6f959a39a74db27b1f8c52512b901dd1aa1717c06a65d38418fa81a1a6e33cbaa15d5c26776e13431404210392fa90dab9b7f65c652f1d99b01e0fce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fb5cc358a10ce1c441de00eaf015c7d

SHA1
5b97e1e177096515ec360646ad54c41f46d00aa7

SHA256
a29b2564e84b3d52e130d86b2a06417073a3f77239ff02975c9af2a247338a71

SHA512
2480da4b3f41b0e10ac5bd08a31cf040f2d00363c4cf78f9e2fee0e3b1e926ab94a7707eda02cff699e74581f6ecfc1f9305bb9e4a5b431933999a6d3753e692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d58dec2081af91e07f9732df4f98b1ff

SHA1
122a59dbb2a16e2e5556837262f2baa3a89a7b05

SHA256
15827b5d1343513f69d4c67017fc3a6a633fc0b5770a8836611747d7c6f0b1a6

SHA512
54ec8955da2de3f1561b735129c20205ae66c5cb0d5969926807ce25dcef038d9f26bd0cb6c459d23f7cc5cf5ceddfaeef32b686dfbf058d29d06ed01026ffa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bc193fbebb34dda413d95f915033515

SHA1
a4d78e6b94cc705af8aa5b99f63d247305ede7f7

SHA256
d147a245badc875f45c9537bb243f9dcd6155eb788bf330d9d225ef69ff0a93e

SHA512
d36f3728633406ed5100bc58ff8e88d4d8d0875f885a2f669faa8a84bdc237a5b64d4ca1d243e3d7b30036cc69dbcced1f7600baae833eb6631eb0efc7f457c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50248dc4076ff0dfe0f2317cfa98b502

SHA1
0ef359b77d6310a13ca4fa99194c46c622acaea6

SHA256
64a9bddcc10101448394fd8ab5378b4fc9983a65bd50ed8d764ee53a50bf5b3f

SHA512
7549a9559abcdbc5b4155962dac8697719bf19290c4de110bab262ad47f04852cfa18a4d86babb45a88c40cecdd0a9fd1903589f49865c26014073d5db97ca7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fada329ef52e46d2511720e62670b9d

SHA1
02a2b80504307949c363c8b1fd9e31d27eb643d5

SHA256
6d16796564db8440e2efe9db4be227d405ca13e3c8850daa8e4480e69101a8e6

SHA512
bbc68d546e4619d265f5e2b0a7e8986ce6ca8b62d715d87afa1cae4010ec785b72b4267600f1212b4a8a0a8c4ad9f1f1155a2b037933dbb723ef2488025293db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
73ebef559d7afc013ae30d244bc7259d

SHA1
3de3e2498ce7fd3955fb4dfcd52522c287a6351c

SHA256
4eb90ca303533f9d29caf19a56bc54bedad72524d99c6e3cf2a4b35170643ab1

SHA512
28d407d3a5f6025276d111824d355a5bfe1f7a504dd33cbf1d17fcb7b4178d4a3b921138097039936cdbe926d3512d4e4492b909bd0476ea053c9293356aadac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
3b88245d132f8aa96710f42d2a94d5c7

SHA1
c5e50034512e87b91062a3c71b4d4cfbd10e7b1e

SHA256
3e0041e78afde73716755081915966228824a1b7b748d8b2c53fe94f9affd2fb

SHA512
8a657db3a9f67cc66d1891866460ed49b6e119a2dcf77a7513362a0086a1e386b0344dc41447367d8954b05d1468bb9c6b542941af591acc7158f6fb9683e262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
a4e6b4ff5558bf42bc0bef46b9816be7

SHA1
edf3c551fd2430f7686b171733431d50ecdc8d12

SHA256
e08be198254c71fdf969ed3bf27987956e4493abd245a6a4343e1a13c9ffec46

SHA512
e62139c1831331a3eb36709b9b10e631d2bc432198f8ae0449be66a6d455a68796eb595c855ee0ea6f385ebf5004003f8086147bd02246fc008a01ad11ed51bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
1c0c8433626cac08202f23a1dae54325

SHA1
3a5700eeeacd9f9d6b17c2707f75f29308658cd3

SHA256
7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3

SHA512
da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
c3aa6e31c125d83fb2eabcc9e33843dd

SHA1
ad91b78e1a9853ee876b77b82f75100ff5690d11

SHA256
c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

SHA512
897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
be425f58758ade519e89a095683a658c

SHA1
3bab2d884b12cefedee939a2b622ac71384fabee

SHA256
059728f177ff35a8d2ab6c6fd9b0b0ddaaa1386ede667d81f66c3087586ba1c7

SHA512
d7c96d8e716cd66561afdbbe6fcca26c6381542b032361e2914d47d9925cce881517387d723b227ac8b51434091b4a6e6e9b988f305223d80e709feacf7058d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
19d158b4073fdd990cd129287cf130ed

SHA1
040fe4f224ebf8a35069f8c8fc889b5f80c46b02

SHA256
c76a6e6fdb2f147834e3b4f995261710ee34917a25c78b368460e8ab597e8a9b

SHA512
5eb7c388806242d1a4bd5daedcfd1a19eaf8dfcdc2d4ab7a0c99d8546c2a77e8a4ccf050606f9ad42c5e1d21e80751375ca23b2a0b2cc5144e2f8a0557cf64b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04ee99decb6819f036e381f95c35a647

SHA1
b6b923ed63c9c66120b40d17c56af705c4bcd9c4

SHA256
a161ffc18b5c5ef4914f4258779cb2f9e290edf6afe03fed072a9f8f4c66becd

SHA512
6863eef54fded4c70f1932408e36a4b96b7c90edebe3624e86975b3fa39902a82913f32593d4ff06afa213e4bf75ab5d95318b0fb07d2678d9f3286518c858fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0667d2960b676aa72dc15d2d07910687

SHA1
74aee5c3b93fb5007b940006fee9336ad306fc0e

SHA256
af111a6ed6ddc910bfff906cbdf16b1d7f9935298a3f813604bdae93da455b14

SHA512
1db2468177e1181d7c92f01ac683ca4657543b886ad781db3253c128effb96a753f5843a312e383bf33500ac0d8bc9ebe969777bae9f986cbc158eea1322d922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40d059be4a62a0eb113ffb5df7944e3b

SHA1
c14e6a0050058499ef1f606e24fb0159340a59a7

SHA256
8ce40e40760bd9a85e1da5d4285c1f5cb86161ec94712baa93c3dc9ae745bc91

SHA512
bb0b683a4fca2d52bbcc65e7499d3eace97bf27ddee2f891d2d44ec3aa9329511f692313ed776df9ae8e23fafc1339326f7f31b61104b64e6093b514aa50f481

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
befc27862004335d46caf239be56ae6f

SHA1
efa4cc8d24de55da1fe642620298f4063744f795

SHA256
a864fa7b71e4cda84ef69149640b96a3512e88fa5a6ebb82f8bd23d074244c74

SHA512
f883e4cc5d94f4019f722b0d490a5ad6a18a94fd79c9ad2d35b2c18dcdeb14aee36e45366defbbe4c3861b9216db28051b7d792bfacc1455836ab3ba63afe760

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
26fca4fa6de7418710cdd923d1a27315

SHA1
21e0eef1702cee05bb516bba1e1f13a825772173

SHA256
a4d91d140cf35331c646f2d36f7df7da33bfd7cd8ec550b1c8041c98c636ca23

SHA512
8fc5f2d6418d72c01df56d6a588ddbd20baec70a4ecaef874f7b62939bb5fbe9877195b4a649d50d2c3da9ecd7eece57cdc0b9b808b7b32a0b570a09715a2c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEBE.tmp\AEBF.tmp\AEC0.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
12KB

MD5
e6d9749d1709d775d5fa854a88694976

SHA1
8f297e3d3d2f0d7b8f38450db4b32bf1c6452976

SHA256
bedffdcb184247e3d263da80c72b6118709a07ed82f484b972e4b8b2053211e6

SHA512
69c41787116223ba90f422d1ad2a6656bfb4df12a241ffd24e2d3a01fef0370f29d512c41f493163210e5aac3d90a02f76dd354bc0240c591b423b4a67e690d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
5c737a58e7619442119502196424d26a

SHA1
768dcef7a8a5ae3cc88791bd2143da5699f1947c

SHA256
35a3d9977e664ebcee613776c05e36a298ec61304e460267a206066127168483

SHA512
83d20fac422d666afb0b047e810b5a3762867f5626709c87f7066b8aaf9ee41c92bb58c9f1c9c6ebace7ab554468209332e81e1e1b120f558b8f03ae49b7e4fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
53130ac3007dc9677cc50784a887a485

SHA1
274f08884208d3ef221b2b4b868bfa2de431d2b2

SHA256
f9ad4383d85216284b0f2f087fda1760de8a025188d3fa23d58282f308c7b91e

SHA512
d67c5b59dc8c1917adb3dadac3fe9f4834121def3da14ae34ccb09a728216d6f5f0a67e44ed8f428310c1c46f7a54dc0f3ab5f7464776c08cf511f0221a48a53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
23f1a1fbaaee3cb23a3447ec3db9ed5e

SHA1
299ccdc8d64c046e1833cacc3acda2e8629eb68a

SHA256
30272e92f0a15a0f618e9e3f091f06426b58828d044a5ccf809a0ef151130ba0

SHA512
84c4889ba058116679c49cb8540f1391b68d420b903a56dbe9e1d1693d425234a5ff1b3f6b33d21010fb176ecffc7e8a03da1d739aa07ca0ef180268c73b5839

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\299aaae1-7fbd-4926-88e6-c5e0fd43d778

Filesize
982B

MD5
a9ae66effa728a0a48b4fcb7ca8d4962

SHA1
0ec3768e438d26ba96fe50fe35e41cdc679ce3de

SHA256
25888317acf5c548a4ab828a50b0308657194d0a20e7a85d5e0407b9bdd7535c

SHA512
e528ea8353b494a578f51b30cdb1749d6ec206daf8c2d1ee3337606f401ad7b166432516e4c24a3f92c8325f9c07efcf06d39686f221854fb41e076a22d01795

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\b2956112-7f76-42f4-97cf-a35a584b6896

Filesize
671B

MD5
685a35f108033a130d459cf67bca953d

SHA1
56daff02a8a1726cb53eb9809ad44551c4e9bb90

SHA256
dad60ac1acc7d7428af3c21ed27ae29878da9dac7ff3542b9da81b60b1435de5

SHA512
fe196ff2f0eac8861ce9c98d02235babce82d3a68b5cb00671d239e09b78e959f03988e136dde07b0e77da009381dbe463d3b68f34495cbf5add31d26cb0099a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\b2d8d062-9ba2-4baf-9582-f21994309349

Filesize
27KB

MD5
36cd109d5738e7a77d291aaed9c18944

SHA1
7202b121d6344432903a3578a9b6597e1a143d1e

SHA256
60ddec5419741173a9db9d45001c3fcfbe8fe2e222316a8932bda17e193a8a93

SHA512
0325a62fc0a44c1f41242f172c4cf19fb0231bb42636cf9db66926765a4fe5fb77edddf47f1b20c7b7058e5a2e904bd0f9bd134d3da4ab43103765bba94316fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
11KB

MD5
b752a489765b4c4427edee372819cedb

SHA1
8f1294850d11c433f673ab190a5c2ee2c1738b6f

SHA256
2e005e65be8940d85691261e63b90173def420979c640c8722ef5c08742c96cf

SHA512
7f4137ad751fa2d682b0ad0835c82574cc4f666607f05bfaff6f40a1ac0f336d5ee96b4f97830be79ba23c34a401df5d4c0cca01eb65725bd1d45874637ce1c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
e775c8c884034a3b81b526c0782371e7

SHA1
fb6570f09fa366d7fede0dabcb293353ca8a0d32

SHA256
893492e6e13ac5075a7f13f3893850b904a5edad468e46bcf23febf5e0d01123

SHA512
2e21e47b534f3d5f42e77bae7a6c614579a6a759c1a0f66ca845535fa5b0e968210fa6ba7b5bf34ec0e33e50febda18cf3efeaf9dca0b3383aba2ceed1f0809a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
5533f1690a1b130431bb6f150e4db149

SHA1
38fbd1b8ea82eb775be8a6d29cc73f7fa71d8a7c

SHA256
26c9fc233d0f9c893b86c64d93f15b8253cd073c82c8911a1d7a29b292713999

SHA512
1aae023c36f421d9901960b490047ac383dc6ae8c5c2e4c6ceaa40e59717d87cff01472fa29e605d027b8dbd177fe80432b96273bdaeb87d097f8a51c6c26d6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
557a0d5a61a41629b2c900065405431c

SHA1
20d9d10e11dd53c4bad2e40a79fe9247a8f165ad

SHA256
970a9ed98d2c49cf6002ef627019f0eeb040383dde3245eb943bdeeecf45dd91

SHA512
9dc791ac27dacd68d0302e42fa9a0a64b9450ace9e455bff2fe556c0737172207a3f480fd1c82b64eac9e0dc6bea28c2aea4ba0dc1ec5d6f1f88ca7a0f94acbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
8f0b4f8b5ef34d7ce07e21b006189d3f

SHA1
d405ebe8db2b5108b48383a8fe2199cae35c3824

SHA256
ba35fd0ed3c61f7fc396805985f9a105195fcda98fcd239290289b7dc6473685

SHA512
623dfdf2b739249f674d8b482cc2a1059b638f7e2b48d4fd583af95476187928ca19db80b63a09894d85373502b3717e9b56152bf2242744d89fc9c7ed4a0968

Download Submit