a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

random.cmd
Size

2KB
MD5

c1b73be75c9a5348a3e36e9ec2993f58
SHA1

84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256

a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512

fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652747831576488"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3848	msedge.exe
3848	msedge.exe
672	chrome.exe
672	chrome.exe
1932	chrome.exe
1932	chrome.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
672	chrome.exe
672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3020	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 672	2032	cmd.exe	85
PID 2032 wrote to memory of 672	2032	cmd.exe	85
PID 672 wrote to memory of 4912	672	chrome.exe	86
PID 672 wrote to memory of 4912	672	chrome.exe	86
PID 2032 wrote to memory of 3848	2032	cmd.exe	87
PID 2032 wrote to memory of 3848	2032	cmd.exe	87
PID 3848 wrote to memory of 3968	3848	msedge.exe	88
PID 3848 wrote to memory of 3968	3848	msedge.exe	88
PID 2032 wrote to memory of 4484	2032	cmd.exe	89
PID 2032 wrote to memory of 4484	2032	cmd.exe	89
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 4484 wrote to memory of 3020	4484	firefox.exe	90
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91
PID 3020 wrote to memory of 1740	3020	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\random.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffee382cc40,0x7ffee382cc4c,0x7ffee382cc58
    3⤵
    PID:4912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    PID:4936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    PID:4652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2220 /prefetch:8
    3⤵
    PID:872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:6092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:6104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4680 /prefetch:8
    3⤵
    PID:5596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:5952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4828,i,10949052565421330449,12626650907290505741,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffee33946f8,0x7ffee3394708,0x7ffee3394718
    3⤵
    PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6732980091925524206,16605662171558124367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5192
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abdcfbf3-cb54-4646-b942-ac8ae0b3afae} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" gpu
      4⤵
      PID:1740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7418c1f-765b-479f-b249-2797582a844d} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" socket
      4⤵
      PID:1888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 2916 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2eec809-b057-4061-8086-0176503744aa} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" tab
      4⤵
      PID:1924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2888 -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1794e8e5-64a6-4be1-abf0-623ff7d1df90} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" tab
      4⤵
      PID:3904
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4288 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4256 -prefMapHandle 4232 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdbc7c9d-89c4-4c5f-9810-e6339870368f} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" utility
      4⤵
      Checks processor information in registry
      PID:5676
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d69799-5034-4af5-9e9d-eaa3f6d480ec} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" tab
      4⤵
      PID:5968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {175c7649-2b1d-4c80-95bd-7592e4053ff5} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" tab
      4⤵
      PID:5984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5760 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eef0a3f-401e-457c-b887-e832ea0a3d50} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" tab
      4⤵
      PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2bba637477b3f13fb5acf4b017195545

SHA1
b24eaaa78c8d788ff621582a0c0056776a06998b

SHA256
f4811771c10c92e3da3b2fd861bcb908038a2893fb8923a216c0b7bd5f8731ff

SHA512
bc55093ee3b6dc37b00fb7c74da740d8fdbdc43f9628dacb585ebadc88c8a6f883ba9422c1ee94f67ce7304897f632aa93c23cc414e3977175f1e3d1e8292641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
39f2ba5353ecbef8757659f6193de0be

SHA1
37184657b5977f07fd897801086446774218534b

SHA256
23a5df406364a535a0edd30bc301b6333de5b3ad21e0953482db04792edac078

SHA512
4b16f0aae6f465eedaa85b065b7ddbbfb4de7192181288801ea7d95948a1d4210c848199d61c8f38565bb8c1c88b885c0958bb69faa6bbaa009ead92b1644c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4366c3b182ce6c278e0a2a3f5f2d1caf

SHA1
a46ff07dc4c40ac6627e4a43b80da1968892a16d

SHA256
e5561d79faa1a3b4e1e54980c9d2108506f714aa636092dc60ee8bef1f30610a

SHA512
721bec298426c00a450bf8ed0cf11d9540806bd53b5861b72ee349030e7cb5488526470ccab57c9f0c003ad81f3fa17daee1cb0e0f1e5f3d9ba1da3a94fcee9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
032074649f5b46bc75ee6c69b1993f20

SHA1
a96723931ba00d2e29c78a95d69de09c25a4e1d7

SHA256
0da5e1c800e3de62d4c342006e9c054e5d1959c3d85662b35336b05c86835b2b

SHA512
04a58479820eedbe000e0efb261a9865c851e011f3014cb2d95f3000791128e7a5086f1fc38adb29f1dcadc6ddadbc30009de5b1d7fb08a1aa4b0e5062684f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
030c938b06ebc190a8a08eac7a63a029

SHA1
1abdb9f518ea4c6f54564804a3c448c77c81d570

SHA256
f3065576ec979538ca9510047ef268e4dbb5b7aac58498710d9f0190afc2d77f

SHA512
0089f982c013198fd0f5b1b5d266db85879c4cca5e016a9c6e03d8ef404d7b3d94638cb1d2306894d2467799adba17ad97f080b2cbc144179159a746ca21a3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
289209a73c49b91d22eb518656acea02

SHA1
9ab55606685e6750f2eca7c068c4adda02b1c14f

SHA256
70282b40e460195b693bd189ab74e198b1cfa947f5558ff510d638de34d6959a

SHA512
995177b4f9dbfd3665d837a21c61d84f2215e7be322439496c33f1479c617f3695a572ae7dec5fd9dc0be18d9ae1cd233b47013cd84db00196f1a3aded977a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13747bac47bfe64e3bc085518f4be40e

SHA1
45ea4c71602c03553086a4a638ffcf47d727e0a7

SHA256
c5b3da140c0d45e018ef06cfdda00142ab9574901ade7123001b9a22c50a5308

SHA512
7193a9b764f00b970ee68016552aea1974edaf3dd49d57f3a8ce8a961cf756b36df3f015e21159342affe6b4dfe288f856cb38cf1203cb2485ce080478d34c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d549cbc852e1ec4061eee647f316196

SHA1
290e5defefca61ddff3704fd5ed129ac6dffd741

SHA256
bff2f64df61fdbec857174d1556388448409c60901a5c9576fd4742fc9bedb09

SHA512
b41d654708f7ef1fb9ef8e7071308bd1274a4be7ae73fc35a259d976528b37674d51671a8902907a49bf25a0fb78f9412b88ff335998aa14286bd4ba13e8ea55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6af74b63bc3f941a607c3b08d0ef7ff8

SHA1
ec9ef42cfc0f5d976f21563a8cae6ad80d4b726f

SHA256
5679436e1b74dc2dcfb0bf53afee942d5dee5cbd26ac5b6ad61a79c15669fa24

SHA512
19de16064bd130cb65df2b76d02c31d87fa396edbb7a74a201c6e9ab6a40deb5e29bbaea14bc712588088ce0a2ce54243b0fd8d89a327faec99a6778db99babd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2fd7a9cc9317a4de5ca8e848d2fae74

SHA1
d36c8a0b79d34ff982c8fb9f3c101e42951cea13

SHA256
1018f098f8beef9e9215be46d1a9e52791933b0772d0d18bbd307ad418ff1613

SHA512
761ce1ec5f8f21384e1759598d3bd55bf209143e8d757ee0fd72393a5bbf2a4285e36957e246bacf4a252411a67d51e4bbd4d4b9d7c9d88dbf13f21daac762c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45a7cc29515fc73747777ec4d98e7fd4

SHA1
d902f0457baf61c6a6ac4de6ce93f64eb0d8961f

SHA256
f4f45f4f162190964bedd7f986077071468651bccabeef65044626dbb97db2be

SHA512
46ae9f49b9a250360ca4c92b08d4a0bcae128c115d5411fadf114e9d844ee7d19b3d405fe565144c754ccddbe1f2ee566c68a0173a415686b66e7f867b925668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76e9492cdf4aa1fd332188f83b6241fa

SHA1
f368a776b0cde6fe54de7674644e6815e3f1ca2b

SHA256
05831ed34925f98e882a28c567476f9a4ef1c0a2762474ed3161ed374c0cf001

SHA512
bb53ad7ff59cae2f757ab8d82b69d3b67b2408de33ff82641ec835d61ac1c189c56dfc921dfc438ff81430259f0046b1926009ede8fbb2a9a20c7956ccf5c1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a6be60c42ea9078ee625b61cf3f455ab

SHA1
ff5db9d7a355576714354e3c684dcce6466fa321

SHA256
de2e1c5793dba8fc6411b3d8879637375d90800bb7bba36c227847e159c0efd8

SHA512
f1f40fb73393bfd49c1ce3b57cc669d46ca5a95798afef56ddde97d57992bb895eafc78d35304f1f2e3b390126b3fe067be85ea0dbc57466ade64e3eaaf66396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
9e40e7db8b8ee4309bebba0333e9b9a5

SHA1
0aa67d45b1db8f45dc27a1ea0c0032013966d9c8

SHA256
6495365198b3e8faf28c70ab6f59481b0965f7a207275852d0faf3c04e32c599

SHA512
db5263c662b1fe8ad3eb5f68dac3657bd40b98b18af89fbd21dcb1a184ff6ae670dfcad8104fd5378db7865583feb617e7ba7b8fd26c34a9d70db30ff97b642f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
4bcf3b5fb45d2737c74c503a05f8e2e4

SHA1
40ce999cc6e70a83c88dce9588874ca774a127b1

SHA256
9ea0741a9f6a8d28388645cae0996b188b5a8a1a7c3418722819b73ba5bc5943

SHA512
857071454ea4ddef9d0d967fce7ca4c4e456ba4d05e5aff783355cdf517160a01554b98d513d26a24cd926878b706e357a86dbf81c6837f9133942f51bd60461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
33KB

MD5
a5ee86ec13e7349d13a2c7434edd13b1

SHA1
ed338c8e72760184127b79f5ac87de6003f255e1

SHA256
f7c487696c249bb4ad1e50ecf59c442702d5ccdcfd6f2152afc7fa17f28e5156

SHA512
719d522c4c44aaa7a7b9d64dec9290bf126d3ea994665b814c53316f5f8dbc6619ed1490ff2ec35a3ce900ad0a950fd751686be17e9b9229baab372c57d89f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
c3aa6e31c125d83fb2eabcc9e33843dd

SHA1
ad91b78e1a9853ee876b77b82f75100ff5690d11

SHA256
c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

SHA512
897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f0b3352e23cbdfb4ba4b1ffb8092392f

SHA1
f9b6e96df50bc197571593e519be260dbd718aba

SHA256
2f03d93834d538f76165761cd65f56ee3ec1a72adb246973d41c3e15b8fbf857

SHA512
6dd84c795e9c7eff6ba5867a66beb873577f006623b370e013e0bbf326140ea7b7eb05b3e6bea08809c5dc073a1bd303b8a59ad891f8137e7f3c5ba8d9e1cc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
60551a5796b450087ecacdd6862d2c73

SHA1
1c8408d199b2925229051019899f9fdadfba8c64

SHA256
1e6b693aaf8da487bbc924c958c93a8389360cd71a69ee4a5277c49e84162e52

SHA512
46e06144ad7c2e78426420716f4ddf7259b554d1d1e243f5ecf1712ddd7df2e174a276a7e6d77e2bf9006b34094fccea76971bd332d1fdad011d8f4e6f62dd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea9e15c1720a7d0ab455be0afa2a8dc4

SHA1
59ca3fb537d69240b55662536585bfb670ac7fe2

SHA256
13a0a8c07ec566e3680b31e089a35dc62e07aaecd81f4138181fa85be42cb7e6

SHA512
160e8d04b7e0938c05d09a4da0821f0d769062f96b2c8b1c212b0dca522f1ea362846cf99231755e0d05619e3919de77944c752fb198ed28d692131ac0ce7fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdb90c5255dcc6cfd01195f1d243b00c

SHA1
748f2a44ce1abde2ebdf7f5e0738f297bcd42919

SHA256
312208e2a15fd66f7497f0f36500dfce0e536544f936ab2e3d08dee30d55b61c

SHA512
cb9e969f0c5e592febb0e3c6c382f9382c804dcaec7f739604dd75c12169a6534d390beef6a6d0aa1dc4724fe4852e336d7ac4d8a80d7f6cd9dc04ec03ae252c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a12cb2c6cb7beeaa3a8e2ce74fe3129

SHA1
5ec20001c96a38309dd68c6f62d29102c0a39a0f

SHA256
8f521eab855d98e5a2646b3f4a7c3e368e6df96c0fbf38b3ba337b13f465d471

SHA512
9719f1daa2640c2d1a21dbedb903d4df218af6761d7357672132b0d9e3c229f53b57a0e0553b7d4fc3b4a5a08eb430200d259ba6e2c4f3144e3e4ad968db6f26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
d132443d53a8dbdcc70517a11bcb747e

SHA1
7b8293f48c593bb3553068f06e1ae30b5bf78971

SHA256
ee2512bb6222a222344cbf0d0b0054ce8c121f784bd5279859b608ad10291b92

SHA512
07e444eb2fe22e99841ff36fce666be604cad6edde1301407df077da12f5b490454ac0686714c8427f3175bb8895a83969601d0d1f8dc69b0601b2dae0bccf9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
1a28f2ada5b9f9df05e56c6283fc70db

SHA1
f16cded561cb9ad9bd0460214a352227e39e8b72

SHA256
716d9d547892c4c19b6fdbdc4208dd771bd415dcb4ea9bd7e4f16cd596e982fe

SHA512
c1016a3b50d2f6e3ce9fa7d185bf496bd417a040556e4690a263f281ab2ed80026a3957142e33d3318fa7b201efd16454315b279e5309b6fe0da4487a14fb85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
8KB

MD5
2af704497260ddb4c780d762cc698843

SHA1
fb4a703e07b17efaad5e38dd7328354678bf0201

SHA256
1838112d8323040076b588100d3e53d9f29e73638e23238d103b90bd1c97a22b

SHA512
9f98b26fa6baf9dde65d75ac08b2827963ac05e5e5797fbdb994b31c5187e75ef3e97b1bea700202c0d9b37d91d43d829a6fae9abc618b249a392b5de5197490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
11KB

MD5
c486d1d12da745a366212b8f82b7657b

SHA1
c9dcc6b969b077ad2e2ed797a1b2033da94177f3

SHA256
153bd30684477528fef168445ba76290488bd39d27873e45bb87bf8131ff0bfe

SHA512
2bfe94226983a7baf5f570c10711beab519465de5c5078dd98deec1a18b96e40d54e84d6e93293af0be8e27cc1e9daee3f4ab0e1bfacb6bd9b18f47dbe08885c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
4e13aed695170d44cb18f58c71675acb

SHA1
773d99b6ee7f3270c5ae101cf5ac23bffc69f1ac

SHA256
651e5d05c6af621dd69a7c0657188fd94e78cadb920edcfbd90005662cd042b1

SHA512
62f2ba9ba5b5a82573c34d18893777cf0da84ffe8638d10f12f5a216a623712942875d778a3de0c2eb638a6d402346f25bb63090b5005e8963cde7fc5cc6a64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2e03065c2f73dd9bcf310ffce7b40d01

SHA1
66b22b47b1cf672b7ac9a6ba1528e5d97db8143a

SHA256
62b805fb3198ea63dab01407be4b6504dc1c3af44a27fa5c97899e747b573a6a

SHA512
ecf25ff266d948f30fa3900a6e43651fba5b6028a6237db04f4f2a6fc3611170a15da9477d335a19d64b4d0ed1d248c09cee9f72c32d4f4fa19eb4a80472ce8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c1419dad1e0d7988123de38889d4d3fa

SHA1
d7b7d3e569e110c7f17956818aa226768811478b

SHA256
70be8ab71a65465818beaf2d0813f503fbc86ffb9d00d14c9fb5986e324fc0ac

SHA512
63d2c63e66c4cdd6f7d0de1431abdeb3b50876bfa5423a0a8d6a231dae6a44b9f78d1399123869d586de706ac0276dd28b58be16d8af00789650339827e8bd79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\30e23f8a-49d9-41d2-9346-c68607e26277

Filesize
982B

MD5
912c61e38a7b90391455742d211c32b2

SHA1
da0d36f8bb743c5fdd5266dea7f40123ca4e1d9e

SHA256
182f1ee020102e6c8562fefa7c89d4d0a94faa725c381ad4de2ae95dda59f67a

SHA512
1d18ecfebdbbce4ea868304cd53031e6a3fe60cc11df7148843a9fc394cad3b06b7d9631b6efcb4ce8ac8e9e3c257d088097b6440934ac9747805d53387ff64c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\57c0c009-0838-437d-afff-87c2f5d02510

Filesize
671B

MD5
cbfc9754e92df31e7b866a8606a4e100

SHA1
df3cecb827735038a856295e3c82e769d3b5318b

SHA256
8a84e4a6e993da4f9bf1bbdba362d034eb51ddd34fb8335196d8804ff2dd3888

SHA512
808cbc4865dd5dd520c60d19f109f19950a317a8901e0206b6251f5689f4368cfe38951ea02dc63cd40c549404eaa2783a63b8b007bf8b3068aa6fab18c0a553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\f7832b86-c4e2-4f12-a3d3-22d9e8bd9e52

Filesize
26KB

MD5
12420a9283f72f68b3bb87e251912ef4

SHA1
c2cffaa86d344480c696b7c833681008709c48d4

SHA256
13d3eaf473ad18abdd769114d4fd610d8eac914bd1733e42fd8598df76ee9c5a

SHA512
fac92b0b5a3b8b99b56e3c113af5ae7d48cb85eaa4366b70cfbd656e7f7872c23292c4570c2be088bb71493db2381468a7eb83278276b019feb01e96cc8d2cac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
11KB

MD5
83396d238a2be325869b5043e8ff846b

SHA1
403b3748f3b890ac31d77688859f8ae13f522438

SHA256
515d675a53d13f1acfd3f75f95ce8c8bb50184cc6aff6afd6effb8b783bb2684

SHA512
62e637fe8142dcb430a2b37ed4cf0d750f4cfe7509f4ad1edae405f18b12dc5d656107e77d00672a99a30af5673f6d5748485218c42b5c81f85dcfbe6829d0a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
16KB

MD5
d6855c5dc83cef10514e59ecd91299fe

SHA1
89f6a883ed52d0d521fdeafb46f1822142c01983

SHA256
b07f8d0284857d97510a533383453be611090a917ffce7863b7cff4c018e4e0f

SHA512
9a574a02125dcc0dd298b05512bddc2b68023b18c268cc46c47babfcba455baba5cbf15b913ba0f33d528a05009fad0ad589b59d04401258b6301a7608439d0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
12KB

MD5
b1ea94f19f380361c9fff0fea7c650f6

SHA1
442161c824a3581279f083025620f84ab93d5c40

SHA256
1e9e64b2beda54a236cfb472d0f89f4c148cedcbcc57214467a0100de023db72

SHA512
0b4fc5d759f954c5d171ad494014ad4040170a56089b15d2c7748c165b71a1c52f7e08bcb406cbfa0e8046d44d914c18b311ed7be6fa3c67d8d5afe3526ad09c

Download Submit