4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe
Size

89KB
MD5

aae7828b14d465e594b809e19bdfb803
SHA1

66590c4dc9ba700eee4f6601c6e30ecca520759d
SHA256

4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4
SHA512

d9ac5202006d576f0f40c18070f7bc784f89e556c89f226353b8ec225872d79c38f2ed78525d9fe641f1052051482c854300c15ef4c75382d730709f67cd9454
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfHxpOq:Hq6+ouCpk2mpcWJ0r+QNTBfHB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652784433180665"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
1848	msedge.exe
1848	msedge.exe
4408	chrome.exe
4408	chrome.exe
4636	chrome.exe
4636	chrome.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
4636	chrome.exe
4636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeDebugPrivilege	2908	firefox.exe
Token: SeDebugPrivilege	2908	firefox.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
2908	firefox.exe
4408	chrome.exe
2908	firefox.exe
4408	chrome.exe
2908	firefox.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
4408	chrome.exe
4408	chrome.exe
2908	firefox.exe
2908	firefox.exe
4408	chrome.exe
4408	chrome.exe
2908	firefox.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2908	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 116	5044	4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe	85
PID 5044 wrote to memory of 116	5044	4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe	85
PID 116 wrote to memory of 4408	116	cmd.exe	88
PID 116 wrote to memory of 4408	116	cmd.exe	88
PID 116 wrote to memory of 1848	116	cmd.exe	89
PID 116 wrote to memory of 1848	116	cmd.exe	89
PID 116 wrote to memory of 4660	116	cmd.exe	90
PID 116 wrote to memory of 4660	116	cmd.exe	90
PID 4408 wrote to memory of 2356	4408	chrome.exe	91
PID 4408 wrote to memory of 2356	4408	chrome.exe	91
PID 1848 wrote to memory of 1072	1848	msedge.exe	92
PID 1848 wrote to memory of 1072	1848	msedge.exe	92
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4660 wrote to memory of 2908	4660	firefox.exe	93
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 1868	4408	chrome.exe	94
PID 4408 wrote to memory of 4184	4408	chrome.exe	95
PID 4408 wrote to memory of 4184	4408	chrome.exe	95
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96
PID 4408 wrote to memory of 1924	4408	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe
"C:\Users\Admin\AppData\Local\Temp\4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\88C7.tmp\88D8.tmp\88D9.bat C:\Users\Admin\AppData\Local\Temp\4a7da6934a6972f45b16b50ed8bcffcb88dc72c310ea495fd69092ca458759f4.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff902dfcc40,0x7ff902dfcc4c,0x7ff902dfcc58
      4⤵
      PID:2356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1928 /prefetch:2
      4⤵
      PID:1868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      PID:4184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2268 /prefetch:8
      4⤵
      PID:1924
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3096 /prefetch:1
      4⤵
      PID:2784
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      PID:1992
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4668 /prefetch:8
      4⤵
      PID:1196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4756 /prefetch:8
      4⤵
      PID:5512
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4668,i,5297241712717569724,1362425829939582369,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4588 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff902cb46f8,0x7ff902cb4708,0x7ff902cb4718
      4⤵
      PID:1072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:2260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
      4⤵
      PID:2868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:2800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
      4⤵
      PID:1304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11930045811976122392,3399434692357043682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4660
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7090933c-3394-4c92-a455-f67c2a30af91} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" gpu
        5⤵
        
        PID:4088
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa8c24a9-a87e-456f-be66-b4e53e93fac3} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" socket
        5⤵
        
        PID:2504
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3044 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcee4f81-7993-49e8-a229-f61c4bc01711} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:4748
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3124 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e42463-4f16-4b0a-a9b7-53ffd2a9ec2a} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:1720
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4144 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4292 -prefMapHandle 4288 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a48a706a-0d1e-4cd7-9b38-e5ca8ed3f9b1} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" utility
        5⤵
        Checks processor information in registry
        
        PID:5844
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 3 -isForBrowser -prefsHandle 5468 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89ecb1a-d08a-4bf0-ba08-2ac34dc9f772} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:5692
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb8e6ec-e49c-4252-ac60-86da9314b036} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:5704
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5812 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed3ff1d9-0214-4b51-b0d0-a5bc89b65550} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:60

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:6108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
24f5fc60defaf1429d3e816b48a3004b

SHA1
01938283437c16ff7572f8f926904e9a51d9286a

SHA256
88af3fa0f1c124b65ad6bc7a3354d30beae11af5136b7e8ee2ab1518e2fbcc9a

SHA512
f70a156c64940165b3dda2779836069119901d3d07552472a8b7a852efa2e707063d85a56125983e9845e92a11d39ccd43e9695ca49919399f981cdb5510e761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
415fad7e961967840ba8b7de49ec740c

SHA1
f4d54586a81c86e20dc685270e686fcd74af9882

SHA256
22495b2bc45c5cb35571bd7d75b78e723e8b077f62ad65798018a378ad721325

SHA512
a945e8f74376955febfc62ae8a6c5e48fc8f48ba20e1f84b00cb0190a35715bde46c5733663b4e5b3bb555f941b23dc689d191dc8916b07ae276a751c1090ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
992ac1a3abe25b762eb2fbd72c41cf4a

SHA1
75b0885dedef056124ff1477f8544f8cf9396423

SHA256
fa49081355d9123c3cd5a2f6c3d3b8183548ba196cb852ffeb9b6b7a589affd1

SHA512
211f01dad856141e44721b3828057a45954066efe2acea23bb3fe0afe2322e8b2837a557ac5e9d21cadc675a113188e8e5418f6a7b7a8d4f3be77ebca4a3d6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652d5082ee0c17d603fba692bf9266a0

SHA1
84461f27d54aa457187ba52d6512a989ca2b3fae

SHA256
ca10ec640d9a3e10a997a8640664b7c0ed5b6d30ee1cd2f49bc407190e3f1f4f

SHA512
463a81fad1df9f5be9112f148a8037f60e88d02434d4d01777ec5047baa1db808aa7b7510af515ce7bb3b88b9a1583dd25fb3f7b81f56c2dee3151e296b37843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36ed20d695ad693a750e328c71055d2b

SHA1
f9def84711a85ca2aada6a3dc74d62d8ad34db0a

SHA256
9f6664a6cb862db3197a3919159176223e0bc22e2070895bacfccf1cff6280f3

SHA512
a8d61fcc8474f916e761d454b09446b07a81611bc346abde3b364996a0d92ee8486c26a0c7512762f2cffbbea6aeddf7489b9b30cdc21ddc861a2fb040254064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dfd721202073224438e78370afd800a

SHA1
334a35b3d1ef2e7d2071179dbe85eb463abaf3ac

SHA256
5c7e89fb84a182061ded19fb5634bc6283e350ff9a6a29602d122870bd3b9ff1

SHA512
54d2eb593f84a1f6d3e5422d1146daacc3881b800911289662f69ae6a62d6162f4ebc991718fda7468cf461f86bb1fc70e8f811243c068abf89eeb853d827b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ed1de6a2fedb0778d42c876359076e8

SHA1
cf2de098905e481114291bc371b062a8831dc9ef

SHA256
d660dd353ff2f4cd38fd6fd7224d3a6ae96952d505ec205dca43da3e1b50d5b5

SHA512
3312a700b10314c7c26a92124e5b7937cf9c2252ff72c34f2bec5f0ea3298c1986f1e4225565963afec266c08726dd05b3c20c8b8ab01f1590286d8bf87cc116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
11adda3849daf663592ac5dc90ed45f8

SHA1
2250cf326b109e22cb270250a72324a4e1dd2b39

SHA256
27d7fb047319ee9e9739d0fc52b03afe09c44bba6b66a0b894a4f9ab55a936a2

SHA512
fd38941d5d20e2fd35e73c8e4b43e80998d462d8edbfaa4f244b144cc1319740fb8ee732a451f143f52cabdc4c6cafdd555f90559d50826e565986c44053bbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
428840dab57fa4ad7c27db90b67a2744

SHA1
09c544aac7b0df71d1070aceb0fcb56ce5fe88f1

SHA256
c82ea2f07ff03e50c8d4f5c34254c15881f4c63b471ef83c5cf87f0720aa79b1

SHA512
64a1b4b4b690ac352197589778aa3c606dfa7b07ca4c5a9104ca5aa43b84c9b0f57e57b76beacf58fb2a23c0ff3007ac67e57a74c24cc2d701c025743a8c583f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55eab1a65b76c0dade1f53bf64fc1072

SHA1
a140720963064e32f5fc18366927909622ba9f85

SHA256
59e23d31834415677da889990c1692002d7e6d0adc32289be05c95f36d0c447e

SHA512
1b17403389a158a1985cbefdd8703164c6ec78026f998ab763c3c95fecedec5abc2a0c1f70de2f3145f29d8e2037f8b953490de9d176b2dc0ca5195e89669c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5749415887831d970cee951cc53430e6

SHA1
da652a5403d6761d037b019b7203e8b55e45020d

SHA256
0745575f378434bc11247d34ba76d9ea6a586d61e33d45c85c13729dfd46fec7

SHA512
827ff9ee266228e1e0f7404e6a61d1c96524b3ef7d21323fa66dbd90344e97fb724d093bcc768b660b7fa1bc95028d9bc40f3d39b4034798e12b499a00e16bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8221ea3fa3033fec16f8f2acaf91bc7

SHA1
a9315746982e3baf9de1258654c9bd80318f3acd

SHA256
5a74e31d798fba24a8ad4d235619ba84870417980a5866f68c060233adb4f4a5

SHA512
89cc803060227538cf0659e275b4a8d64c79143c5b37501621aa0aaac1b9ccfa73eb8b5110cd8023cf218c3854aedd109248af8f1d47220feb0c6d5b30abab28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d72324142347292bf3213720009bb8ac

SHA1
3bf16b4a558736fa6993d10676740250673824f3

SHA256
c36581fca5006d8f713e22c3b222ba81fbcf58681c3437f1e18c5929137ccf21

SHA512
1d5ae381fb3fa8bea8734b1ffc0838b95c68dc5b930399f5cd741cb5bd467eaae8ea3970f78462a5d1022eb24c86dc8990572e200d9b2342936dec47dd571b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4b486098fef99f3d5c18062a9e082f91

SHA1
4d55c8b84650ae83de450ffb0a4ab1165b1ba95a

SHA256
c69c6ba500cd62a21877f1c62670f9265ba23915f02999053e8d1954c011af08

SHA512
43ff80b419b5ecd727e3f75cba849590c898dcd880ac47c724eb2d865b7a6ff67ea211528c02d02d0ea6fff2409b08ac9821c8220fcc43074ba58368b5d52f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
c613db7ec93e4687bebc5f42abb2d270

SHA1
41504857eeaec0b6572f7d0662c0fd24fe6aeb12

SHA256
87605224147bd4f4e2b7b19bb569d82b5079721672c128a4626959b9faa8339d

SHA512
3af4955b1985f536bf65260e06f50e6d9563486070c2ef66721f934cc3d63cbae9e58f73246156c46d4f9a45b7993a6b581278d9f71321f9bed26e00f79c7471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
1817c985909c97262f1644fa3cb84a4a

SHA1
4850529a5b9a27177676e609335b34f86dd63868

SHA256
26e452d5c5b263106b857e39e4fb576f12a8eaa2e40b9cb40b85cbb55d64d218

SHA512
80f85aba20bbe059d5effcb5866418494309766a5a079890979eb0e0ac537b611fcba9346a19ac76b2ef525e5f092e83c4f7e0c7c03435e24d51d9b45ce07159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
c3aa6e31c125d83fb2eabcc9e33843dd

SHA1
ad91b78e1a9853ee876b77b82f75100ff5690d11

SHA256
c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

SHA512
897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
80d4981ea8d8e387de60032cdafd86aa

SHA1
8dfe3e25c48eeb3d99ee068343cf6f4823277d0e

SHA256
e754b861665c7ff487434a075b7942e5ca3085ff9e2ba3433bc2a1a64c485e06

SHA512
af7de08131e529f688401fa94e71de9c57c2704126bcc643d1c4c07592a13bff7d2b5357ec39b43aa32f02271079e1f50a3d1c5fe06c8819b7b553e675ab35a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9f06dccaa0e8d40ca29bb059739b25b2

SHA1
86c1820744c910f254240471b6f4348e8510332a

SHA256
5b54f794b129ac68a1b32ab38d8f6e3bb38f2aeb408df8729f8831d338a4f24e

SHA512
32810c12e5782d881f4d8fc6f5eb84bc7f3964c140a475605e307338e472407353f1ec62b25ae1bd30e999e4c4d57fde00d5f299c91db4ec50843f37867d2df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51883b6cb4030134074687757389b8fd

SHA1
138910c360e14c20911f0bc9fcba326440ddf024

SHA256
c46b3dd362122e88ae771e517720b54ce65a11883b016dbc027d2332d0903b93

SHA512
efb2bb5e7d4af5f700bad74ce4d876b91baecfaeacb730dd118ed8ab2c36a71c4cce27db779404783a10b702034c522543202606f9dbd3916c03faee8947802f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f42dcc444fa3b94b890273c49020a20c

SHA1
31a1b00d906bef9f97036ff3d82c3eb5cc1a0e03

SHA256
1b604b98be25a15f7a3d9683d2be8dce39dea93916fcb211468cce9c1d51d926

SHA512
91d119fc2413c64ec7118988e9f51f2245b3d01032291578b5b4dc03c7433403767b8a15d8679b35f7a6e8ebc551677db65da73965543dd9158bd32787cd6a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
840f029e3f01333eb009aa2559beca4b

SHA1
77c862996ce34e1cfe1e696fd2c768133f1a7f76

SHA256
a1fa0f236e0e79fd4535411c450615f519fe2b33445d3d7cb289af8f50886b18

SHA512
f9521f4772b04a3e1f0c5ad078f3fa36bdcb57c537e69e5c8690c1241916430d55e911ca50f83c749f59c5aab75c77e9ea9d1b0e291b7beed305fc557912cd3f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
ad6e9433a5ab4a081fbdb0fb60eae3fa

SHA1
e30943327e0ef99498cc527c0cb0de3482cd75c6

SHA256
d4bc0d42f17a67280901981b44e47105c5999714e04681fbd2769e1483360805

SHA512
ed3f74b389d71ee0e143687752f2520fcd48e81526796f43a8e88e441dbcf4cacca6a3d777cf7ff0f49e562499933be23da3b4fbdffa7d0a84cb32d34f55b77c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
c3a2ea5908b65efa33bd00fc50d4ead3

SHA1
8b073d41b4d6159d64c1e9122bae3ef3e7751bf4

SHA256
5edd6ee2b56920f2938536b965fe6557a306ca7b8c30cd8b18eac19e36024d38

SHA512
453c26fed1932126dba5ed544e14660f52eef0007f0f9a4e38bb663dda7a2b7bd07d28738097c3b71a8002e2cc86547a0f109f730fd1208e8b53752b5e4e22a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
af93b06465c2682bf7a822dccffc3264

SHA1
0c9188aa30f740fb4cf43e1d2421756ff4c5bb25

SHA256
ea97bca813bf2b890b21773147a4dbd24656f35470548be9705303ec7feb6d58

SHA512
ee3c53e9b9393e9963b2ec3ebb4dad97829af0a37b0a7991b8aa2287faf0df6fe303a4a2232e0bd945d7c44c52d03b669f1c761a4692f7cd69738537f0138800

Download Submit
C:\Users\Admin\AppData\Local\Temp\88C7.tmp\88D8.tmp\88D9.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\AlternateServices.bin

Filesize
10KB

MD5
688a97310017a3a1b4a179a7b8ed3b87

SHA1
0327a87d7e70e645cd5259fa5a54d25c5d0a01c8

SHA256
305bf70272bd34f7e8903d388455a5bc10a408b940c80ffe7d85037c9734a19b

SHA512
c40b2949bb185bc157a2a05b3850cbc94b7e4627af0ba5dc29bfefdf075167d599dbd33307d4a8b015140d47577f1c4b325968654912ac45bf66ef3413dc7e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
91bb747bc49ed39a9d820fb0c18894f0

SHA1
3f827d1b5e84e918c5b8bdc1868f699db49db163

SHA256
058fe4ba4b731c7e0787fd8561357616b4c3989208fad14c7b9182e007506b80

SHA512
f46ab1333d9ead34f9d82aee35f52c49142c6bc996e1f1256d679c249f2a67c5cc4efe31857ac80518d3f3c4e302981bd790bbfefe3d69779434a3d0f190ef85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
28ffea681e39548b44810a15f1473f5a

SHA1
54cf1ea88fda391281a2dbb5db0644d2a5c3911a

SHA256
5071e65c958c40cb02f50fc8296cf72b863e7f74f952f53e602255d5392ccd08

SHA512
76efef5027e8d137f7dc9b8dda6af4651edb0f320cf8945baa340467345ad36cf835ff39ca29e4a02a708c828e9d1a17ef17ffeeb6c7c81af4fd3ef1fcf36eb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ce92c0328be03ba9c1212c23220e863a

SHA1
a942f3ccc3e0f6433cb93dd5b1f61206acfe08f8

SHA256
73520a22a3c528cdaa89c3f8eb0e031b7172165206e17f95067db1190afb7015

SHA512
7c6717e636af7756b575ec12d07cc56827e523b8ce6ae3f008864aac13ffb196726b3b524230a83b342c54e0e5b22c9e9396550f4eff76eff76d48249cb23d27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5c89c8f9895281abf98cb546b55c2a45

SHA1
0e63e8356772ac6c10cf3b9f74a8d07fc438b2a6

SHA256
791bb177c8aff5a956bdf619b9c94be0d8c3d689f6ea907acfdee2d57717ec22

SHA512
e8ab72e296b13ab9b91a2899033de3717fa38084526d30d3ec8caad4b341afba72741607e11d378ac2df9a918fa64503a5d850645cbb96f5724750bb799ebb1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\0b3bffbc-befa-4811-9e0d-6d80ecd5ccd1

Filesize
671B

MD5
1229495578808b5d791ff47ec95d19e1

SHA1
73d2b7ba97d720edae48e049a911129e8576e119

SHA256
6e9098608cbed1b18303fd51c495215fd1d82f4173a1983d0a7e9816008b5011

SHA512
2908970d5fbf8080e132826cec88b27ae6fbab26bf167e8749080444b1a1cf68669e9746cb59576878a66add14d17884782d2b176043f842b57c313027cbfe40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\30238178-6be3-4466-a340-968475c9ac5d

Filesize
982B

MD5
01a1f7a8683194716b2f0c6a5a321c50

SHA1
841fcf11f22e6cde8a12f19aa62dd28fb6ad8ef5

SHA256
bca79243c8071b8b7b74796283e62d4b35637e91d4831dbe2a1ba8ef0475e0a3

SHA512
638c5e45a69156fed1f76ef51f927924ddb9730f1dbcdfb735beafcf5c9f2cedd0567001da795a044c3bf301d1ff7fa65301536097020ca816fc7da7b2811a3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\54358894-b768-4324-beef-5187dd8614ff

Filesize
28KB

MD5
b52ec600fb0825c2c5556d069fe46bc8

SHA1
181c3be41393d5d2969dad43d2a28340480afcd9

SHA256
454a3a95974ed6318f8795fbaa4d0e4dc0b42d014e9928ff8d49679f9eb0f036

SHA512
88eb309e526bb4a72482c7a0f2db0e106763bd1baa2f0c01146e9c652759c6e74f4247cd27b61cd268f7d09deb05d2d19bf8ca5a1639fc270aa277b5c6af7194

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
13KB

MD5
9d69b3f67e850ccd3577a8d98a09b509

SHA1
bca0652c5cbaf6a860c3f8b4974802cfdc6d8a6a

SHA256
329f6ac774323c67183b6bd06ea7502732286ef108706532575c07f96626260b

SHA512
5f53832daebb59906e3fd5c5f9fada33ddb3fdfc0ed0b70e29281f214efa63a0a31ed6884b975b86ad9390b683420447b5e6ed87f264b473d0d5686705a08b3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
16KB

MD5
a22121c052386b436c84dbaad603ac2f

SHA1
7ffd5e1414c81ac0c5c2356bbf5cd80a30745d25

SHA256
9ac1fb151bb738d0b0b3b7d94be55a201f1998b514e871c0749581fd351f7298

SHA512
8e777481ce48ad2edf475d76d1265e5c261bdd408758704874eaffa1cb98161c8552c23ccf71c38a0b11b16bb86e35a6a5c8e6273370f53f786f2f304d95fe5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
11KB

MD5
8a7d5b7d814f749d3179b155bff7bea7

SHA1
0293c10682c98491d45d44ccf56ca59db435a1e2

SHA256
9d5cd3da0858382bee611385a2e956a9727329443e3daa2a2c0847612a27911f

SHA512
397f71d84cf0a837c64b64f2ba6535f880a13aedce000124b3a8d98fdac311d053aaf8c5597cc9615df9753ca8afa28990010a3227ed44a8e6da4186936cc5f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
8KB

MD5
340d1755402fe52a4fd82be603202d75

SHA1
0ce3ea579b4073654d489e226fa11f6d35d1aca3

SHA256
96c9e84d2c9081948f8ff94d2af381cc7dcf58de6eaea10b23708e9632d140d7

SHA512
d728e8d77ff1fc98dd88143469cb3fc84406d1e0cda4e16c0b3e53a1f4b4d08b8a636b1c57da760d955cef07ed3225fdfcfbcfd92ce9d7e1cc4bb6a4d8c53572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
06e4182c50f96120b71769aba5c79770

SHA1
d90806d9ea0012290b530395d9aeb4a3a73ec708

SHA256
2a0117ea670210cdce9d5902eae74edcfe8a372340c0fbd5f709bbfeb5fea6d9

SHA512
de5550e8574b2854c790808b5f254d9fe953fc1022a668c26a0d8766e0e78a7408f43cd39a356f15e46862de24b681751b509b39a17d736a01020e87b29a956b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
b83f80c3aae19e20ec0aae4f7fbcfb76

SHA1
a2b09be75b34981b2bbbf727bc0f798e27d37b0d

SHA256
ced708f0b46d3b143ef7ac5e671b5e3981f996a006f48a0b1c3de35f7a9a54b9

SHA512
08e50c28e37f4f4acc3453f5b479abfd224e183c861186182beea5ab6cbb907815d45e910dccb73e85dc27f0cd62700e3615d3338f51d5ae05347bf09c47afdf

Download Submit