c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13-07-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe
Size

89KB
MD5

b977b2bb2f20e81cc7377f809a32e364
SHA1

9321fe13bda596394850d362c2151c7438d8c733
SHA256

c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2
SHA512

fae0aa1127824f5318d0810b583e9260e89e43a284194a639b4d372683a0c75d98963660d724e2b0da993d24380c9112f9368be6311bc949d88af6407a7aa5b4
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfoxKk3Oq:Hq6+ouCpk2mpcWJ0r+QNTBfov

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
3552	msedge.exe
3552	msedge.exe
752	msedge.exe
752	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
6712	msedge.exe
6712	msedge.exe
6848	chrome.exe
6848	chrome.exe
6848	chrome.exe
6848	chrome.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeDebugPrivilege	4888	firefox.exe
Token: SeDebugPrivilege	4888	firefox.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4888	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 4772	1304	c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe	81
PID 1304 wrote to memory of 4772	1304	c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe	81
PID 4772 wrote to memory of 1540	4772	cmd.exe	85
PID 4772 wrote to memory of 1540	4772	cmd.exe	85
PID 4772 wrote to memory of 752	4772	cmd.exe	86
PID 4772 wrote to memory of 752	4772	cmd.exe	86
PID 4772 wrote to memory of 900	4772	cmd.exe	87
PID 4772 wrote to memory of 900	4772	cmd.exe	87
PID 1540 wrote to memory of 1244	1540	chrome.exe	88
PID 1540 wrote to memory of 1244	1540	chrome.exe	88
PID 752 wrote to memory of 532	752	msedge.exe	89
PID 752 wrote to memory of 532	752	msedge.exe	89
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 900 wrote to memory of 4888	900	firefox.exe	90
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91
PID 4888 wrote to memory of 3296	4888	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe
"C:\Users\Admin\AppData\Local\Temp\c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F0E8.tmp\F0E9.tmp\F0EA.bat C:\Users\Admin\AppData\Local\Temp\c3193c80fc675631e25819e4cbfdc5fffba8fcb125f47a324e32974d813faad2.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffc139cc40,0x7fffc139cc4c,0x7fffc139cc58
      4⤵
      PID:1244
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2160,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:3
      4⤵
      PID:4992
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1904,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2332 /prefetch:8
      4⤵
      PID:3616
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3100 /prefetch:1
      4⤵
      PID:4304
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3124 /prefetch:1
      4⤵
      PID:2828
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=880,i,8860393945830220621,13110491252421800295,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=224 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fffc0e73cb8,0x7fffc0e73cc8,0x7fffc0e73cd8
      4⤵
      PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:5692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:6916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
      4⤵
      PID:6924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
      4⤵
      PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
      4⤵
      PID:7080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12387859604756756535,15110646315042449384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1036 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4888
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6817bb84-a3f0-4f9d-a2b7-bdd2a7af5607} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" gpu
        5⤵
        
        PID:3296
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 26669 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83237d61-336b-4b2c-9e3f-db41d13ab437} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" socket
        5⤵
        
        PID:4368
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2528 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d85bc5d-04b7-491f-938f-331334857c5e} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" tab
        5⤵
        
        PID:5104
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d8c6d12-bfb2-4534-8855-a69f19e68d50} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" tab
        5⤵
        
        PID:2908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4200 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4084 -prefMapHandle 4016 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49b7cdea-65fd-4554-8c2d-187665c9ed77} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" utility
        5⤵
        Checks processor information in registry
        
        PID:5396
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 3 -isForBrowser -prefsHandle 5500 -prefMapHandle 5496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66537b3e-c461-4e5b-b37a-478d84051560} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" tab
        5⤵
        
        PID:3092
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ba2cf34-7c4f-417b-9be1-dc3103991039} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" tab
        5⤵
        
        PID:1368
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 5 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16e3d401-e5bf-4763-84c5-d8e07ec36ae0} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" tab
        5⤵
        
        PID:4160

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ddb61bb-f319-44db-a72c-4411c6b0f8fb.tmp

Filesize
9KB

MD5
2a9111b44665cb1582d37ea20b730144

SHA1
cf236067abd69cb5d9ec04cda25d97e1fa2f0bc2

SHA256
715bbdc641634c92c041662ec8418a5af7bfbdb102f0bcd47ca4b7d489029d08

SHA512
89cdf915f7479a8b7a494d62147a23d77350fe9eb43a761cee8084ae27a1394601adda8435c99e23028debfe4b01488fd163e6cc02d0fb2f764be7fdfb9a9480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
38KB

MD5
c3aa6e31c125d83fb2eabcc9e33843dd

SHA1
ad91b78e1a9853ee876b77b82f75100ff5690d11

SHA256
c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

SHA512
897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
eb3191bcf7b1f13edc1128931955bf9b

SHA1
8c91651430d9881b1ceba27b3988e1c78dc795d1

SHA256
313af4172ce8fdc61f754f9c9ae470a4eab65693c0f04e532f91c7e7c1b1df82

SHA512
f57111bb1ade441aa86f1b6722c96c6bb0731a7eae5b76af80291a28d55ddd3b38f1e915e80a746d20c07ded9c50f9ca9c31c04500ff9dd37794798fe4706274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b4547be47b2543e2ec575efe8cc37283

SHA1
7fe63b0691444efdb90fd8cf43b9833bd7ac9696

SHA256
795b99a64dfa5aed02d489a7e0aa567f54f08df8d0c8c4741faabfce62594636

SHA512
cd33028f450fe3d57d66a22012607dea8a977e013c4654d18c67e91117c36aea17b5ee5c2ddae0a0d9142d5667173908f4650da81f4572e92bd2cb956b68e8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ef61112b326747c1a7468c554060944e

SHA1
c85990c9667fac20b695185c1f6d3836113acc17

SHA256
ac43d63a2f52ee0b5206fe361aa8a818b8c2cade28ff038231e350a87f9db926

SHA512
425b8553e01da31d972fe7f945adaeafc94d24af5bd0400fa38f073e561316a055edd55d250dedce76c3e532877ffbc54805b345208f4c31aaea26dcb3ca6a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5baea17647bf2ade998fec284b97aba

SHA1
c9004c641ce182d80ab63ac10e9e4d9dc0a9710a

SHA256
0f8b86e9711d983288f2450dd80decb279f89876b14ecb6c26ba6ba5e3a8aa4c

SHA512
12b76a310719d1f867ce12e4ef396ae7e6c10ead588f406fe140ec030ac5b1ca8216d14ce5dd71fdf04bd2d992c92b195be5bb43dcbf18c9e1f1392b93edee07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c163fc5b2af61f63dc2852786067e1cf

SHA1
ae72c0a9b3312e2a9dc7252753e4fe9215365cd4

SHA256
2e0b39bd1126bf2b38804d209540fd1248cef108798b2bb77ad8c50d30ec7e75

SHA512
d0f4e319638db2c7724d42c47cc77bc4d32c402afd00f4eeb981bedc06eeba048474218061c8aaa3426ba2fba6bb83bcc8fdf4cfcd3e2d86e8e3f0ca4946488c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca3de7731b3d5d9b27c7fcaec9c77175

SHA1
eee5a9da6a77f61af04e24c4bfd8ce0b53819901

SHA256
f89c9be7df5ae421e72ffd15b11237f2bd4074be4ec62207293c384d5464d954

SHA512
ff34cce292fd7c1aee78f1b21d7c66b46cc01b3550b9bc18fe5c19ab73d4497c19967542ea8626b50c9cc15ff8f829e75b70835291e51e8528de09c28d49c125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6caeaa36573a9fa56331d0d8fd213970

SHA1
4134d26a71c57fd347de37f10e7664bab357e332

SHA256
9c782aa58b06d3f56d02f6900849e52bab718a8a7e2710ac2127d22569cd5a19

SHA512
110da422591854483ab369c4cbccfb43fb0e191d18e12718b9ee1f4380b0b48f434b2224c249fa5124d023fa0e08d9df490408d2f7bba259c43df384dce66351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca7dab915888d476ff51e71557708f0e

SHA1
535c7e9397242f6997ad6492fddc3002e949f586

SHA256
82800761b8b189455bb796a23bd4b8cd743a054dde1b7a8565694831e11e0f72

SHA512
955201a72f4b232c9203f4c5b76c8e8c97d669100f4c3c5ca5c28192e54d07d36dff637f96c6b12fee30e0f6874dae201498881972c4768007581dbe415bb231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96ed386bb30b8b9cc96ffe044bcecdc1

SHA1
c647e9f3c49ef367dbd1a566630a4fd606a65806

SHA256
0c50348b951643a6045aacc4f9ec61ef2acb787cbfd9cc8b1f97a1a9f0e2c74d

SHA512
797503840dbf17378f9c08e69dcca36f432e63434a037feb215d9169bb6dd455e49d38159e2206705a8cc32d171cb3856e9e8707c73a9615884ce1aa4dfc0ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ba5bf3df40898c485f1406a29ab9249

SHA1
cfd11a3a4b0eac741b00aaa160d94c13804af211

SHA256
7a1050eab86e990ba20fb820b0f3d9a75971b8d871f5ddfb4d21fc59a87bf7f5

SHA512
3f8c4baf943a78162fcdb5ba1055a4971026a296e9bde9acf558ffdc5c8b328d9d67c62b384b1c7ab85189120fcc95f56964f44bb3835c8525c991e757f97d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e91fb56f78b59bbf77d4567aa8312275

SHA1
2bd055a776c7e6e38e9f927c447d0443e2b77a06

SHA256
56e70ce4c84afd75469f9288d3381c53ddef50f40a2e980e6c05e03827d3a852

SHA512
2054333b487059957129405dcd6e006a891a2334cd244b57c91c127b996c6e591c681904fcd0fea6e37a5fdab2adbb8becb033a35fa65799d5173d51672e828f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddefa71f443d7e5c677b035e550bdefc

SHA1
c85257040546d4f9519681273bc0dda387691ff6

SHA256
f0b8c9391e4c790ce8fa6b8ec186cb71e94142b9afad47c82daf5daf9320448e

SHA512
06afd006a293be58297cd374d12eea264936ad17a3dd2837c8ea477bfae0b5bad2e3ad4e9884026ece9ab16bebafa038bee3e7587e7c015e936277f9fdef4c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8f4a8192fc651cd7b81e9e78e67c8804

SHA1
d0e57ff71823bc128dbb1a4d95ad509bd77ce21c

SHA256
9380841e161a5fd2e2d5e27c5103648cbcc896f0ff61799dc0ae52c7d9ceb1e8

SHA512
6f9e128d86725dff6de8827691b8c9a3c07fd03f1f9e78d0c3bb92effdf9349877200f2126ead86ca105ec7e038f7152da2c7fab9030a7aa26326c9a82b26f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
37d2b6ef9c103b4bd3ef7310d6dd22a3

SHA1
daf0d44be6115f046c30c2ab7b1005231b5a4a1b

SHA256
9e572d3bb46d11a7fcf81a9f53cba0c071eafc3bf50fbb2a1287862a3ecb4bcd

SHA512
c56fa2ef56349f089803dbbf83d53f94e0e17447d203786abc2df7f6529443293f9d505dfb86d278df3f39aa2a447ac234ca6be0859c6896a792086abdaf4254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d33f465a73554cd1c183cbcd0a28a2

SHA1
f5c16fc4edff600cb307f762d950500aa29a1e8b

SHA256
22d8c228cdcfd3e05431d7377748014035a3488ad3a0d4aecc334e724245a1f9

SHA512
7cc94f77f3943143ee86eabbfddcb110ce52c6ff0975842e3a3d06072f51f2c48914ee61f24484a539888ad19a7e6a1becfb029485cd5984bc736434a63cee95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
575466f58c7d9d3224035d23f102d140

SHA1
2fce4082fa83534b3ddc91e42fb242baee4afa1c

SHA256
9da0e657652daa1ef86af7c3db62b0af9cce372a5f765c98c68479922ccf1923

SHA512
06503e718fe967076dd8a061b57debdc663b9616b005f8567099a84fc7184880633079335d622c243918efc3356b40e683708fb0583084abeed7db6168a212ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8ca47717c721bb59347f3cb9ac1292e1

SHA1
c9cd8d074d3b04bb1b51f8898167d7916ed0d7bc

SHA256
6801e4f0265bc7c79af9e51c8c6c1e5c6449a6e9437b8e018ef47ac37dfeb194

SHA512
6590ec30edc2b158a50044d8189414b72f503194863a5581f7259699255303b6a489a422487c79ed94d61773ce224f6569bd4cc782341c43594c19bf6bc77b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e05440e3d7d17403c27c1eb9705b0d4e

SHA1
8e0ee4671cb02e9c30371bf8bab8489308109617

SHA256
c35218ca4bf68d1c929fba7dfadb15f0c04465fb985cbb1dc33df00b9c232d13

SHA512
5e9c2d50aea58efefb286c274ada554e8bbce76e911a3294234bbb9297d4f7611ba84b10579c841e6ec1d9c81d9d28ac4dc60359d2a62a66f9edcffd552dc526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59845efd5b9ed4ad4b2e622e42f71968

SHA1
1a852111acc1b84923c9376da4c9491cead5f785

SHA256
c2281d9485436c99e45de26a533bd3e337af00399df029589a7f61368609bb70

SHA512
344bf5ebc4819c51656c70532a3f59f1f477ce42488ea8abe26995bc779c9de70486cc0b98def40e80a0bbb1077185fed731cd6b51c95581c0f8199f0b1f64e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b7b780ac620039d82508646cda71108

SHA1
b894096c5c41d1b06469e3ed9eb0867fdcf4fb4d

SHA256
d9059d3ce62a414b9e7932a31d8c2a61e0336fc4c13fab8baffad388043745a8

SHA512
cfceabedb3470dec632537cc72947bdbf19e582ebf6f19daf01593e6be2520fbf4bb319ae6f6159f77942735e36dd5277879e9fb96435067a2f45db975dbcc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2fa33387715b39480103ccce766da9d

SHA1
f651ee770ef183021d93ca953eda314d052c5715

SHA256
57d58fce03ef6d5231516dc64f85c7a48d548a575076540071fde4c0e60751b6

SHA512
32c48022802d13c1c14d8f740ced820da49c6464f6c4ce9c1d8a4a40d8cddc13ae4f5ee500de11d044048b60477965d137798ab0173af183dee59a16060f70ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df5eeb306d8e1b60c25dce9aec77eb1f

SHA1
f56029433074243396646719327715a0a4a05b34

SHA256
7b30fb249ccd4af6860d022f897aeaa7a7067c1ee29262ae2052d342fefd59dd

SHA512
4647e4abfff72d883aa483780852ad10218b1408109b63d54f8175af5b8ab431e882aa1a63c3431c1e72d3b68486b4621e81f3327b5900a182a967554aaa5444

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz8w575m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
0f3c19c176d17653f21ce25f0418116b

SHA1
a0a9cf5f507ec466797b872fd5e12ceef7fc578d

SHA256
7c739694828627645561a96121e20ac804498c45620e4a5c3b435f2a61e0e28b

SHA512
5a5dcbc69abb39bc5691671e285cd594b8b735a0481a6e459cbf1949394d9d5d36944aad19711dc9734885040c8cb3e7d10d799991c6a5c23572e4ef637e0007

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz8w575m.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
433fd477761a6bc5691231e65a609f63

SHA1
ee4a5299a6c7c55515743b0fd9060d5d475f9f43

SHA256
20b8655cc7b3575fcb136ba7b51d8319bde36af4c87dfcc2fe3954b9717e769b

SHA512
cdc99cf005c6b8516c535e4bf236678a1c73afd7679d84bb19ad35baf89b1e2439a663c5b7d7c5e89fa21f08b9218028d5c56147dd99bd86d61c1b739d1467db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz8w575m.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
32e3d846663878db6d8d4daa805b68f8

SHA1
16023eed47e7e0e248bc43a40e28706ff604ac52

SHA256
be7ccc1c0f4a19fca203d2e378f69788d8c9db33e4a7cc6a5450a5da0e8e4935

SHA512
5e8c081f24f6156a0b02cfd6f45dc9385fec3e0ba7aba7ae6075a890437b4eb82bfbde72cf3f4d0589f574963ca409534028dc783c6bc6bbce1b58f73d0ad698

Download Submit
C:\Users\Admin\AppData\Local\Temp\F0E8.tmp\F0E9.tmp\F0EA.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\AlternateServices.bin

Filesize
8KB

MD5
9b1810e4208a12870abbd2a4932bafa6

SHA1
d073b6ff733e1175bacf87eef1e99ea464f29219

SHA256
606df80d8ff4da3b93c953859c32282451ddf480bcb0aa9e268f8913da7e1b8e

SHA512
9c57ca33d05b6f3a3e93a775d3b53048bdd504b8dd027ce3296a2c447a7d05c18231349ff6748b21014ce723352430108625b3e4840aa90df5becaefea68b364

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\AlternateServices.bin

Filesize
12KB

MD5
41d99d08d33a373e14fe67c291360d09

SHA1
018412e4b56d64785d032880d1ebcea3ead676e7

SHA256
f47e56fc35d56177a92127680fc2f2eb35f5e369b8114dd9be8dbbd3fe29f202

SHA512
15f222141967fb6add7e8db371378396709e352afb1d869df50213bcb28219001900ba31c00cf8583344f80baa75fbebf9ab07bc810e202271da0cc175ed4abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\AlternateServices.bin

Filesize
17KB

MD5
6048789295dc4f1aa48492865f9587fc

SHA1
ad5ac48a14a6512ed52deef84654469c32e2feb4

SHA256
81263347f4ec941db35339aae8c9b0ca71523d177ee4cad70fed0db5dca02d81

SHA512
3dcf1876afd83938914c4ecb02d78b3c892bf6ae3b725dd185d8763310a8c6914db16ae0becef8a3dd8eb148d866539a7c977c7150b14691d494771ce4ea3f0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
6d0f72aeef955d6cf83accddd45b33f2

SHA1
b70424e0b7242ada7df2db04d879affe41fa80e8

SHA256
321176a9bec3668bfed8a5c06b1c5c32bca9b871b90e6a4e27ae7b9f7abf487d

SHA512
aebb04568ba1e486e9c96061a264d753f956ee7b2b4ff81a18879c9888b139a774c2321ab6b9afd91d7d59755dff22e8a1f73b9fcf7708f512eec103730fddc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
ab9434a19b7d541e8ed91da7c293ff02

SHA1
451fa6d78f496fc75fc3f240b91368eb00193abb

SHA256
f8c8bbeed1336629e829b39d8ce370cc511d1483efc019d166da5f2a90746912

SHA512
d1cecd067bf0ae66453c822a19605c94b38533777b798503ad813af3fb7ef478c649c30dfb0b56882cef4db4f63a09dadaac61ba7462b21fe3fab0c9d09d67a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
4c467f71fad8d6cfc3a20e214c481a8e

SHA1
e1aaee0ad30304521800643b787b063259832906

SHA256
b3fe461c14e6bd61b034da41ccd8cfe8084b7e4c8241a40164dbe3b083fbbed9

SHA512
b2e62d69be39ef32401f6cfb6a7257f4c6875f2d60c17c87a7ccde46c890681df7a8b866725bf787c1081445dc50d4eeb6f008a7baaf741b280827ab9dd1c594

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\pending_pings\514ea1e3-830c-40b3-a3de-c96ce591b977

Filesize
982B

MD5
9ed8e3128e1ccb3eca942dd5aebd710c

SHA1
3ca0f0f500ca75ddde36f634a25c52c1e29c2ff6

SHA256
b5e1f75f7b147805f6f89f62c8cf81fb8d6ab0916da4e6b94bac2c47c236a8f3

SHA512
67d56aba7fb474fee3654bcecca6ef8d0137b62d9981639838fc2ae5401ec4dbe6d57613872683109aca6f2d34e1d6a99d5e26b5799515d8b589c141a7f1e303

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\pending_pings\d8b167ff-a68b-4c9d-9a70-60d34a509b3c

Filesize
659B

MD5
59b9357b6d21b381aeb0f04d87a0a284

SHA1
e4634bda501922eaff2775bd8dfcebaafd8c6c48

SHA256
f73087739e9abc10420b7497a1336455cc6ea3e3bc2bde6d345c8eb12e5cb1e3

SHA512
705203f152c589830f6e9e3af9d130bb905f30b61233e40170bae835e30a4f0aed4f0a77af9911c8e80ed2a1ec97f1cffab0a0e6c0beed9e8dd4507b86be3af4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\prefs-1.js

Filesize
16KB

MD5
ec097d9715bc186aed6e90104e5826a5

SHA1
a3202307a2bcfc9e832fcd6f8bde5a881bf39e11

SHA256
5b04e93aba438065eca995738fdaa73c04a2bcfe1e0d32faede3ff4a1d049b66

SHA512
a7f166f8f2cbd23db5fd3d8b71686aa42adaa71762025c37303a61f4c4490bb7e4c4a935dff2967e9d62cd628064bc3bd7b44e35cb74137822db109a3248ced7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\prefs.js

Filesize
13KB

MD5
1a279a699d91c99d9b70b3259ac138c7

SHA1
118dc40ce2d83f9df58579c09e64cbfb83805cc6

SHA256
deed9e098b2cc1411db04bf08a2382d281b9afd07d29b0f21fbe87b76331f65e

SHA512
ede2ef58193a63f87553c33f3f1814255767ba75d6961c7a2f2101296e37f9cc456070b3334e594b7c06718302ba507c2f531edeebe256fc8c1fc084424bb515

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\prefs.js

Filesize
8KB

MD5
50a65b5a6f2321f81c251d92e0f98de0

SHA1
756bbdf0b9b5a32f07e442a0a73b5fca78b58c28

SHA256
c6bb52a003fb447da0ae1be73fb0b7e8cd82fd62aa5f15bea4fd962c8553d2d9

SHA512
55c7cc95a6a9febac3348186b0ece5bad150ff071807a884b21167aa23cc521630c53de82bae40640a3389dd81154ae993160730ed414c553531888e7ee91758

Download Submit
\??\pipe\crashpad_1540_AJJYZMTFJZNIKUGC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit