f6a3730a6032aeadde6b2ec051ad8d3a289000f5168c92b1e342fa82589fb1ed

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

539952aca4f7b8cb197cfebf80e35892.exe
Size

89KB
MD5

539952aca4f7b8cb197cfebf80e35892
SHA1

11cba6810ad9450370357b59dd4a1a4702dfa841
SHA256

f6a3730a6032aeadde6b2ec051ad8d3a289000f5168c92b1e342fa82589fb1ed
SHA512

bf43491e68fdcfd1e21bc85faa07f659474f083e4fc62c016aeba281fec7d8ac0056de0a8824ca9ad2bafe56665004e54f3a345fdb2030c7a32390f9e969b451
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfWx/1/Oq:Hq6+ouCpk2mpcWJ0r+QNTBfW119

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	539952aca4f7b8cb197cfebf80e35892.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654180337090280"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
3060	msedge.exe
3060	msedge.exe
2652	chrome.exe
2652	chrome.exe
5744	chrome.exe
5744	chrome.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
5744	chrome.exe
5744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2184	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2576	4164	539952aca4f7b8cb197cfebf80e35892.exe	86
PID 4164 wrote to memory of 2576	4164	539952aca4f7b8cb197cfebf80e35892.exe	86
PID 2576 wrote to memory of 2652	2576	cmd.exe	89
PID 2576 wrote to memory of 2652	2576	cmd.exe	89
PID 2576 wrote to memory of 3060	2576	cmd.exe	90
PID 2576 wrote to memory of 3060	2576	cmd.exe	90
PID 2576 wrote to memory of 3224	2576	cmd.exe	91
PID 2576 wrote to memory of 3224	2576	cmd.exe	91
PID 2652 wrote to memory of 1420	2652	chrome.exe	92
PID 2652 wrote to memory of 1420	2652	chrome.exe	92
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3224 wrote to memory of 2184	3224	firefox.exe	93
PID 3060 wrote to memory of 2488	3060	msedge.exe	94
PID 3060 wrote to memory of 2488	3060	msedge.exe	94
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95
PID 2184 wrote to memory of 4956	2184	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\539952aca4f7b8cb197cfebf80e35892.exe
"C:\Users\Admin\AppData\Local\Temp\539952aca4f7b8cb197cfebf80e35892.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8AEA.tmp\8AEB.tmp\8AEC.bat C:\Users\Admin\AppData\Local\Temp\539952aca4f7b8cb197cfebf80e35892.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbcf31cc40,0x7ffbcf31cc4c,0x7ffbcf31cc58
      4⤵
      PID:1420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1844 /prefetch:2
      4⤵
      PID:4356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2300 /prefetch:3
      4⤵
      PID:1868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2108,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2408 /prefetch:8
      4⤵
      PID:4848
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:4336
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:5468
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4700 /prefetch:8
      4⤵
      PID:5200
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4584 /prefetch:8
      4⤵
      PID:5220
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4560,i,2255312761157125035,13063123079621903205,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4540 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbceb446f8,0x7ffbceb44708,0x7ffbceb44718
      4⤵
      PID:2488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
      4⤵
      PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
      4⤵
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6387433535796518867,14059412337550388416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2184
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1832 -prefMapHandle 1836 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7526be9-8960-43a2-8e43-8e2b75b03059} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" gpu
        5⤵
        
        PID:4956
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2368 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7ecdc26-e299-432e-af9b-6747cb4f046b} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" socket
        5⤵
        
        PID:1716
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2740 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f48864a-95c7-4383-a1c8-982254bb6f6d} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" tab
        5⤵
        
        PID:3052
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dffce8de-15cd-4665-a659-91b3d0bd918c} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" tab
        5⤵
        
        PID:2308
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2976 -prefMapHandle 2924 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c47e148a-7728-483d-8084-3c458860baa3} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" utility
        5⤵
        Checks processor information in registry
        
        PID:5792
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 3 -isForBrowser -prefsHandle 5468 -prefMapHandle 5512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ba9a56-b205-4b5b-8646-0b2f07141518} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" tab
        5⤵
        
        PID:4908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84efe1c-4d87-4691-a52a-fc09c2873cb2} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" tab
        5⤵
        
        PID:5308
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5904 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a379dd12-d064-4016-93d7-9d798bef0427} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" tab
        5⤵
        
        PID:5380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5358ffc3b5b061e25aa9ec533df20544

SHA1
b0deb0deaca8df00d619f23593f7f5df1c7d7f41

SHA256
808c2079fbf52b25eb731a4701f40ab2a4ff6439f54aa025aae33b4481547e6b

SHA512
6fa3badb4c434a6fd3cf9db7c4cecc57a60a2364add4366db3b9b4f1e8964af40373857b49b20416cef143ba41d28876457345429455ed66ce2df5a8221fc8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8314eb52fc047be55a672a9a52264017

SHA1
eadd0dbbf0d69c6b753d8f5bead961f3725ecdc8

SHA256
1d61003abfb78b530619063316b40c22b0c74d93aafb6a4bb14860fc8967e9e2

SHA512
52ba1cfb87db0b5b6d3e343574ea479948a057f0038962ddb7c4de93f25955f8391ae25d0c93b9710bcfe0e970c50638506250c30888a85b8cf65a16784215e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ce1b6164def9f37981b3336f5863594d

SHA1
21e7c65377034212ebe36f12ef47d710f4f70d19

SHA256
9f013ec5d5eec548e01e3ef5c2f2eb7cd58e83f3a2c18ee4da4d009364588155

SHA512
34c230ea526f269a6e7b7f2c7c08390dfd2ad40cc6bee21bd910e6d4698ff9ba131aeeea82da738284b44c01ef853ad3ff549b03be34efb615189bca35538036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c63f7f1af2a67ef3e33d07dcee8191e

SHA1
9bfb5d2a457dde400c5af3db65444a59370e96e6

SHA256
45317f316bb5e75c82785d84816a7814f7ea4ba2a8e17ddb10df054cab1b90af

SHA512
24b497171f3617ecad55d8c67b1805f15e14369114ba222f9032dc31591ea645431b0355d79862c91da24112f35a7230ea1172789088d47afd7cd1db93d59094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5887d57e04271cd96886c2c271118f2e

SHA1
c9f58cf63ef880336a6c3c20d7426cd3d826070f

SHA256
c14f767b4bd2a907eef17d8a36d9da244edbe6813f8a66e26387a5e6201cafc5

SHA512
e465af8e51e3aa8a648341eed9672c9a9c01f1afba8ba6e7c9f91680598794a609d366d85031106aa1edd60a54a41471c099693f7a188fb198ac03c320874212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25fbf825313df3b178d10fb3b1f83713

SHA1
1f1880002dd90a489891495f376825c44875f837

SHA256
8a979645318b653aa8072b2afd64abb39e60dc1941e6659136d0f40488f3643b

SHA512
a939677306cf9e51ad38d86b06eb616dc33a2735ec792284a1bc1c3a141d9f74e7ff71cbf8026ec86426e76d6d5207faccea941b638f2235209ea98e49ef0763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b59b8a0d6c21f05ecd253221d2e0a6f

SHA1
aa6d9d4852dbf563b5b72869c90ac359591cab80

SHA256
3ca094c030c3f46a7bab208daba84dc13d87840077277179cfcc2c471fe0ffbc

SHA512
40c0e14ff08b7c503180a08e58cc1c3d20ca8ee712840e4da22b76854ba9f9b734d6bc1a1fe6057335eed7b61abf0da3f2d021d0e18c2d6b2432dae1da9ba89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f0be3863874688f5cc9a3b0377ab927

SHA1
2a745bd20b631e14134a8f34d934865392c6f554

SHA256
dd699e98c28d26165e383a62d258168bf36d28a6f86528272c0f89dc87faae9c

SHA512
dcfbac2cfaf198b1fe55005171bf12c5571bc6d63ea2ab83d4883bc7637748522e5757db0ef969330bf2b2de5b255b43ea078ad0e4de61198ff0493ca6d2e809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b06628e7ad7afd29eb0676935e3d5d69

SHA1
52fe99156f5df5bcffbff7b2e95c4f5f79bd6607

SHA256
345f930e556249c959d73a49b690c838ea5ea24220ca232a7de4c9178057e317

SHA512
f88b89008117339f7c36711492a329413f6ad89a986239125c2c12fdf7a39e0f054348baac3555fbbc491e843e64de2d1b00af61e3eab0403728e632d5ea3827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca062baa1c3185eeca4e4cf8e0f2ed4d

SHA1
b19abe7b61692a514ec026be41831a8d36f5ca39

SHA256
abcee6aafea6452041caeada805cd710600c3352d5ceaddf660e76ab13a3d45c

SHA512
63f0aa50d8517e2e7ac48d6c1e3367041c3fd76906d5ff13663c4635a4ca397351bf5e68b5b20f1019a7ce8dd1ddd9d7971ff2776d1327873a137b346bcf45a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e0f68cf612a1ec4f1ed7f5a5712ecc2

SHA1
dc24d3cc43020c39848929eea9b84369ef9123ef

SHA256
beb46c700a52f8816021c2a133c6aa5a6ec0190e919df112efc9b797827a3df5

SHA512
97b9ba8b365160b42792f911dd2413f1f3cc98982a5ddb4229c9ff72514ec6577d4e9852f1e4438c10460d22751850b05c7fec241c655bf701af9607f05d6dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
724129d599bd68be608516c25048aa4c

SHA1
70cac0f95c73b458ac325f483719d06096e5191c

SHA256
c69b97eec32df71805db91c0f14cec686b64629d2e7c95b42afef642a10d94fd

SHA512
a3edb8994e39713cd42924701d72d4f4621a99b79f89a63224835b364d66e1c1d182ab9962f1427e6c5147d3d238d930b9bcebfd4952c271639c3576eb4345ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56d5353b9b6ad75c7fcb69ac824e3c22

SHA1
2a799b019c9a234e0138b0567d069ae3f7bc0d7a

SHA256
ab611f04fe92550f244f88f9f0b5cc00bb0792655e3d4e46b1d33d86482bda61

SHA512
1434e20a12ffcfa8b6da002f6daf23743a9ee1aee13ce3108ff92cc5cf50225cf4b6ede742b8c80af4e2e34e6614bd31b21f0fba79bb4c578621fa2e042532a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
561ecba4e95c6226b2ae3411ca02ceb6

SHA1
48fbedb06c5b87c74be00ab34f8759dc5794fa63

SHA256
8c1b00e17a4b35acf04204dcf2ac39b1e727834525b3869bda9a3bd0f25a100b

SHA512
a0e2ac4ab28da45951dec369bb55fcbe87157113d8bd309b25e20c59b48e063adf058022c9cc3a3102302651c3599fc4a6fbd79430bd79136ce62387e871a08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
2581fbc04fd76be422110ff255d28ee1

SHA1
4967af835eab318659e77e549a37b5c0dc6930ef

SHA256
1ed98f309a8e747a5d8221f82a16d1bfce7be8517e73eb28abbdaab0f5201393

SHA512
d558d815fcba26f251492c0d75bd85f375e4195bd2c5a911698678fc73e9fdc296accd7cb20e13ac2b6d56161d653ed332f8a31bcc05c11a814c4bde9f632f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
064637208ad9b5adb34df4626fd369b3

SHA1
17d588871aea684a3a931e8ff8002ae0e93e3c07

SHA256
39339305fc6ed0baa55215207eb638dae721663b47f619c80d491cb5e6cf0eb8

SHA512
5b504f3bcb1ec3f4f2feee00b46a688f0b2fd709858be6d73fd39b51cb5b8ca3d3d47cb903e12c984aba94f1a1830cfe78a16076469a717866622ede5b014fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
bc48ee0e17a9594baf1763fc1d5d1309

SHA1
c54fa84ad13318668145207610cb77269fe33539

SHA256
a463ef1496de9b5a35339febab6176962091dd7fbdaa468598aa55c97a812ce1

SHA512
8970efae9adfd0c7010e523bc4a2a966f44a7e41a410df419f7c6650097b8aa7583408aed16d780b201c73e9c647d1733a4bd730aaaed97fc566a81344a7de3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1ade250ad441f85734e89b6a98983fae

SHA1
7faa4c099dd5719ecafb7b04ea9dbf6e35212ec2

SHA256
bd9d7acb7e63ee9d4d4b44c7ece2c4749afcd4529234569160684c76f279b4b6

SHA512
c59d0cef3591908db5b69d57e085775bca67d9f6aa7a67d4e97d41075482e444451fc4ddd8bcc6f9eae2c1ecdae0cf96a7a665cb284b275c3149756f6b36c0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fd2fcc3bacb59b1199ddb0548d04ce5

SHA1
d7e1d8f7a0aea749724d5885746ea62c438cfe8b

SHA256
01dd86d4e6f2b8cb153fa76ec837b16d2909a3a216decccca1a5dc9a07732222

SHA512
233604d885e593cebe33e3f3d31a0e23b3debd227d5d9597c2fc891f9ff7117c64e12affd8e9df2797f77a7107cdd6d858d735888e5d272a2bd9aa826d1b48c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
692813391e1168a7e615560de4dc4aba

SHA1
7d9e01e770dec5ae6130228e6dc7f79da336ff54

SHA256
1ecf9b12f956adb0a794ffc587630192cde1af78db1b1f5351ca9bc26492ad7d

SHA512
30a9a2df30c6de9adabfae21813b027246ed21f5e0e27ed5afcbb79c25c08f016a7c9b7c44f3fdc44c085c77861178d9beff18a53ea33e9fb89095c8dd1350d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
296e5dafec1d2698d90cfe7a773eae38

SHA1
f45178c88c62a34600ad6413d3d44fbff6faa0cb

SHA256
6a3c4e7aca2530bd89e4e62db8fd8bd239db921f318c70932957a0fabf3a0c2c

SHA512
63004b01428cdc116674143ca54937a610716a205966fe6883fb498f27e8e5416e45c4f0b5f071de6508c8c28bc293985b040bad40a75a7e4d3a40d19b5a3ca4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
1f1970298cac50c0797131d0adc82453

SHA1
b7b3b5a57067b60c885fdaec15951f9e7496940a

SHA256
2a16d2321b0c53fb6138bc809bc26dd595141d25009aa69559e51234cdbf7d65

SHA512
1bf66d9d6cade1924c2395211cb5ac17631590096b7b56126fc617bfed55b392e1454c5a5be0fbb70a120db96695813e9fdca81a71e69c8ffe27a34f8da9dad8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\3F6BAE390F7FB4267066C23DBD35348B57989359

Filesize
47KB

MD5
a58d9f1cebe133f3b598a54820959162

SHA1
76bf0b5e70728509d0574cd34213b4513d7e3ecf

SHA256
281d3b3d2d186f307064923ed7c1dc670bcece61eef22a6b5a5e3f8e6a649a7a

SHA512
d7c469a366f73efc1ef4b34117fa1c804080c5d7b01dabb8c4374c19206bdf2cdf9a688cb2c2ff7a80695c88eb22b04cf132fe021a47ac0f0847afcfd7663513

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
0ed0582f396502123caf848008412b3c

SHA1
dc7b990d5436d5cb09a276a97e4d8e4e2e304e6f

SHA256
d4c1dc826b5f20d828c67628f55478e7c59066e4472abb38caa2874e8b4f66e8

SHA512
ccbad2b4e304938bad5ff318bfda2384db3dae882b44c14c1c829507b4ea1a7fa8ca13eb806a6bb97eaa6a91ceb127d97f221a4621d0b92d0e193fa2f2669885

Download Submit
C:\Users\Admin\AppData\Local\Temp\8AEA.tmp\8AEB.tmp\8AEC.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
10KB

MD5
45382e7556aa711d98c0b465e58f4f38

SHA1
13be27d0622c3b4df0a8e13ee62fa05ed01e9802

SHA256
fa3ed53b5ef689e51722f59f204eda45d5f61ff910d0cf76889969e85c2ec536

SHA512
ed42e20cdf42cf03ad299ad4f3fe07a9922fdc95359e136b881f2d6c22ca1b179aef00b84bb6b8dc144b93297cce797f071ebb8e5247825f2085175a3b0ebfa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
4d811a00d689e6074d93f0fba8c219ca

SHA1
535d9ecb7c900306e7818c2120e4dd3e4a8933cf

SHA256
6bef0719aed997657baef8d050cbba031a596082fd0974cd0876b65d59acbff8

SHA512
72ac904d3cfb4eb705d34b6bf75af208b098b49c0b4f4b347a895a62075edc01806c11cc219d46200b45d663691043fe726fb2f46f68502e3c968ce11e5e2252

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
18802955c98fd22fa03e9a4802bef3e9

SHA1
2908adea037b11aa6aaab555e7a3fe0abfbe8e5d

SHA256
4223591ba6fc5849666784759f2ab4ff278c79e646194b484f3a4dde11c79a55

SHA512
0035fb8ac69ab8c62e1702b82e61d262268f60615ff08207d7e67ac2563276945019b22a47a414008c9cefb705412d0e135b4de56e0e42099daf6146b4dd8e1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2cecf2ba7759caacb38b3f669aa49b8e

SHA1
44daea898d4b65c84964d93d9d1c85cd427f8d34

SHA256
de8674b30a46fa83307c843b351a4eac4c01b7a4f176f841c05068dcafc33ec5

SHA512
2edb7291896fdc57ef39b5556c935bcf9bf9564831bc6b31c06a5ede75b8c7e7dcecbcbe4cca0bf4385c9532ab7ae63f84d677e0ae24dd8e2462a4c042ad93fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f692d3b5e662e801b7c6269e31ac8198

SHA1
d509b87befec70a59a955fed71be60b32aa283db

SHA256
2ae5f4b82724b6f4a589d2ede76c2d1d43cf88e8db4554c3df72d2698fbd77fa

SHA512
cd9251964b208f8668b94f29ff62660a1cd968bd4b22af175c194f3789ce29437c21782c8d6da6b36ae50f236c83db3a4ad84316217f05e9c54fdb4bc2f5a92f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4943fba1c61748eaf5ab0569714a6b1e

SHA1
ce74105315b2535f1202fd06f6e8c484d4bdcd2c

SHA256
05c836a05d3a774ec6e7edd865deae14dc09a5f000f4a436b863347184aacf46

SHA512
3302089b7f3f68cfbf410ea39e4200fdf2c45d7aa6f72239111345ed8d3e614fb93f9bf61d21b98ffbbef60683be434fa6925c471cbdc86da8cf2b9e02165157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\2e6adbcc-2523-42b5-abd2-925723239a6c

Filesize
26KB

MD5
0d695ff67645ed4c00030db65abe13fe

SHA1
529ab08b675fae51fd5f5bfc227cbfe113d86bf3

SHA256
a9bed968c5df48ff63ab3139ebb3ff54207c782d022600c44e8000c9aa1da4a9

SHA512
47591f84c10d1d26aec193e10dfcc4a1262f3a3b6d044f92429628f6e97099b1fb8378497c30b139597db6348bb1993d666cb2bbb97fa28c88996224dc524604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\7fa0d586-23a2-449c-bd51-7d04ee636d30

Filesize
982B

MD5
d8ecb1399dbec97597ceb75d5bdc56db

SHA1
c0f3f30dbb3d2bd7cd81e5c930590063dfd74089

SHA256
d3a47aa65d11f199a2003cf9614b7d83fbe77ce84b851d802368143258aeae61

SHA512
610f2578a7f9809893c8beae04010647bc1281a2bb1d788b280452aa0592540dcf60923432760a49a626647760d83644275040e563b13c7a49cd604f8aa47988

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\fbebdbea-454d-4134-9bfd-da21471d7c5a

Filesize
671B

MD5
3487aa8138d139c4b1adccc27f4bbefb

SHA1
ad0c79ce6b700c9b97efdbd399164424609dc95b

SHA256
a49852190780c9f464557ef69ca784cae49f79aaf0b56361cdf1287382636761

SHA512
ff8049312b8590d6a038cc281cd06d6204fd2fa422874e7a6a1880d9832b21ddd0046ac9946f4a26290ffd80e938f1e6b13e76dfe906ec82dd437aee9116d362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
13KB

MD5
a52a12482e7a7ae1c3ed7381e8146096

SHA1
0e1dc93acc45e807ccbb38d57dc184536c484ccb

SHA256
a4ca2d22514e41dd8aaecd28d5b3e772a9cb5a4bdabc1cfa655fa36c9e6d7637

SHA512
6a3f45dfe3217223cc3d0df15b5c68d6712198a23475e9d95227905a744968ae76b0de8bd2ac96ca5c482aae68b2aa54e7e069b776061dca30cfa1b088b25af6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
16KB

MD5
e231c6965b2fdd453ff0820453235792

SHA1
276b95ac38ae0f8818ca5823fa3891c1ddfbc0e6

SHA256
53a81ae3fe1e5a84064b85f4275a1382680e0a1b03f17adebbb6e1a131840029

SHA512
1443ba7846df5c384fc5978f8f43f8ebf8fea7e0049f69b534cc56f019d4165d40f8b6adbcf356bcda7d77cd17567b58d4ae311a75d9a1940fd144a5426fd82d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
9b738fb38891c8922e23a4baee693f44

SHA1
2ff370d25c2a197e9b0d35fc71db4a97b2bd0310

SHA256
8813ad750866bb38356a08a31448b1eb0798daf0d14fe22ee6093a4aed71f0d8

SHA512
8a1056eddf53e01f5c26f646518427ea1c44ec57ea4cc211e97666f072d7d855385c0638349d1cec5f4f95b5585c0157014ad820fe170f89cf4c31d86dfbc76f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
eedaf28d7802d2b9726af5bd953d9b09

SHA1
c70573d8f0a8b1cebfc9e2c717a6a84c949c89da

SHA256
3c687a1d691f2ca6e3957c507b5cbe7120426af1226061e7c82d293f566aa14a

SHA512
172991d7dcea1fbab8037f1f3a05a9982da3ed3e874d6d3dbb24f8eeced98753ba8269e5d4aadb411e05c1ca7121daead95f0f3c15c2b613c41af6e1aa174bbd

Download Submit