e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe
Size

89KB
MD5

2294f98b6164b5f211f1d36cce966c3f
SHA1

1a2663a5e42111cdc149bfbb0f586a36ed9df33f
SHA256

e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08
SHA512

ba23c17cbd36d2b6b1e3d1ef2b2d08e6ba075882a49f1cc994cff51eb4dfeb0adc3251778de07e2f64d1b5651643440ff4de82c1574186a9cfc6dbccf6fc5af2
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfNxpDOq:Hq6+ouCpk2mpcWJ0r+QNTBfNjJ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
2996	msedge.exe
2996	msedge.exe
5008	chrome.exe
5008	chrome.exe
1820	chrome.exe
1820	chrome.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
1820	chrome.exe
1820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
5008	chrome.exe
5008	chrome.exe
2996	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeDebugPrivilege	3616	firefox.exe
Token: SeDebugPrivilege	3616	firefox.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3616	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2188	2892	e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe	84
PID 2892 wrote to memory of 2188	2892	e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe	84
PID 2188 wrote to memory of 5008	2188	cmd.exe	87
PID 2188 wrote to memory of 5008	2188	cmd.exe	87
PID 2188 wrote to memory of 2996	2188	cmd.exe	88
PID 2188 wrote to memory of 2996	2188	cmd.exe	88
PID 2188 wrote to memory of 1440	2188	cmd.exe	89
PID 2188 wrote to memory of 1440	2188	cmd.exe	89
PID 5008 wrote to memory of 3796	5008	chrome.exe	90
PID 5008 wrote to memory of 3796	5008	chrome.exe	90
PID 2996 wrote to memory of 2700	2996	msedge.exe	91
PID 2996 wrote to memory of 2700	2996	msedge.exe	91
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 1440 wrote to memory of 3616	1440	firefox.exe	92
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93
PID 3616 wrote to memory of 4180	3616	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe
"C:\Users\Admin\AppData\Local\Temp\e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\EE19.tmp\EE1A.tmp\EE1B.bat C:\Users\Admin\AppData\Local\Temp\e10b9e6d21508a79e062a9370dfb730d2dddbfe0e6bacaa306baec9665c8dc08.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xac,0x110,0x7ffc074ccc40,0x7ffc074ccc4c,0x7ffc074ccc58
      4⤵
      PID:3796
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1988 /prefetch:2
      4⤵
      PID:368
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2116 /prefetch:3
      4⤵
      PID:2228
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2372 /prefetch:8
      4⤵
      PID:1400
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      PID:4032
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:2452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4316,i,16399854899846986423,15985834743525352900,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4120 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc073846f8,0x7ffc07384708,0x7ffc07384718
      4⤵
      PID:2700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
      4⤵
      PID:4004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:4852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:2536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
      4⤵
      PID:4816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15448255979015285547,10293577537748861731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3616
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {772a7fc4-7d39-4788-880c-1396367ef332} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" gpu
        5⤵
        
        PID:4180
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81b7b13c-6577-4668-964a-dd61c3c87a32} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" socket
        5⤵
        
        PID:1600
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 1 -isForBrowser -prefsHandle 1632 -prefMapHandle 3008 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca689798-930d-4a6a-aa89-49e1b3524390} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab
        5⤵
        
        PID:4204
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 2 -isForBrowser -prefsHandle 3228 -prefMapHandle 3324 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e61889-a77a-405d-acb7-e74cfc2c66cb} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab
        5⤵
        
        PID:5204
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4252 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4192 -prefMapHandle 4248 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2da3341b-eba6-4ff9-a196-1191645daa06} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" utility
        5⤵
        Checks processor information in registry
        
        PID:5952
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42bbe7df-7624-4815-b7e1-46e17fb4b5ff} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab
        5⤵
        
        PID:5384
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 4188 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5006915-d7d8-4e8b-bc53-3c38e3ddda8a} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab
        5⤵
        
        PID:5372
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7be51cd-9129-4fef-accb-a7b2c6a66a6b} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab
        5⤵
        
        PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d53f2ccfb0774a3a302768c1977b51bb

SHA1
1d21eef2bdf1692426446af89f2a7226364ea3a1

SHA256
4cf27436403440611616f81a9b4afb254216933fe6137fbc7e61b7de02fb5cda

SHA512
5561209c71500bcde18f46765343c10755bde2980f4b5295a5b2b2812a9682030d3a982d094213f5a3d71ecdb12699783db150988800ee5fc9cf4bf69bfae064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
68d743128ab8d697d0820273123fc66d

SHA1
818aaac41fc6dad08421b2fe169b34b9c2721a78

SHA256
3fd161f7f8c456cfbd5a8b8cec726c3e434f65180d41e406aab5a2f41cd0de47

SHA512
07b8b7216da9b3663aee9411c5dca0aadc6b5d8d754e1203d686ecd3542771769486c78a4569dc557f19b179c9c35cfc64ba02c4aa857744c167181f941c8b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a87028c15e0efce4ebf8382920525ff8

SHA1
7fe9f45586a2458f954130a9f76aa1a48f3f6c41

SHA256
5e6e47c79e7d97df899b0f460522619954bd78c504e34671b49582960d4ea4e6

SHA512
ae1d852f576d3b65a395836e3c7b49fa2e46165010ce7a741db196dd4d62c9d3ce1d2bd4b6ce49559912b5379384d47932f08bc001edb49db2d19ed984c18e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
481cfadc6923190622b61287bb59b4ef

SHA1
43c56d6e445c5ee8b85f5ddc985d2b8eb4871319

SHA256
8e13f3dba92a4cd87c550bb3f1fa0da944728bf3753454b38dbdda4c1b6d13cd

SHA512
7ea1fa5189d793af1ab3f4e15304929642efeb76136f4469b5b4a4bf568b879060579a63d07f589e77a7fa0fccffc5520e2be04bccad5f057bd6193d156f7448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5777c37e01713e77642a48312aacdb1

SHA1
77d3ddc7454cfaf10614c4093a037e929d4e90b9

SHA256
0254c27108ab257d22c2d2b06a22d8424901e48047ba58ec5c329b784d6c27e3

SHA512
e7d623c273b7c10b2bbbb005670acaf058802e37842c5873852907fe736480cbd3fb71d982a70efd68cc46ed061cd8e25aacb88b2ddc12e287ad8f92d436abab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67a78f94dc672bc5112551c1a716ab55

SHA1
9ab34f55cb2bbf7cf15a9896d7f4548e52ab8ea1

SHA256
582f7264c5c911d0429302f3ac097b379ce0cd3be41e112d6de44bc959d5ea9d

SHA512
df1f93ca72cb6d4598cb58802f74aaa5ccd671245c1bc5eb435a85087bcacb4cfd2f8a27a95bef66b8bdfd5ddc8bd868bbeaad2b57c8aadeef28f44d4c1f2c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eccaf8416e7f07b3360b8c8b924e8c22

SHA1
83339bc021a85e5d8c37c6a6c7c0ac5672278b9d

SHA256
47ce4049cc1f5b921b4801230b8ed0b41072092c48dde8384c761fd7f769ae92

SHA512
35162c0d943ebc61c8a98e3b12cdaba559f94c021be4437d7e9693978b333228934e517317a90635036017a929d06fd55f090bdc445846e18c5054e684f65c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32bc712738953792d76e50e180b8ed1c

SHA1
08c8bd1519caef01bd114ae0d4fd22314683d90a

SHA256
3dd9e0af6c05a19e241c931a477ddebdea748b183177839b77cdd808f790bfd8

SHA512
8d8c0ee6abaa5344989f73f7f0313fca0180b33de69c79acddddbfaa6cefa5cfd933804746f797fbca03d7e718382c56c616869b755ca56c9f7aebe48242236f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ae5aa5eaeb9a22bc330e47dce2315a2

SHA1
07ba30dfb995a3eb4ad562afacbdf6e61ab9509d

SHA256
067f25fa6e210a3f79736ab5407abe9c2e01cee68f8d2deba99d1d5970f4369b

SHA512
7dcce1254634e11d0e199f653bc56c9c86f941e97b9de2ecd16db555ef0404df03ef78918a16721e50b0fb4a3a812af75af4b94d12f9cae0bfff59851141db11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddfa1c32c1b18030480c5251b463598d

SHA1
fc961c5130372677d47fea51a50e64aee43c5cc5

SHA256
28e651cdcad2433da8369fa98a8271cc8ffe579d359586403d9e40228aca211e

SHA512
4f81125e5a42d21785937e53bbf3c89a30be9942f409f5daad531a18f9df39ffb1b543eead6646f7a339a9a714d48c5a58ea89eb6ce02e24163e15bf9d4c73fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef3b98151be7a14324c5ca696c794f01

SHA1
d9a8d5b434a9502ecd6c3b741f07febbb389b0dd

SHA256
fc62e44c04c9bd7763ffd67360a0e9b00c8f4f7f04a4bfc44c80ad59d4f6357d

SHA512
15420edee738531f61a59d3a08806c058c73aba9e61feca766bd590845f54c7dc84a0ad92e5703cf2010a0a3239af38b9eba2341be1aafcd8f07d559a49bdc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9589a49a77dc7308481b96126eb3dfdd

SHA1
4b448ae7a2df44e11d4b28b9156691e634d48e1d

SHA256
6fd8efe5a13f1cc1cade92e76e6783a7e8953dff4a0347057038b8e030076a5b

SHA512
659942af4b8b67b3ded96fbc2d9e6db432ab37a44be0681e27cc6338d3c7d7b5fdc82c41ecef34f5e946d3e3ba6204d2713d207a5fcb8b1b8128c8e80ddcb979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
55cf944a4a4f63feb6a39cb927420237

SHA1
bfe2f379bcde862640c08bdff4dbcd2eac6ef229

SHA256
0dc1ba8ecc9789e0c1981ea3810f3dbe951ee072a0230b6a0784c4b959dacafa

SHA512
543501dc493efe03a884686600dd0ac6048d54ccd43816e2f0f5215a90498b15cee29725b0d8ef12c3f4bc90aea1841bf758eaf5f914048aacae3a67fe3b2e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
f1e0c786538b485743bd97022b208fde

SHA1
95aa349a33d81f1c6325cc6494ee12326f21d7b6

SHA256
ed6e557022a65a31373e1028139863342a54680da10c9823c949e87efb7792ca

SHA512
17daab1b74b239b12618eb5ae39221e89811b577f2cb8e030b4b607c07e1431366966328ef055d043b06205920c45839e1c523b6ff982d897fc55d0585264046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
a5ee86ec13e7349d13a2c7434edd13b1

SHA1
ed338c8e72760184127b79f5ac87de6003f255e1

SHA256
f7c487696c249bb4ad1e50ecf59c442702d5ccdcfd6f2152afc7fa17f28e5156

SHA512
719d522c4c44aaa7a7b9d64dec9290bf126d3ea994665b814c53316f5f8dbc6619ed1490ff2ec35a3ce900ad0a950fd751686be17e9b9229baab372c57d89f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
c3aa6e31c125d83fb2eabcc9e33843dd

SHA1
ad91b78e1a9853ee876b77b82f75100ff5690d11

SHA256
c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

SHA512
897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b63dba3fb7cd2256c3b3fd11fde31f9b

SHA1
1bfaa68869fcb3adcfd2854fbcfab63dd60854ae

SHA256
145b3ec7fc74579c27b9475542439686dc5a4f823a902cb9434783c68fd77e1c

SHA512
57667f2a012b281d63afbe696cce19ff2a9a67d69f70b9d70bb19f019f6ad40b6d53d58f5b031b44df79ec947e5dde3abf10adaa6bd9687136b10c0015077e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29030502f6fe50b8ec8513af0cfefafa

SHA1
940afa934ca63ba96add582478edd27e2d822e6f

SHA256
a9a5f73a9fa88296379b5baa59b7be2bd8679b99505736fe8ae006f620b9c535

SHA512
0af11079e2a464b31ac0eb9da206cd3cab77e3245ac6ab185783291450e47370006d8e4f021c89f151daa85a7c4d4a0ef790b868734dcc4225c3a94e01b53b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27427af136d8ff1e3d9f9b6e37b88f7c

SHA1
7b4079b2a1a49d47e112bb81d21461a931804993

SHA256
32ec893a704c6c81a1dd39c460e76985d4d2bfb40532c56df3ad04878c3d917c

SHA512
954ae79e7e43ab6f3cfc5f6375f8fb0783923bcdc74472ab55876bf852bb1c7565096ba53fe0611a1ab50f0d4beedc78f1da187fbbfaf651e2bed316ce4ad21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b026096c206288211b030cf75ccf343b

SHA1
8e7e43f67ebe57ff9f47cd4e23e13c7cdf5e38b4

SHA256
b0e6f10afb94a101de3311b305244d302b38fe3218a3c72c8a6a4396f607dfa0

SHA512
cb8cf661af87325104dcee1ed657b9a57de7839a093204ee7315b7e293fdccd19b1940aebea3ee18cf7a8ca855cbfe3de02eddec52acbc54614dbe5c011eb4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
597075ac68a6d0bee0245d948fbba483

SHA1
6d0d18d52f812fad69ef5e9a154088e5a1cfaeec

SHA256
15ecda77d9cb0a0ca58b301a1f45a8520bd38a5bd5c68d96d1f1637fcd2bc50f

SHA512
8122cac83c5dc1dbbd86da7388b9611dc6fd17b411dc599c43f42944edc741a28d78c325f454df0eb8a9e3156b4a7cb56b80e0f58cc3a1cf39f43e8c66dbc8ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
20f48c9dd465666457b198db79676a52

SHA1
30b8d1f580876a50d74b0fbf52672df6da5506e7

SHA256
037f17caaf48aa83d24c9fd482912c87668d9c7a17bc40fdbb0c6d2251ca1f48

SHA512
853f7925c17d102a35b57e9697ff0e89d2dd169e6f82d2bda7be8b8d33988aa1053842faa15e157225456d85c1fcb35411c85c1eaaa2aaada03f4f357019d5ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
bc0cfa2401874aee69f721ce5cb30314

SHA1
53ad0c8e075133d5f27e99800f4c5120a481ca3a

SHA256
2ccab85ad617a7a2fd4acfcd006b2c38806fd895384c031e63426f9544356c58

SHA512
7f244d71062c1780fecc1ac88e11ab3f70c8e478eeef8af8173060f6ce5c7ec310914b5ccd5b1f64af5d7769d8af5a6b5d490cfad27a5009254df0d1beab294e

Download Submit
C:\Users\Admin\AppData\Local\Temp\EE19.tmp\EE1A.tmp\EE1B.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
98643699054bd62c37b24cfeadeeb371

SHA1
5cdfb0a76ecdc3cda630109aefe5f501237bc62e

SHA256
18e9d2c397f8c1b73453332e5e07c6419ae600151c3c56c752f67d515129b8b5

SHA512
3019a8213252482cf950445561ed4af7b44c0461793d3ae1a96e84dbc6a836c8552d1fe19c67e88267b72b89a468ce2f31e0a9bddc989a0ba457f6d778fa86ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
828069615669560dee6a84b761569686

SHA1
5df7b0e022fcaf8e33d78fcf29146fe3a01dd7a7

SHA256
a731e696547b6553ea97cc55062270f0f0d9a0a69c7a01baa07a2d42ed958d2a

SHA512
4ca9ff2beb655794ab189296b0bc5af1f967b59c1298914ce4e38ed712590a3bb77b4d0252510087fc1228b363e91cd686ad0ca1c9c5583c6aa66f2e32497e23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
49b9f2e3becbe35746f1b160d30c594f

SHA1
cf0056ff1978f264a2b158fad8bfefb6923bda50

SHA256
d2b3154fc8711a4a9435c82f509768ffefd5e9968c205d8b5f8b33d5fdc0c3f4

SHA512
df2e23a82cf9aa385e9e521ff1ca4882601d1e1935e1934d70593c272c1731738dbd64cac838dcdc42534397b43319bae9028474ca995b043983f8b94fc2af01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
ff4cb2c7d48627310acccfe78c8e4b4d

SHA1
db3326af946578f0bfbb99df2645413d13ac3cb2

SHA256
325aba0ab3de1343b42e904f027b725da7949cf3935e5b57092da10c9d3f7b8a

SHA512
b662d0c13d2e00a90f27b6a6e13ad6e91300d0c1a618f23557d9a75d2d605c4cc15dd3dd2298baff68ad9b3aaa9c91cc04c97911a906a9c741dfdad337d1659a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\6c4e2adf-4729-40f6-86cd-19174a6ae300

Filesize
982B

MD5
9ce538a4375953e06fe9cad96f1fe1b9

SHA1
6a502ca17f64e86cfa88ba972635cd0457a63391

SHA256
c5c8fb934add47ab4db8425be7047674c069e3b996658652c922bffd7aab66bc

SHA512
ef85126cef3bed052dbdb460fcc016067c4107d1fcaad658f927ad7b214eae2ca3f0d9869e2fdc152d02a3a2d64a3421055ecbea2badc510a87fd622fd07aeb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\976139c7-4c55-497e-b7bc-f0707dc0f2ab

Filesize
659B

MD5
3c35f34ea25793c7bf67c20c3ebfb70c

SHA1
449dc0d467ff8ef83f18bc90913ec5692c141b68

SHA256
e90a81dba7c63906e15486f95560cb9acff005a67fd86e312d24869b02b25ab9

SHA512
84d6ba3855e296d0c75542e5ab240379e2dae36be1e0ee5abd5439d450cec521f8af80f60156bcdf722a088316e38bd81848c289cf6178cf58731056f543a6a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
b5e70c6098e586932ac4817860e085b1

SHA1
e851497b883c657deff25c674c9b7c55c2b908c2

SHA256
a76d2d7a047f0d57320a5fa2ec7b09ed4d7bdc1781f2aba6dd87701b5b4fa5da

SHA512
e6c87f4438ade31628e5945d35e4839a1acb6063a43f9bae93440bc51325159e4853b1e8cb0b0894d63970fddf9d35994081a57e7190884a1ea27013c1cf4cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
16KB

MD5
293568f086a1ae107d030bc0ff4228e1

SHA1
a59399fd22f3c4902ee3040804eb8b609d28ac77

SHA256
14871ae4445f329793efcedd0c0df40f19d8207f91093aab441393b9c7a96abe

SHA512
11a3a8d62585d61bc1a68198d7120cf176de4347cb1d51a08469b9aff4266a6dec7fe9034456d73265a995bf3dd0038e6f26d1df708b2ecf21aad2baa7a16f1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
8KB

MD5
c8fbea19a1f6768bf66f7855ec8cdfd0

SHA1
df5552664f2ef6305b8d63f3fe9f778cc816e98a

SHA256
5668459a60cb2546124b2933240b0c73d82117c2feeab7914d67e20407a693c6

SHA512
860bdf6acbf25367b70ecbf0102358f3e4f5a276cc345005983c803041d78dd13dd06c915b696f683db6ebc402425063094da057dc6abf83764b2e16d1cd4470

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
11KB

MD5
2a441eae7d1f7bbadb361e6c35044e4f

SHA1
73ae71b2c18a8b09d2f77491cd73baaed8461637

SHA256
b1e674b9b99a981c7a4401b5907856f015c4af79ef4a0ec02fb8c04ef318ffdb

SHA512
668ee8a8635c57ea3e7bf189933ab5d8eda83088c5113c4d238b9644fd3283e74a3fe27508c92b6e6e3c5b522a3cb4d1c38b46af345f71b6b52cdc66e893adfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
968KB

MD5
03d41e419d7312737faf315e4e318d2a

SHA1
ea9223bb85563edca0f7c201d3ab309c17716022

SHA256
1459b401d8221523f0745ce7cbd4e23bed84a2f1aa0f6a0096a2a55504dc3057

SHA512
86a54021e9389fc10aad588ea17892354a79f82d90dfacb6b0687d622e40ba27f4c50a65d882c4df13844ca245b9a2eaae4f6cbadf79cc897a51dd446a4d8a28

Download Submit