f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe
Size

89KB
MD5

6d874bb9eb999111a4022b3018de7f52
SHA1

f2dc925710f5851449618127eeb4cd233837653f
SHA256

f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f
SHA512

9060243ccc7d10d661670eec80e9326e49aa4adedb34a5cbdacf1a089bd38efc817c90b31087e8c656f2fd48377cfc8cbc88b73081d2685bea19fb50bb3c85c2
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf+xDOq:Hq6+ouCpk2mpcWJ0r+QNTBf+T

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
4968	chrome.exe
4968	chrome.exe
3172	msedge.exe
3172	msedge.exe
6208	identity_helper.exe
6208	identity_helper.exe
5252	chrome.exe
5252	chrome.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
5252	chrome.exe
5252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2168	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4060	4936	f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe	84
PID 4936 wrote to memory of 4060	4936	f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe	84
PID 4060 wrote to memory of 4968	4060	cmd.exe	88
PID 4060 wrote to memory of 4968	4060	cmd.exe	88
PID 4060 wrote to memory of 3172	4060	cmd.exe	89
PID 4060 wrote to memory of 3172	4060	cmd.exe	89
PID 4060 wrote to memory of 4568	4060	cmd.exe	90
PID 4060 wrote to memory of 4568	4060	cmd.exe	90
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4568 wrote to memory of 2168	4568	firefox.exe	91
PID 4968 wrote to memory of 1204	4968	chrome.exe	92
PID 4968 wrote to memory of 1204	4968	chrome.exe	92
PID 3172 wrote to memory of 5100	3172	msedge.exe	93
PID 3172 wrote to memory of 5100	3172	msedge.exe	93
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94
PID 2168 wrote to memory of 1576	2168	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe
"C:\Users\Admin\AppData\Local\Temp\f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\947F.tmp\9480.tmp\9481.bat C:\Users\Admin\AppData\Local\Temp\f35b57bf4b00a01d38059918b743265fed685f0407d57c195361409262bb417f.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4968
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff91c55cc40,0x7ff91c55cc4c,0x7ff91c55cc58
      4⤵
      PID:1204
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1912 /prefetch:2
      4⤵
      PID:2688
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2172 /prefetch:3
      4⤵
      PID:5052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2456 /prefetch:8
      4⤵
      PID:904
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:3660
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      PID:208
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4592,i,187463423991836434,12301395054336390932,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4620 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff90e0a46f8,0x7ff90e0a4708,0x7ff90e0a4718
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
      4⤵
      PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:6084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
      4⤵
      PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
      4⤵
      PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
      4⤵
      PID:6732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
      4⤵
      PID:6740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1501602325052326710,3777820224935019402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4568
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2168
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e763c558-6e87-4a49-b47a-20a983b2ddca} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" gpu
        5⤵
        
        PID:1576
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faaa7242-27bd-420c-b9e9-e1549fe4dc11} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" socket
        5⤵
        
        PID:2060
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3352 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69b4f5c0-34e3-477d-9d51-fa5d8edd5180} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:740
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3980 -childID 2 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01b42b9-f0cd-4324-9d8a-0392b99fa6ad} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:1208
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4472 -prefMapHandle 4656 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bf52ad7-4ff9-4484-add9-077863e49414} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" utility
        5⤵
        Checks processor information in registry
        
        PID:5316
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1bba6f-2125-475f-b3a2-65128d99829b} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:3460
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a06aeb-fffe-4156-ba17-c25927c01e0a} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:2352
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {580cebc3-10e7-4bc5-8cfb-eb477bffbe28} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:5224

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b065d8598a734855e69511b7ed50758e

SHA1
cb46dbd9fb58a19454ff914301b7425ba9671150

SHA256
d590d4471572269b02bd8a53415cbaaae687b49439b1c1a8a3a7d7d7b979a41d

SHA512
365104fc40702b7e6b643825990442023670feee9b58643783bdf383b152738a2b8f992726ff57fc12aed5309c30342b131d4a56bacdfbc963628a8152f5eede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc051426eae4a5075d5093bf1675d0e3

SHA1
98240900f69ac33feda3ccca158b8c72b1c887a5

SHA256
2300f5d7a7dc9c0b0f97cc47f62dba4e0fa81dfc3f4262957abb589f285ef489

SHA512
156d376ab938544afbf75131f93a2b5ccb2502b5d7690fdfbdf5ca8e91ed5f55e16afb3a5bcaa95af5037ad1a8138f220542a949d41fda59e18022a60a173711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
bea797d3a25e0faf41382fcd64c87419

SHA1
31e5ff7c5001e7dfd7f129cbd2808e8c69c1c773

SHA256
0242ac2252c075d1549b08ed3637cb8c56ff835978b8b8c0bf3c4d24c210068a

SHA512
ddf130cbd5ae5ce8e70142557f0259e8f8c1d4d77eee73e3220ee9cc418608b50ae354035b890e3d88e1861ec281f0525f16796f79c950171d410a1db6767568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
723ec5231badb715c64e5005653a76f9

SHA1
58e2b325e69aa337f2b99753ada52eff18e6aeba

SHA256
794b926a52cf40f06b1d6f2e87e0bb5d3df333d91de175da956892c8edcbb848

SHA512
d1546cc8e00ead93943bee87d3731e2eb83bfc9e4864896660e46fc358f1a355055ff43338c3ed35ddc1cf26d8b4d58bf75531e28ff63af4072d6c39b27beac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7793f8d4ea2b60fc5b1328432f8ddb0

SHA1
c39a30e7bd39f4313b611487ce50da1b741d4fec

SHA256
a50f57e7935eb94e188b16ea9ffb1d544321e15e6fcf51abd6fd04015c73e53f

SHA512
ea99ac44fad42ffd7672652725788fe41b789e86024e3fba3677a646787f11e994f9294ea6a5a5d61800e9d0383b3aceb95c0f064338bc4990dd36b73cc8728c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c54d871e5ec425d2c979b6211793e563

SHA1
f50427607ed6e3fffa880e9e887a0e4dc442e4bd

SHA256
2ceaf21e634f10b3e67f901aec3ca0600b02e0996a22bc6cc2a59afd34f46f5b

SHA512
ba249c1e6cd14282d5c8daaf5d16abe7253ff125f90e33d6b5725076ad194ee340ad75011a4be8916dac4cb5666e7e6cfd55ac0e28c2bcdf1b178d946262fe23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
337fd62b7008fe75582d621927b6f92c

SHA1
e3ad0ee6b78cf37f8df1c94f066f82fb5f4e904e

SHA256
fd30b40a7f9ea5c4925376b520aedba7e48831dc6af0e82a3fe819231f1eb5bb

SHA512
a9afb2b4f553e74a090f765631e9f232d99eaf7c800be5d64491ceea1b0717fb91c3f8463b7beb3d7fbfc61341a82eeba85ad2a6d3fb08832383a73b9e99c5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3596df8ec855b9250d42dddadc98304

SHA1
67af13043d4d1058172f5ffad2628b6afbb16b47

SHA256
9bd87c8daed875ca5d87658c3c227e89628602648da09c581030b98c6ce9084e

SHA512
ebbba0e2cf59eab78d6a30c20345c90f3e24e3d33e8fefb22111f051062d7006157cf5eb4c7434401ba3ba5e04bacfb3a00d1ac69c775fe89fbc7eff822cbf28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ed1b8de9370f47993a2d8b2096adbe6

SHA1
9a014c934b5de834f5d617ba130a1f19323ec179

SHA256
c6e1dbf7c0571fd68b449c7ad1ade26e9b236340a946d45e7c7609d1028c2f2e

SHA512
93c663775a98e4999092a4b69c779885ee3b884fd4ec2d6de97694affe159e0914d70a4531063beae0be4640dc240e8bfbb9b8ff1e8354de6b7df5ad5b719a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a96f5d6e31cca93124d7ac221397dee

SHA1
a41ba02fa837ff5e3d5f4556fcae6a9b24782cab

SHA256
242eedbb33334f78ba624f7e1bb14bdab873f07246692b1b4e536592e112245a

SHA512
0c2ddfcfb33473501357bbf989b0369bdf98b816883d44523256e05330d94a96497cef18806b9241f986db7ab2f47ae727823a4e8939a7619ba1847ac8e55277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0b15faa6b29d42d5b92b3d0851383c2

SHA1
4a6cd84073ca3a7fd935b5dc3203372a0f9de7fc

SHA256
66c664f548682840ef3fe38f7d4fba362188eb56365bf769ac26e092c2b2fcd7

SHA512
1aa91e3501bf328280fe7610cacc95ac3d5cd03ddc9c81bc54b94554d11e1f8a6492ec117de667ea10cf86430de145f9823e8ecfa9fceab265438232ce003757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
377f4ff3c038b5445732e64f10131b73

SHA1
a420092c2c0df64c099fcdd7647d3ae9e0d899e9

SHA256
67dabbf6c374a7321d551b7b7a6be6b008e2c8afd06acdab888960003bafdfbc

SHA512
b542b336fce8e8fa3402c70ccf5274b445aa6358ad61ae4d36392025c36ad28198752eb99c95f61bfaccffabc7a57d6f4727595829b7eb0521c891eb8206adbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae4cc102d8565cb875b87d66a67474fb

SHA1
f1db9820c1ba3445c3c22ab69f8064232a31c142

SHA256
2f2505f55b3b8448c1d67e44f1c358aa74febe757b4805d0ebd4d40b592a5e86

SHA512
2a7de52675154b43a15d5855867890307c413c0469e83adbdaaae457f25fc48cbf967db133b8c0893dfa7f622d6020deafc2dfe31596b8a807c3c9fee58ee37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
e58bab3c78d592f452810d1c4a5b4a98

SHA1
94c4af9cae0707b87bc764c01d864b80e0aff80c

SHA256
cb67676e47ce0abe40f45e704702ee88bdad2fb2d791e67235c16a55aa3a5af6

SHA512
7da596049a8392ee3c4a2a747f19c4f39b09835419486372b271630026b281af2c41478b51f2583903106201c147b0bae056b8bf2522d393e0a3786f74d043e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
e028b1c1681122bdc728385ea0f66e3a

SHA1
0502e9b3576c72993157048287cf95255b64fb88

SHA256
60f81e0ffd0fa41db56b35c4b1e27c1d9aec981db6f6b92feebe290367582adf

SHA512
1232e9bf1cccc19344883fc205833303d491bd8b46ef1b3268177fea62d423c3ddf70b104ef31acfc39f9bdd4e9e205203c8ad649a2000af533da0149d810e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
26020ae153eb0b19e9c82b3ec2495343

SHA1
8892fa7d27d6f38955dd230d83f997106ff23dff

SHA256
056f69391f0bff3eae72a702b281b431a72a078df0ecb9e1a5ff6cec3cee7c03

SHA512
e595bf91548b79c5dbe2eb2a15b658c10a13f4b415f0c5762396856ee3c54a7ba39f0cdb4e1534191181dda8e6b0c2c2b5bbec9c36ac81e801e248abce56b878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffc0972f98360be15bed4806d66acdc0

SHA1
58371735f4b98f8021f0fb1d37507866018da5a6

SHA256
988bf37aea3ca5e2fbd5165b31ed2bba6297e4fff2807ceecd3edbabb26a44e2

SHA512
4fcc342e3566317c3fbecec84247f0da656a687159d365cba80228deb9c1741ae0d8275b8b9730888d54d303d710a012d5ea14f5f090672b5348a607357152db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1fb5493a88c14d7fdfb36c9d1a3f63d

SHA1
1d3f81bafd54d0672f280e726cbb0d536c9b601f

SHA256
7eef01bf3f65193ddb4e4041d050bb1b8c40483fa8a01bcb761062bcc7a4d4be

SHA512
1043c334f57f6e726042584cdae80386b6a58cc30d9033e8be66a47c03625b1fc94934ba23ef0f44f2f24ce2ca4d3e055aa121aefb794a0d772732e3a2250c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac339a070dbfd53504072a4aca870d7b

SHA1
f1f1e76dba481150188ed8b71d657d6a15f26556

SHA256
428138422ddfc853a4472c475cb81e4b09826db3b69c0ba23580e2af8997bd36

SHA512
11807c7e6951a47e400ccf71799ed2a3d1039205b91ee77577189cd056efbf1783b7f601c91c3db106755d213674e1a09bb0307737fc626cdaf1a59f05c9ca9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cd899b9a623b6cfe666a0295a3e4689

SHA1
ec42e6c278e9bdce1030334ed568b65854ce7339

SHA256
362643869bd0972a2967d2f08537f458c20b4e30589eceb176b9e747bd36d0c5

SHA512
2a3698170f36334d33c63f57ed0886de9d2d16527d736643d92b23b24e8f974f2868ca48e695731419b688cc0ce869a748962d64131d8b99f03ecee54694c233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf23046668e36de1f9f4faeee402c304

SHA1
1b2966140fc99b213bb8437e9d16f299fc1d13e0

SHA256
26a66dfe306ec230b6743af8b42879771556db780e022cc77c1b02470aed0ac6

SHA512
3651e5a2cfcb27aad0f1312726270156d712ec6739266c59c1c5f2be8331ef7bea3e979710822417730c53b63eb5d7e03a4b5c525a912f4970688315c420e0e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
696ac483fdb677442d45cdec5972d0d0

SHA1
448cee76a0582b9e62907cd552e2592b5d3aa71b

SHA256
3910943f032cbbdae827523a68c4aaa2b38061dbd19dadbf31d98577767b656f

SHA512
4909a0dd0d492eaa8b2fc0705e5370a9bcf8df9b6b3065c4fb1adf7119d4e6c5a99f5ef3a312cc278b72254970437cf36e18c244e995c538f51952f0f349ad77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\3F6BAE390F7FB4267066C23DBD35348B57989359

Filesize
47KB

MD5
46b999284ae6a11177c8beb2e431cb2e

SHA1
af8b98acbbc908f2bcc0f6c104472792b9554b14

SHA256
918d655b78c5bdfb1d6b43d66fc0fda827c15e680d53c6bcc9a6374223a58834

SHA512
ab145d8b24d0cb879026501ef980f1ec843ef6edc8d9c1b3ae1c9a2243c3a1938877aa02a3874d2228de73ccfbe94af08f5cc30eb66f3a85eb2a7a3775f68a23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
da2d69e6e71a4a05defa2c083f5a545b

SHA1
3bc87e8042a39ef877b0295bc67255734d105209

SHA256
e1c6cd07ef6df8d5dab468882615068ce3ab64cd67d18c107e8a0522e4b8adf9

SHA512
3738b9d5b7003085b8c287fd4ed6bcd61f648d0cc7fda135864e3ab6248366222f83a0cc43b444d3f42aa7148a77becea5536a7eae855103d6cfd9b038b516ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\947F.tmp\9480.tmp\9481.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

Filesize
7KB

MD5
1d791d0b64f9088bc224256006954f9c

SHA1
bfaaccae0c8df49641a041e8cb7d77ae18e954c8

SHA256
e9a23e8a5004546f2945f02f97555c8959390dd34e6aae77feab065914e03409

SHA512
d072daddb3f3cc55705a09c29b43c6f9f6dd35ac480520cf3a97fe6caf7a9d8f9f834c85d31470a117530b7e1e9cc7d8f1f3a148057b4a494e1c47d8a4845c5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

Filesize
17KB

MD5
c9c0d6edd0190c8d9c601f3756e7b4f6

SHA1
5c239bb3039f661ba272894226f5c26d0fdfb509

SHA256
0ed04dd633f5a86b1e9dd17d59d4bd0f27b8307dcce622aacdde230218d29674

SHA512
39033d1c56f7c0b3dd511ccc45f3ee30d431d490126c097028545d1de7c31bed9f2df9f7dcb1bbd69d68c59ea49cc07e2563d8bb81a96a277ce8cf0df7283264

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

Filesize
11KB

MD5
73ec17163b799f3a42cf5a9b704d347b

SHA1
01f2647ab733a9e30744e7fd583edb57c9cf12de

SHA256
19ca9d104be8439aca35739bd8bffb324503da13756dbe97fda578f29ac129ae

SHA512
4f53b4babf8f3f17832142d602b5df81fcfbf5426fdacbaad96bc8554c547e6290795550ce57f50428b899cfeeacfca22b2a06d46848b58434b4b5e029bdbf7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f721fd1c97113cfa7f94b68dff62eaf6

SHA1
b3b6c6215235bfd253a104845ff030c1021e1c6b

SHA256
9dc80b9cede4d09962c99a127358060cf10752027b5ee247e61489c85617ec49

SHA512
450ba65e1a8fc7156875f806f82a902316fd9046201c1992e3bcf036f97634654c8d9b0d2290b011a0baacf513403d92be68c97c5e505c40036d9d3935b97a3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
e711c3ff3a8898f8c7ae732bd29448a2

SHA1
c490f0afdb160b4ef8fb2ce996262ee6d0535bd7

SHA256
8ea367c8d41751b4e6ade31e9c3e1268071db91794f9278ffed83e2a870e0be0

SHA512
c25ce62d02ecfde95c78de728bfe48d22f5e995a3c1ebffb13e3be3a5d0521ab0a9e4c8155b518ce5bba0917c1202a30267ef27768f66eff414896cc427c826a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ed5e4f4d66ab9a878d735c49c3e9a315

SHA1
f18d20c76c1ba37f780bb4b0c90a31826dc4594f

SHA256
b4e2214fbe1c7cf192300aba0881dbc84cfe4e4071d94789675c3b44cf7e36d9

SHA512
bda54af03d9258ab3bd6aeef01d43e0cba5fc6d4d8c3c5b02759bc609dafe8a283f8f71d6f8e29262706d599400ff0c2c9693b4988c680cb07608afb275fc87b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
caca18cfe2b3ad24009f6179c12e882e

SHA1
7e9f877e0969d8eafa05001c62e8e741957f0841

SHA256
f01157295ffa9b596f0bc86679dd4d40f6b2a582d054d015fde0fc3df4719fcc

SHA512
28713b7949a966f95ffcf741aadccd342a35f87c8de8eb08790077c234e58cae78c61e1ae84bde00f6296b7465a7ff10204213c0f6fd239f2904f7a199d11d48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\0063e2b8-4858-4f44-a3e9-cd4b477182f5

Filesize
982B

MD5
045ec9bda9bcb98c75fc798bc70fe0e2

SHA1
e4aa3a49f23e4877caa65d815d548e2967392c6d

SHA256
0a3db023af6c693139b6382bc45dfe4648c0095bcc8dc0b37b953a1159ffd578

SHA512
37a43e40c304159a6d217b108661345cae513fc34425db3de2bfc1b23c883a222e0f63caa0807892c98fce5328d946c41b1fb4e9cd3e670d595118b370f79e42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\8994d81c-c55b-498d-876d-333c597e0bfe

Filesize
671B

MD5
beacc313002f87f0ec238b8ffd81927b

SHA1
02845531764cb04f8ff6baa6b5ce017f9aa7746e

SHA256
19ddd5d079b73ec3a437967d756cb6cbb220e377834ab17094b6b1aea6e0c079

SHA512
2a9d714e90442a803c852e8acd168e19f37d596d8d1eef6517e0b2bc6dfd013b36bb765f0160f807e4023575184ec29367b2043f7ba3c5fddc72c5a8585141b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\be7c1b5d-42b5-4a30-86ba-fc090a5ea88c

Filesize
28KB

MD5
27bb52b73f20318f3f3887542d671a07

SHA1
355f5a22b06bc404444e8b081eef45bf9ac3b881

SHA256
d9a42c667fa21155d8a45e989802a4d9c83108225565d69f6fb8d6eda4fd3e77

SHA512
a51f726e8a216b334787b00e3d1d60acfa58b9926c2a9bc1d77ff39bb212b71b72e39c89b1548d6da8e9e9a3e4786f1f6a9c1f60f509272e84e94dddc3044248

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

Filesize
12KB

MD5
b624c9f18407c9d1faff5a3d09c8e2e9

SHA1
a2a62599a3e8f9d79f86a56a9af160ecb48a01f9

SHA256
f133b95c3905078959c76dbe5fb3fb2e9c09581c4e97ba302372e63be57f4807

SHA512
0e93c0d9ce533028cf9006ad425f787ec39dc1e1001544998460d97806450c42a13ff448cb7cc76c498846630c07e9dd6f9969a23840f4e15195c1c2ee18c480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

Filesize
16KB

MD5
4ec03b08f7e26bd66843a5911bff0e5e

SHA1
7895ca438a8ca1e20bb87083876953b775b2915f

SHA256
a8e10025865e01f37876e48cfee23910f77d0ded58b78478bafce0b578f23604

SHA512
1f0d904855b890c0ab7e9359c96601905c0aed5a0b90210fc23b97f47f95b41351f4c6a6db64697be35c959d71e43486c0ca64c9eca0a1e250787c76421eb460

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d4f17c786a56cf7d5c532b2bf1d9362b

SHA1
cc520ffca6b4d00ac02d3b5446055df4c000e55e

SHA256
c05dc2c9d16798c686b08fccc9dbbda23144ef9d2684a0a17cf3d5fcf2cba41c

SHA512
ce3e40ca3c33aa73510d8abf876401c7994d681a45fa3e5734db9c9f7210a7a221e0fe4fe83b94083ad1bd75075d24d07e2cac1d60b9adaa609d5c68aafcb118

Download Submit