bc9df1ec7a4d1dffda3a1d70fbff588bd1e3dc4f1af0acdbd8b348802b80d4be

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new.ps1
Size

2KB
MD5

ceb1cf76a75a4a376823c79273c10431
SHA1

81df6272e7de5f4af8ec0d804ece4d31b15fed36
SHA256

bc9df1ec7a4d1dffda3a1d70fbff588bd1e3dc4f1af0acdbd8b348802b80d4be
SHA512

4b78e105d95161cd4d2cb2796b15aefed4b0d2f4613e7be6a910787bcdb8198c973af0d234d604296e3534ce9a18541d8e21043dd3ebe4b23c4e37eeb65903fd

Score

5^/10

execution

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4124	powershell.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4124	powershell.exe
4124	powershell.exe
3836	msedge.exe
3836	msedge.exe
2972	msedge.exe
2972	msedge.exe
2544	chrome.exe
2544	chrome.exe
5040	chrome.exe
5040	chrome.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
5040	chrome.exe
5040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2544	chrome.exe
2544	chrome.exe
2972	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4124	powershell.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeDebugPrivilege	1880	firefox.exe
Token: SeDebugPrivilege	1880	firefox.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe
1880	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1880	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 2544	4124	powershell.exe	85
PID 4124 wrote to memory of 2544	4124	powershell.exe	85
PID 2544 wrote to memory of 4056	2544	chrome.exe	86
PID 2544 wrote to memory of 4056	2544	chrome.exe	86
PID 4124 wrote to memory of 2972	4124	powershell.exe	88
PID 4124 wrote to memory of 2972	4124	powershell.exe	88
PID 2972 wrote to memory of 5088	2972	msedge.exe	89
PID 2972 wrote to memory of 5088	2972	msedge.exe	89
PID 4124 wrote to memory of 1540	4124	powershell.exe	90
PID 4124 wrote to memory of 1540	4124	powershell.exe	90
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 1540 wrote to memory of 1880	1540	firefox.exe	91
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 2544 wrote to memory of 1492	2544	chrome.exe	92
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93
PID 1880 wrote to memory of 4172	1880	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\new.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdd729cc40,0x7ffdd729cc4c,0x7ffdd729cc58
    3⤵
    PID:4056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:1492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2136 /prefetch:3
    3⤵
    PID:2504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2448 /prefetch:8
    3⤵
    PID:3944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3800,i,231561760423871362,12525533925807495831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=832 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd52946f8,0x7ffdd5294708,0x7ffdd5294718
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14961651932438430221,12248135005880864308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6888
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1880
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1816 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {636cc5b0-0a31-4159-b44f-381b784f34f7} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" gpu
      4⤵
      PID:4172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2420 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23421941-7ea0-4bbd-905f-7f562d290d2b} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" socket
      4⤵
      PID:1720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 3108 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d24d627b-553f-488e-af7f-329ffd699759} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" tab
      4⤵
      PID:2268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 2876 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e83486e7-9e27-4670-adf6-65269f2b6185} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" tab
      4⤵
      PID:5356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4544 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc63c499-aa62-48dc-a060-37fdf1d63ad4} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" utility
      4⤵
      Checks processor information in registry
      PID:5732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {463ee936-c459-4ae6-ab97-23a6ae31d1b9} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" tab
      4⤵
      PID:6136
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53d88fa0-00b7-43d7-9e8f-43b83b5ee1f4} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" tab
      4⤵
      PID:2984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5760 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91838e11-6b7b-47e9-a5ed-cd5aca25efbc} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" tab
      4⤵
      PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:560

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b07276c023653f83ded1a597a316f084

SHA1
65fa72608c0d61e4e2d56ef89177ee237b21d1d1

SHA256
d4ac56586144dd07735c990f0ed0ab3f8994e3145479392b379e1e3323c2274c

SHA512
c915f9466d6d3793c5df86787980d18773db1cac0ce6ba8e61636a018d2ac65701569acb8879c46a446e3eec2628c6230ca3f0fd474e91b3f23fe4a3c651fd9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
415e6b6b6e8a5086695975a73f0201a4

SHA1
5e7895242b0b17e6203817a0e81bd2465d49e35f

SHA256
4c142e8333e483a7e1e83754eec50b9dd7142035877242df2213b6e0f3057219

SHA512
8e6c7102095da7eb561acaad4160c5ee731c6a07df71029cdffc6171412cb3b10c6b2537fc3bf30f9937c52c5bb9f64f6aecc7cd6e897c996995dc31ca7eae31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3728f80299b9868b8201ef76f796868f

SHA1
8887860093682c98ba68bd6928fef277b849f140

SHA256
3183844b9619b42062b558cc6ce2be9ff0c96666eadfd549c21e0cf0c8544b5f

SHA512
6f5eb81772ca7c4348071ecd00293680fa23f4e47484fb946f77cb13f1bc1d8fdf1017e3c8f771e9fbd5e1c7fa9dcc4dbe7de2c0f57a89022c327ece92fda68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3804d17938193008c899d61b6ae0ca8

SHA1
24883ed9b0ae34d3b0c7faff34fabb26f0cb1647

SHA256
01d6e6d3746c486c56a57f7d6caf3cb642d43ddd3696047c59c659ec78563f9c

SHA512
24dc61443e4306c6505f20386fed2cd90b4fecc15a2611ab02361ee17c607b5e564fe014be3083def1e7cd1db70d52565371960a52125f6bc32839a016b897cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a32f4e2affec4a6d40d7a1f5bdcd3c3

SHA1
760233eca5c473f4d08d63ac5f5980286d69ad6a

SHA256
61557cb57e0159e9e3da2aefd3b4b2786bca9c75cb4d667c350c11d2672c0195

SHA512
fd092a118b550a8050eb9191b9d9aa6c8e5aa26b4cc23459eb8f08ca0e8b501acfd98d7d9120bc837ccaa8758aa22cdca59fd4de4dde3772348f0e1ec05805df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d5643d2f1bdb000cdec3faa1579e52e

SHA1
e50671431e6f722cb169a4f2f877142d990d0cb9

SHA256
07d47842f68a5fd7fd69ebfd82ddefa9e4e7fb1bbc7a7e56533312d07f1b4922

SHA512
a8e828f56244c750c1be8c60b972bd0f26574a0f1d74fd5e84d545fd767ebce562b7b44a94cec3d959a3031e4eb5e320181c2cd6912314306b6cd0f6c1c45285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d44127a247f99fe4c10f70fead21a8fa

SHA1
a85ac58bc573bf8bedbbaeba5794ff270caed38d

SHA256
24982a22e839992f4cac19a05fcdb609df02911bd217eccc0305d6edc87194a4

SHA512
f704430ac970b2ce7001dea319886dded58eed6f774de3831ee051fa49583ea7ad16694ef0597761aba42570430af2cc99a795122de88858df3ed90bbec4a617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44b33c7305fdbab98542fc383c6423fa

SHA1
829f8409c84c5f666ba32931ba2ae37c060f0d1b

SHA256
1dfdbc585fe1102ca1381be17bfc00c900b47010d00b30343cd1138ee6db5b88

SHA512
f8b50a79a98e2ab9c33997f4028d9e1e85465b446edaf57d7e2fd05c03b1e3d11746655c7139eec302675a0b1ddd0e2d8934f73273a9e36d33742115682b2ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99e06f9f5429aba078f9ef7f487604c0

SHA1
2921654d3b514ac17c02132d14032903f3127dbc

SHA256
de89990b984ee14b8e3dc2a85c8a8c6fcdffafa505d3f54e1089427a79040bd3

SHA512
9c091b014fc83e190949da9619f9acd9af6d21b49edaa5fa876bf8ce7708622bde1859df5c05d04cc83a8673c0b2547c752e67933fb4573c3d48b3e6744ef4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2f0ea9d516d7483639a115fcceecbdb

SHA1
a1c47bc5f2cd0727a5c6d371002cd897fbf93b22

SHA256
bb9fdd11e9c969d615c1e8c6fa5f42564cc16bc9f12bc7e8beff0a09df663b25

SHA512
ef74c51bdb5c03df71275696f147fe207bf812afe0400a123413c7a726dd45f37b71720ca4d32e6e3dc50e86b70db835cc398df25c7f0f8002774b36c13a5504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e4d824cbf5b7e5eddf7467806e44348

SHA1
29cfb50b1b61ea6fe5c38820a8b094d4c83015bc

SHA256
9b19fb0b983e03dd0418b85d2f445cbf444118022653ad153af7d2a53fd22a3e

SHA512
c90f03b3bc74a52b6f277b58a78a7fb54a6c9e073e5e4d0618186b41ceab77f21552bab5ea27d1ae9999d5cb1936cb74aec5af5e8da134446311731fc3596fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eed37d921799c940a7e32739d91a2cac

SHA1
ef4794e915b6c4fa620920ddfdb9493cbb1b16f9

SHA256
65ff123e585b8d7f17872d40517b6169d889483716be1668e197b30ce6b2d909

SHA512
5c1192cdead42622bdbf82cfcb2ca880fb26ea0b61ab524e8901c3082524333696ebb7cded0dcfd50f5463c7ca37d4f3b9841e7bc98985c7fdd3ceddb15e2561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f0eccfbf876dd4b1e8128407f56b911

SHA1
502357e1930569aad50fa0fa21f7c114eb862bfa

SHA256
9faa785451ca99d3eaae156aa31123670a836f2dcd294b9ff4250ea45f76d073

SHA512
4139f070960a57b19b64291119e5e0de3bc972ec1a13a9a2c9bc13c6876f22903622e318d1512cdcc216305854f3e2fc7c82a60cb7b6b235f19a4cb24f6e05c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
fb914c9997c021a7351027121ec5e65d

SHA1
3d7557f6d12004e731f2630d39cf2f521eb65d06

SHA256
83230112e287641515a415949876d05ecaa282946dbbed9835ac966e43819ecf

SHA512
f81122f1b8671ff334d0a0adfb6b29a825659ee81c67d05d6ac7d52a8d2df94615d245697a3fccca0fc10632c19e6d398d0e466affb1c54e1914d2f1d13a6ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
f68803757cc894f1c837faa1ef1dbe4a

SHA1
01b33922d7a2cec0e23b006e4a1dcd57f45a9700

SHA256
47fec6bf6b007dae5f9482008d575b267e9d1fe0b04a1e3aa98094b82f2876e9

SHA512
1382caf1f91a449c2a817dd722639f08281ab4ca5138fde19ace6af13d0305d50a3c3dc882aa0f53b423a88d189317fa60221e9f6424cd51631e24e66800f2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
9321c6ec0f92f2a936c04e24962c76e3

SHA1
1ca8b4ea7b047dc926980f9865687e47da7112b3

SHA256
d35ec24a3ddb36401c0ea0a917bc5e49cf6a69d78c28062589857b43d66d4377

SHA512
d9aa18ba93b9c4d9efbe272678b7d1d2f2e949dd183710ec69c5f30a7b96766f69f120f9c42fdec5b28eb7f8a84fd71a8808f6d832505407f5eee0b77b3a6486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
5b78803c1db2350de3e45ab8f8d14e88

SHA1
448cb59600d208425ab162c3a4b438c33dec931e

SHA256
11ceeeed67a94a87a0e9d94c7fba801e48e59a8cf970893f7c19ec4b37eb9233

SHA512
1aea7d1bcdc59d12ac37d4936beffa9518789b5667dcc883f70744e635a81585eac69de4ebdf0b3fd7cea59b42b4b1ad84e3824bbf86e7f0e0e3698ff5dd3ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2f31c80cfb773c158f3cb0cf65ee38c9

SHA1
bf37835e36a6fd8faff4f8fea83ce8f4af1989e5

SHA256
83b60f559166ce3212f832a6e6768a072ba40a98abbcea51422ba4d7807d3da3

SHA512
51e516ad87460465619d50393da54f31e05443cccc13e322ee4dbd24f2aa0621fc0bdeb28dfd96497aa1f695f228e9bb35ceae08c14d74203d9b12c8b217a7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7f747801e510e67f823c2b18df7d588

SHA1
511d6fd5c1f046afb9abe0b6f9eea3347380fb57

SHA256
a71310b7e875ad065454e662fa311d6b435be8a3ef411ab9be72185c6b1b2bb5

SHA512
9727eaf1874f5eb998d62c5795ed8b9e20f058bb446b5549e35abec9666baca6aba3b0ea42cacff059aba2cad304449762fe4f5f8d8e3873182b881612b826cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e3ecde2b2007ca1d3661bd6961985ae

SHA1
d47e37f1e973cf00ce2fa4e3d1a4b41faf81fb05

SHA256
2dde562bbc42463b96f5e1d5d5a07464aa09a83108fc27546a5a78662d70a951

SHA512
b6389e8c61803419304d6b9548c0c8ec6b2074d7098b630e5b21a5f879ced77a14f44b9f386c046441841c284fe0431de0e396fe1ea6e7e825b51880ec2dddf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1343d3b3279e2f3d36dae6044c3a96c4

SHA1
4ba6f07903e1a49f1099c5fcdaa6b32007b1288f

SHA256
78dedd250b5623f6065d9277d76c9f8749836777a47dfef25ed39edf27f2929e

SHA512
f9fba3c90c08a93c04d78ab81d4a80cf826ef84443afaee2533565e3d0e737701c3cb7ae0d6a06c1660bdc3d6eff386ad8d3d3d3aa31cf32286489bfc51a1c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8c60fb5f43ef9bc61ce23e0da9cf4fa

SHA1
7b72c4ca53d5b2301b447ae8f37a22716e581762

SHA256
d1315cb91109b92ebee00a4249a1eaa2e0cddb75f4f7e8f58740772fdd7727ce

SHA512
bbcb28b7946c29c578c565bf24e9ab2bf821511a69adbb98002fca34c4b7abc96f9aa0434e43aafa53e898ef34944487eba70f0c54f08af69bc20c768c2af7a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
ea588b9b0825ba52a2f197d3e1be5400

SHA1
24a93e47176865f945e74f17df5098f2c12402fe

SHA256
9c185eaa320e344888d2d22fcf86cfaa6eb63048fb8bd2a5e82828ee04484c6b

SHA512
251b4faf1617c234af0d9d78196cfd654405c1c1bebd47904138c4a5fdea42b7c09e3e069d3ace899fa0f4766ab941ab4e4b4f97e3be946bb03d8c0897c37d8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
dccbee21f07197ba56127ea4b09c2ae9

SHA1
8759561cc5d04d28431194c9f25f1341e26a14bd

SHA256
7c2c98b5ae061321589458d1a55868924b948f7efc546ddbbc920f0bb56d1fe6

SHA512
a5a7c878a95d01b3612ed7e33aef42a6926752bbe2d4552fbac554f78c13bf15da17ae08a45954a146ae2dc17133a7feb0eed8dbb9e965f9d74079c04a425ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i4oj3tud.jnd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
17KB

MD5
b1ae8a232489360d6ba13802e5816ad0

SHA1
57d66551e3f475bed9f431ddac0712b9e0069ff3

SHA256
def2423ea607cfc8d45c5021b09347c06b6ada981f0477f2ecc487748db16507

SHA512
5f7910b7ddd0895a3f0d0243fba36cb4a2228702e394c83a2749f5c2057056cd089fb9eb3ae8cf1877b973fa89e55a99bea004e0da435643f2dcf605e24f95b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
8KB

MD5
cee87c231a632c8613b181b4f9e47db3

SHA1
6256e7970c1eaff072d394ccbcff12f3fd5ddf1a

SHA256
95ee4a2fb9bbc7e5cd42c901c67e4d11ba53b50f732951c380e8a12c4b1ddb10

SHA512
ad498ff5fec5cca971b4bd65c50aa4bee87800d42c818643a326b45c1c4c2b4c1dcb4bf1d410c72020b90e1e939dfd8573a530ba1be5200fb32dfc78224c5e8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
fa329fcc4ccc42f6c333c4c6a2cc9d89

SHA1
8afe8c57d6aa091512b1d1bb24c454132872145d

SHA256
0dd40b6086c3880002829dd61626d217a779ec8a43a49d001a5a08a2451c7bd1

SHA512
49d0d714fcc4daf4a19c018c10e71b3cd10684f88598d2f623289769a4d964804c0aa6c06db1738826da9b55e16c8a894222ae092dcd7ccc1e6bcd79c4d539d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
141c871db73dbf74ae2432966d975b90

SHA1
ec7e7cc4f0c4fa8379eca009c28fa1829ce9b184

SHA256
071e19a79b4ff6c8395196b550a046a118d8434a29876da8b79f6a3b33f2a191

SHA512
757f559b7793252c4826f81252298f75f0790e1fa98695347c57f12b38e82e17489bb3396ee89b5b2eb259ce1787943a5becfc72c576a2091d248a7c9d66c669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
995af0e5130385c73dc877910d9acdd2

SHA1
1c169fe00b42a202aa2b1460a52fc21b08b07581

SHA256
e6d2aed3fd8b5dc61b0698c8be86e9785be36a23b889144552d5857884007fcc

SHA512
cbfd5bf6ec9fa5c24db7888fa3e532befe176de202b2a4e874c1adfbb6566c1d4c32827bf17c9ab4ce033e8741e0bf907cfc7ae6dc171e7f2fe21f7656f5c9ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6826f4c6dad33505c99ff6ee90cebd84

SHA1
d67601072b557f96c5eae46371acd28e886e3edc

SHA256
8e8e026b6ff50d1b1367e5dc383f068a6f356c471340768f6e9606f1755dc595

SHA512
8009bc7a26536f30e233530bda2a1ae8192c37f9de1af18a28ef9561edbb3a6a203c0cd95829ad1682397f17c21323d61564dee1d315874f111de8adf14a92a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\81b74481-2515-4391-9ba4-ac8fc46ee82c

Filesize
982B

MD5
57c5b083d00311743780aeae794df10b

SHA1
9ff36c20e62dec22a084a0241f8ec079d7434be1

SHA256
ed6045e6fa96ad77628c47691e66aa034eb40daf7aac3c86e5699655421e75a6

SHA512
4cca1ef4c16d1d4d2f0373e54f4c8cd43401bc029610d33e06214e916aacbf369f452c60046e0d7f95d4c87fd4fc1a249ede1011fce027e23c2416d384e3f12a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\acb849cd-06e2-4304-a2f8-404ee3061a8b

Filesize
28KB

MD5
9851ebd216ce6ebfd18b3459dfd9d3f9

SHA1
bc310375359f8d9d79fc9617da8800f867111fcb

SHA256
dc608e986cb8aba4f506116816b8e2f62f51fdd5d5e3d11af2cd10f14cf40116

SHA512
2036a4d495910aba9566e32acb9ae12290a5373974af3c0b018e14e922a3d243947e9ae9c319e7d487e7e51ab932fcb8951615748ef7d2e17928056cbb549468

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\f3a14d98-cb24-457f-9e18-cd7e44a6edc0

Filesize
671B

MD5
77548c18de8a5e11482084eecad4e4d5

SHA1
7dc3f3d824ca02d38cb21527a8ff8fb6cce930fd

SHA256
3aaef9d64d4a5394dcee21af8cd5919d8c36669b64f6969c2ff558367bb960fc

SHA512
9c9a4bb0a751543017171924dbf4ab9db357c18e11cf054574df1d825fafcf43128e0131a89adf1e96e6b01cea383713782f6cdf0f8b40e1de2b5090a8ad99af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
11KB

MD5
04272e4d3251d85189194bd1e2f080ae

SHA1
8e4d25233d5da7413ac4ce6e1107b7530b4cbb91

SHA256
deb4634328b67b9ad453ea50b5cf3f99a35feda84218095a04f43a2aae17010d

SHA512
9b14e073df2d220d501a3ec45a178c4a4edfb1a2b8abbb8fe871ef4c73ba09eb142e792ec4cc82dea169b15c57b4a2ebfb0a84636c0b070774961e418c8046fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
19c219992fc68f4baf68be670e881f65

SHA1
37c50ca4c939684017606358f6efdab72d6a34d2

SHA256
d31df0da44ff8fc34811756a92df255c0447ff7493fa4b26c41ac12a743eb8de

SHA512
5a715b40466762c656f9c44f6fc641bce91462b0ce003f755957b80eda69f9eef31b821a9866ac67d0c0e357ba08917eb04c0a5f3e654415020c758f6e701f1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
fa390f05ff88301d07f42ff9a300df69

SHA1
a20b1409ea4cea0704e84671f566ee368e52b225

SHA256
318d59c765b9311b83bd40bc5c46236bd52e39586bd1089bf0422d60263c6312

SHA512
1ee4adfecf6cf4819efd00ad1c73c2fe62595268d07503da23d4cce63296aa5ee8ebeba3c46fda2c9c5c66879c11387c944d5c0771c02756e08a7df1e71c79ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
7bb2593e75857915fea2ddfa3cc697e8

SHA1
d8e570d697a67ba287d66530dbc0f16ef8851b12

SHA256
c5d69e49ce3b2a8b1458ec8f3c77a4521cbc9a3c184751e2ef7b7957fb60d5ad

SHA512
c41d7c79463206a760a1c975b57892ba065083bb60bb60e68a69c46e7130e4ff5e089f5aa0faf19443a7bb63210e47ef3fb870dd56ad74edf3a1f345ba55642c

Download Submit
memory/4124-0-0x00007FFDDD683000-0x00007FFDDD685000-memory.dmp

Filesize
8KB

Download
memory/4124-12-0x00007FFDDD680000-0x00007FFDDE141000-memory.dmp

Filesize
10.8MB

Download
memory/4124-11-0x00007FFDDD680000-0x00007FFDDE141000-memory.dmp

Filesize
10.8MB

Download
memory/4124-10-0x000002181E690000-0x000002181E6B2000-memory.dmp

Filesize
136KB

Download
memory/4124-18-0x00007FFDDD680000-0x00007FFDDE141000-memory.dmp

Filesize
10.8MB

Download