7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe
Size

89KB
MD5

7dc64c8c2082b60a5322b2828d5d0ffc
SHA1

5104d2001d989bd581ad3437a38cf68059e18b18
SHA256

7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf
SHA512

7896daeca80e84a96a74a43a28729eb337a45bad0af01e80951f6d1ebd047433491707604fba4e6a8f55f4c86e6cc55e20692f923ae28b1776b5dc010141e98b
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfyxxOq:Hq6+ouCpk2mpcWJ0r+QNTBfyx

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661303399788166"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
2532	msedge.exe
2532	msedge.exe
3628	chrome.exe
3628	chrome.exe
6420	chrome.exe
6420	chrome.exe
6420	chrome.exe
6420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeDebugPrivilege	544	firefox.exe
Token: SeDebugPrivilege	544	firefox.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
544	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4932	3620	7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe	84
PID 3620 wrote to memory of 4932	3620	7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe	84
PID 4932 wrote to memory of 3628	4932	cmd.exe	87
PID 4932 wrote to memory of 3628	4932	cmd.exe	87
PID 4932 wrote to memory of 2532	4932	cmd.exe	88
PID 4932 wrote to memory of 2532	4932	cmd.exe	88
PID 4932 wrote to memory of 3648	4932	cmd.exe	89
PID 4932 wrote to memory of 3648	4932	cmd.exe	89
PID 3628 wrote to memory of 1124	3628	chrome.exe	90
PID 3628 wrote to memory of 1124	3628	chrome.exe	90
PID 2532 wrote to memory of 4296	2532	msedge.exe	91
PID 2532 wrote to memory of 4296	2532	msedge.exe	91
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 3648 wrote to memory of 544	3648	firefox.exe	92
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94
PID 544 wrote to memory of 4500	544	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe
"C:\Users\Admin\AppData\Local\Temp\7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E407.tmp\E408.tmp\E409.bat C:\Users\Admin\AppData\Local\Temp\7fb00f3546d62a9cee43d895c64447ebe1a14cfb365a2f2f6989d9525a3dd0cf.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3628
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa08bfcc40,0x7ffa08bfcc4c,0x7ffa08bfcc58
      4⤵
      PID:1124
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1912 /prefetch:2
      4⤵
      PID:3840
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      PID:3908
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:8
      4⤵
      PID:976
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
      4⤵
      PID:6096
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:6108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4712 /prefetch:8
      4⤵
      PID:5140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      PID:5312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4640,i,15037862887077969707,9112947638798747707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4724 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9fa3446f8,0x7ff9fa344708,0x7ff9fa344718
      4⤵
      PID:4296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:3156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
      4⤵
      PID:3608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:4192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
      4⤵
      PID:2700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17884219776701118101,5525593698263234421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
      4⤵
      PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:544
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adffbcdf-5c36-4b12-8166-d4b969a9cbaf} 544 "\\.\pipe\gecko-crash-server-pipe.544" gpu
        5⤵
        
        PID:4500
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657f20e7-18b9-41bc-a6a8-43eb82a55b14} 544 "\\.\pipe\gecko-crash-server-pipe.544" socket
        5⤵
        
        PID:1908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2976 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5540ae2-0997-4928-bc63-7e960c0c3657} 544 "\\.\pipe\gecko-crash-server-pipe.544" tab
        5⤵
        
        PID:3616
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3684 -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66bd8bac-3447-4382-a7d0-e26d2d6c861b} 544 "\\.\pipe\gecko-crash-server-pipe.544" tab
        5⤵
        
        PID:4424
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4180 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4164 -prefMapHandle 4208 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b466a928-64af-4736-94a2-cad0feac3944} 544 "\\.\pipe\gecko-crash-server-pipe.544" utility
        5⤵
        Checks processor information in registry
        
        PID:5800
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 2864 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1285be14-1a6b-4595-8e6a-a4132cc1ef4e} 544 "\\.\pipe\gecko-crash-server-pipe.544" tab
        5⤵
        
        PID:5624
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {391826ad-e667-44e1-b876-54440039a2b1} 544 "\\.\pipe\gecko-crash-server-pipe.544" tab
        5⤵
        
        PID:5632
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {586a7a1c-da8d-4c60-91b4-0a4a3cf3ff13} 544 "\\.\pipe\gecko-crash-server-pipe.544" tab
        5⤵
        
        PID:5648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1f9f90014e2be8c63f791e200935ed0f

SHA1
c36e8cd5cccb252d1d2772645355b5bacb47a9c1

SHA256
c30326e04cbabb0c246f9eab76f2f80aafb95818e9678c8f6c21c090dadf1ba6

SHA512
2a20b3af36da6345748237a00f4286176ba1166073e0eca836169e246762aace24b3f5d79b1cc919d5047b9773585cdd24fe6fded1b8dabba7185292cd93f34e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3e6a0211bbc41b463ee7d5bf81b2fd01

SHA1
3ec21ea737ecae9660ec5cb575860d5da91c6ec3

SHA256
b834ec183180ef5591f80845fa9c86b58c4a7321641b61abd7cea9264baf2dda

SHA512
360ed64d67f37e74bc27672b71b5f50d8533f936dfd3f8015f234cb7fad72e0c5fd57dd6c2f123960f262bf3b4c3fbf4ef8852e59f323349ad8419e63689a709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0d12c59323a8128b94e91d3785da4bf4

SHA1
84ecdb3ed95353cf158d223e04f621600f2df5c4

SHA256
323d44abb9f9a289b9347567d1234ab4afba9c48f4417afec3c886445feddbec

SHA512
37f2c9124ca2b3d881337fecb79544d5962ac932ca56f4eba6afb53451a4b7951690382c92e84fc1c50d90cc5b8d8920b4aefd95bb28548cc05ea0b6add1edfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
cd5f3ddb802649d38acd4bec1fdf34f8

SHA1
aa971db0d664cde6034ed8474f9b27d12f6ce198

SHA256
62032a19458e22764589454c3d1505bd0aa84205dac7cb8749fac1f80ccc3939

SHA512
2def4aae5629c35ec48366476ac6bc72969624ae57d4c67629af42ffc4adbe5e33b4c511dc3b321c1a75cc6eaeae35ff3889c3b21a646b0221d094c56ad2eaed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a49b989cffcfbc00980e07877cd86b8

SHA1
f62dc916bd9e24b7eeeab341bce474d668e1b259

SHA256
3c95d576b73ca370a7becd39e8148a451fa1e7f0af40ae7cbfd002c34135dbc9

SHA512
0d26fada67290c7c1871b267a78ddc12061d62affa55225fe0361b0eabc6a450b018c7f8409aba9ab7c45ec9489f38c2d5aa9d290675a9a4f125e70981975c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2607a193811da6f8446ab3f924383404

SHA1
dd5902b0459d08b246c77f4b50db7fcfc1ddf7dd

SHA256
b6d15268f4fb003a51b3a69dbd80776be1a8206af65b96bb6436d292a1269986

SHA512
5952c4fc65048ce0e5d33b11671a3323a60b84e6cfa0c20c996c938809fd254e8046bc2f029e9a3e6f1aa491397a9a7b6e31bb591b15b8ab684024e4ff620085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12aee874031cb05a0274040ce74288a6

SHA1
11581a566f52509301e2b2edbe210832267b1701

SHA256
538cb6cf186258a9929c5dac59eb20cc2380657398ba0716900451a7d49726d6

SHA512
7f1dc130802c66c3e7a4e99cf4373b6ad85201f288ba012735f0e8a90de231216d07a56373afc2115ce10819fd394b29a37c94def0034d936047444873231e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
446ea22e19beb1919b984a415ae107f3

SHA1
b70690769b785f0b7445de81a7d1ed6e811661ac

SHA256
cc55b401cf662ed082aba9d86aba4022e668f48c6d9987d29b6b87cfc7a7b8b7

SHA512
6f892b64fae50d0ad6547e0e4da7ffaf030ba8ccd24288ccc17029e8963c2d2b079f276e429658144084e80daf0d296a2e646a8f79ecd5a04ebf98354e760116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f55b045ded7ecd0b55eaba265195e2c

SHA1
aff542a504277e64a96fffc12637218f671181cf

SHA256
8e0ff4acc401ef34fd20c22b9137cc2f25da7e2aff88d4f5edff1a6f28d5a1dc

SHA512
a23730f11a553e269ec375407bea9154f6397cd7962b642990cd6bc92edc86a7240b078ab1b6caee49e682f6ddb843c3c226208128089c8f43d316e7b25e6baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d9da875a73bde1c201e57a12a69328c

SHA1
c02505841eb7a9cb498d42176d5cba49554920bd

SHA256
270b930eee486c49c6c306553c273929f682abdacedb067489347ae88115cfab

SHA512
7a665500296ef7f718c71d6fb3224856e28c3e27273171777d0d6677f2a3348a5261880eceb4c9e079bb7b30399fa3c687d33ec5b5870fdaf2e6d9c90526a967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0c0b75ca5a1d53994e0bfc40a78ce41

SHA1
83bd5b208b5e2bbd4f7c3dae047f34a8978a8d12

SHA256
dc0f5818686176e5dae4b52262b239405327e9f2102f9434ff2de66ad92fee32

SHA512
08cb778f9d03189a0f237383681e121aec2e4a6ec699d7e8a37733cb1de2a135341901440feb520f5c814b627606703623c88f1b77fe912a6d1fee12af3adf52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e65788ec02e732c39b5d39b15ebdc24

SHA1
aeefdbd1f24903e92ab48a23e95ce5f42e82b075

SHA256
456538c24a75d5df2a6ba09a690bffec47d76b6858b9d1e989ce96a810af89ca

SHA512
04879eaea549d34821c69cc89f699e3ed1670b864843b95f187d69218fe7470b3ca6f8409f2760f07c1418a5c1cb4d0c62cf2d39ee0d2ac6916874c1ee9119a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86370f0f81b16ed81c1169239d17e221

SHA1
1368430c5bd99bc8d2b93f5e181a415f1a4a6f7a

SHA256
f28024c7cd9d85d113420bd0f45732ac3b378203a48f0595f920294996d5dd35

SHA512
e042ac461f104a7df7d05b09d701cb81637078f8a20d24137beed61a64426982d68a45d9e963895037aa84e0dd3c39573e978dba74732462de8ad79266e1430b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40d4b1ad9e587ad15bc1c60e311d2bfd

SHA1
2bfe195f5868ac087c97f319dd076fbd902750e6

SHA256
77837d9cc0e2538a011ba6346b4c4d430b76134163a41b8113c3989d01ec6297

SHA512
da43395850f0bd27e1e4cefb074a049e591ceda2b68b38288bec8792efc869e2175c92afc9c9d904b7f597197532fa4787e9b1a9f8cf1f71176db528888932c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
44361a29c8b12d2653e16a6c250c8ebe

SHA1
92c2a45e14cbb72dc6d9dcb3f6a2699d9528aa24

SHA256
65e89f3369afa5f82638b2609d2a0241baff2e034f601fc6bb9141bc3e451c86

SHA512
99c8f822b7776b0b175a90f6e298a13908f67e173df3d901ab938a5d189b17371621bde62537f5c4e521b1e338c8a85a84953deb34f09d6d5957b3cecb7af5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
321e4b807553d8abf9a15cc0ae8e3b01

SHA1
c8fdc8138c7b37b93c1c953bc97055212e8e8030

SHA256
142f1fefbcc3a96e684797fe661e1be7bf720e79903c46e92937b0be8d1caa51

SHA512
751429e4bf51a9e56b84352a3faca51dd343fce10890d97c34cf39c8b4c5df1aa7277a96a52eb5ab48d52d69e9358ab34a7f2f48882ab44f02d7e85ac4372e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
00e2408a9fb165a5f242d078cc8967a2

SHA1
9ad7a70ff6c435daeb26c273d8a4afbe6045d241

SHA256
2441780adb5f8638470ec6e00b9e568783612a297623c3dbad4b5f26c2da1a23

SHA512
d3791d5c78659a49cb86dd8197244b6e89e3ecede43176657fed0de73364becf847b4c22137cab465650d616057ac067038e36d59a4a7787a9f34785b45221b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
502B

MD5
afd8096f90f2f8ff8730de9d21daf95a

SHA1
a10f8e532a76ae1fff6f25fc0ff874168e59be6c

SHA256
e5709b8f24dba71a64e248031ca90e5b7ad0201b9fc6e162613274316936f3a3

SHA512
181d31ef93b79b729f0ca8a8d3d7ba1c58e54db6b2f5418848028b873e511e1a09fcc258ebff98f01c6ce5a0fb795ac592652cddf56855419ca8c430e5c40b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71d2f6336493831ec56a8aa3e0763982

SHA1
a9ed17806fa1de95e374aa9ed62826948a7dd196

SHA256
eeff15f19c55a7ffbc5f7794f17d3b4a9696d1ce7c12fca999bc819ceeb5a24c

SHA512
c3a680a1f14f726412be71bc47876713aae8f5b69e6eb64d02a9e28b0dbe1b336df392db0d850134bc19ec3b6a7c2ff717e18b06d8d7f669d77e55df0397985a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60a2418823da13eccea619185a782ae5

SHA1
8a268349e90ce9ee4affc9a0e42c39e33a6c62db

SHA256
aeae547048eec8cf91f44d1eed6a4e6c6cc16c1f8283b49a6639061200fd9bcf

SHA512
7b70192936ca44f0b9a43c60958a3e5758fef123e3f62449b94cfc4955fc8c09c012c899e51ff7c060b77ecff0b82a98a59f00017740aa6c867510889fde32fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c0ee66aa44a465a1e96674d8f3d59467

SHA1
fe942a510ff47ccf8e971c34d039f4dd752f1823

SHA256
1c83e14f5cafd95a0c7e71b730b3648652166c7c9cb86159c94122c690bc6f1f

SHA512
ca166500d18605f26a3cb55ec99605110687e8e9caddd64c9878b4a3ca01492068004aee8ce7e91f1ed1886901feef899055b0fd308ae7125032b693044090b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
11b237e22fb9e3c50b5c358e59bc4a4b

SHA1
e4415298b0b496fe6c887c92b0760bc082d45668

SHA256
6fdc7b7e7d712d9a2849ca36599ebdd3285569cffa22f178753c5742f932e97d

SHA512
1fcd5b874d9e6311118fbd3f44bd0b9734674c1717ef4439fc3cb65bb0d4b4b557e5552be1d6411eb073f6040d306a5576745bfbec7cd6284d8fb6b611a0684c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
d8e60b23007b440134575b68264282df

SHA1
2c45f74655832b75e2913c64691e0390899e0d02

SHA256
67ea64cfa791e0be9119689ee7bf3c514d17eac6bebd34646930fc26d5f1b7fb

SHA512
3e7b3d80f187f80ae631dd7934440e839c5913a74e65fb9690cdf402c278e39317adc0abe89d0e9f924204ed18aec14dc20d96d40fe36e5bf44cf58bedc60ce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\E407.tmp\E408.tmp\E409.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
8KB

MD5
1b7596581e8973b81ac733582e430a06

SHA1
e8875a1d267715f9cb3b6abf3330fd21b92e0c25

SHA256
17a938b03c699c3533659078c2e2d64871b9f8d09db3b9b738e6ac37740454a6

SHA512
c850d29388729879327049a3346ba17d9cdc2bb93b8c367e9a3a1d6a3a4b0246fee3ef257527011ae1c174123ecf97b0095033831286e847cec0c8571e18b6cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
17KB

MD5
d51c4b64f7c48c5ae5170e731cffadce

SHA1
e1e40208570b564439843855ada11a62158aa1c7

SHA256
17f95efacde0122ad27f9512a6b9bd6e393dd38dea4b39b136819f854575fe39

SHA512
33140dc72d9d452d4bb4929cb8b29e650b1e9e0c3543341269cc7e5b183a68fbca627aaea1d8a376b288e4599c88562ea6e2297708bd62e7a333bfb0d0833ae1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8b097bb86faa04fd9d3a3674a0ef969b

SHA1
f27d1937f9bb24096e1321ee7944023ba4a162d1

SHA256
2f50f845e63d857d08da023515bf21ead18f4a21e397142ca7297d7a74354418

SHA512
c7859b44f9b757202ee5d6a6ff492b95662b058661971161438e35aa72ba5eafa1222108caf0a2b2f9c1c533d8b86e1f8fe2c75e90f77ab882b98cb5910cc0ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
76887ff724292819fde3b672ec6134b2

SHA1
bfee8c5ec39972616f2dcd04aa8b4642f6f96cc7

SHA256
c1e8fdef1c80337dd1baf9525bee5c564372d51131c5196d245540f4084831c8

SHA512
4f000607d48aaf82dfd41ab42c418236ae95bd7b84f305c124df931a21cb53108bcffa368da7bae6ea42b219332f2cc7ce4af2915afab0a86d43690ba8767104

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
d5025adc7848930ed4bfa308def8b00d

SHA1
862d67dd00917e8efd712d3cceabbef0d04db8c3

SHA256
065903a1b9fed0adab0390a8d8587de9597fad0c366bc8d62750937ce6999e75

SHA512
b8fca2f892b8eaad406a41256278b0aa12ecd46cc3acea698ee9baf036b52a0499bc09281052bf9f997c4b3706890311c4c11c1feff123fcc07746cf5bc9cb90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
444aae2c9ccd3a2d91b4af967bed5536

SHA1
b5e58bf2731fc4a6167b6d4a419a49269cd5e40e

SHA256
a67db710d7540f16fdd7a91bb88f0d7dfb88107ebdbb7231a3960c69bfef5210

SHA512
dbf13e7faf5e2ab194fd8c5fb3992e320169d4758242318aefb71146434b171a7dd4db59aff448034b14899a99e4fd27fb21208a3c600b177d41c5a445003803

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\61d04a9e-5e1b-4ac3-9967-4dfca192fc73

Filesize
982B

MD5
d5426cee2b9980aff11c311bdbdfc8f6

SHA1
18452f661b40401fca12244f5dd8d71c761911d2

SHA256
2de8c09ba89a794d85532cda6f8649f09b1663e43fe9bebd5b902d725c6a8d4e

SHA512
a00f04729373ae6948abe0f5be6fb86b7fa94d4e8bab24047c24ab0084dadc17d4b1d12fa1e266f2c638a0d66f31a8afb3cba0ef7d72b6605e69b939dbd1b5b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\d21eb96b-e084-4eaf-9b77-edcd62c858ea

Filesize
25KB

MD5
48a0098b4edaff814c76ee24e7988283

SHA1
63b642b85b23488dab9d8b53527deef38332de44

SHA256
9d5308c7b2a1e614cea0ec58822c9dfa7b9c17448a927d313ae517f8d96ec5e8

SHA512
20d40971818ae818a3146ab96f5ed04ed08cfaca546af15fb43e1160a32744dc0d9e57222cb618013fdf53671e3b5c1b9a1d774ae508165662eeffed052b709c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\d28e906a-0f74-4aad-9fd6-0ce66c676725

Filesize
671B

MD5
70bff9b036fab076f3b1a0984d1c0b5d

SHA1
4037c82c86fdbaa84cb2e4eb506ae7c873b3b129

SHA256
cbf2f65d86df28aeb96b9b9692aa054a1b4a037c50b1b6722e82c7a506e64bd5

SHA512
6e134182424139a92930a61ba677263a59f34feeb764a32e67f28b7f08434e1fa342d0779c89f8beb819c097bce60c08219468c1a769d94046dcd60891b94492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
11KB

MD5
90ebde1a83b5c69a89f57d417a25ec3a

SHA1
562dcb7a0d0827e10ce211d7eaf49ec171cb15a7

SHA256
da1105a06c53b6e7e6679a3f02f066012b6020bb5548201a412503b5c5752cca

SHA512
012ff4fa548dfd43ebb579096de4118d1dd742a4e560acecf3a3ccc97d860438590657823918e8530b22ed13dbeb8e54e3f5631d2486e3ec55c5397a4ee5cafd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
30b324be9755c7e999d350c8d8faf76b

SHA1
b32cbd72f0e5fffd34620b45542e826cd5f8203a

SHA256
fcc1b55526cbf61ce70f01c3e6ff32779a9120090cdf826d7879c1d6089ec583

SHA512
7b52d7e1a656dc29955b0237a51daaae4a2676838ae164d5e8a93d3fcdc815eb392a27ab84ccb11c35243e1b37de3e38657780d7ede53012a112ba68b961f2ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
30f34dedd6a7552c3eb2d81b01d1bdcd

SHA1
4819b84bd0740cd29e6c9a1c43e8e328e3f18c7a

SHA256
da1fae6709c03084ecdae10617f696159b6026fd31c2ac8e4ad051b261f83a86

SHA512
c9b3ae2e2026ea4e99651c936eaebcb65fa1ac7439d473e3f7cd570e995c22ebd7ff4fec32e8c1af27645ff5b3b9e659f2cd5999d4b570ae417cac1266b7f105

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
ce80154438a27b2c7fa870b9a5f3d980

SHA1
897ccf5d7594133e876c382fca0302ae88207d74

SHA256
37a4291b521d3d11e70df79e4eee3f997dc65fb3d915faca034ee8beab876dcd

SHA512
1235eb0cf0748dc46b53d8cf2c9e1e8d3d65105598656c2a9d7cf4983bb17dfc887e9bf3d0881319c5704b519e029a1b4b7d07b9ede8399b675319c6ba953032

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
b345f97115569ee912b32967cd313c62

SHA1
273b73a4d444114f7e3d7db60c96c5e973cb4963

SHA256
c566359646bada3e724d82aaeebd74c2a8f1ed67604ba31aff5ac153d7b8845b

SHA512
31b6d1cd979d29106fe5df4e3cd78b79aeae9e7a82b84d74e0ca7c6be3bcac6a2e7254c0ad170a6b074be5655ed1d2dca8c266d3dc79a684bcdfb10f0e96fd41

Download Submit