04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe
Size

89KB
MD5

eca6fde64217c6e8fc3c70ec54defeaf
SHA1

2b8d87925a971dfbaa11ca57149eda9dc89c313f
SHA256

04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f
SHA512

ab9ac3bc32c5c746af1aaaa69c2c07e9feb24e6458398ac456677a6ed4aed64daed2a51c70674937277631c318ff3314724d480868c62a3edd5f2bf23ae01937
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfqx9eVUOq:Hq6+ouCpk2mpcWJ0r+QNTBfqei

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664299812547251"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
1920	msedge.exe
1920	msedge.exe
2432	chrome.exe
2432	chrome.exe
1760	chrome.exe
1760	chrome.exe
6576	msedge.exe
6576	msedge.exe
6576	msedge.exe
6576	msedge.exe
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
2432	chrome.exe
2432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeDebugPrivilege	2784	firefox.exe
Token: SeDebugPrivilege	2784	firefox.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeCreatePagefilePrivilege	2432	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2784	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1952	216	04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe	88
PID 216 wrote to memory of 1952	216	04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe	88
PID 1952 wrote to memory of 2432	1952	cmd.exe	91
PID 1952 wrote to memory of 2432	1952	cmd.exe	91
PID 1952 wrote to memory of 1920	1952	cmd.exe	92
PID 1952 wrote to memory of 1920	1952	cmd.exe	92
PID 1952 wrote to memory of 1996	1952	cmd.exe	93
PID 1952 wrote to memory of 1996	1952	cmd.exe	93
PID 2432 wrote to memory of 3476	2432	chrome.exe	94
PID 2432 wrote to memory of 3476	2432	chrome.exe	94
PID 1920 wrote to memory of 4348	1920	msedge.exe	95
PID 1920 wrote to memory of 4348	1920	msedge.exe	95
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 1996 wrote to memory of 2784	1996	firefox.exe	96
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97
PID 2784 wrote to memory of 3988	2784	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe
"C:\Users\Admin\AppData\Local\Temp\04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8155.tmp\8156.tmp\8157.bat C:\Users\Admin\AppData\Local\Temp\04ffe4810068dd894623f311f7cfec6fdbe01b0500ed7842e49a4de5f149136f.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffaa4cbcc40,0x7ffaa4cbcc4c,0x7ffaa4cbcc58
      4⤵
      PID:3476
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1928 /prefetch:2
      4⤵
      PID:4896
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      PID:4824
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2428 /prefetch:8
      4⤵
      PID:3368
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:5416
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:5424
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4660 /prefetch:8
      4⤵
      PID:624
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4732 /prefetch:8
      4⤵
      PID:4508
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4584,i,16190718224372714847,5636091397227393091,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:1760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffaa4b746f8,0x7ffaa4b74708,0x7ffaa4b74718
      4⤵
      PID:4348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:1888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:4464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:1996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
      4⤵
      PID:6084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3654618792105971452,10218637484681584427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1844 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {350f0771-57e8-4c8c-b0ac-6dd8f81d039c} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" gpu
        5⤵
        
        PID:3988
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce56765f-66ae-444a-9c5e-1b3c64ddbd39} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" socket
        5⤵
        
        PID:1208
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3196 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 2968 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d69bbf6b-fd7f-4d41-87bf-89e3f6fea2e0} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" tab
        5⤵
        
        PID:2392
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55df68e3-2bd3-471a-8044-062003a9ca5f} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" tab
        5⤵
        
        PID:1624
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4560 -prefMapHandle 3052 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1beec87c-32fa-4a75-83d3-35ae4a581ecb} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" utility
        5⤵
        Checks processor information in registry
        
        PID:5760
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 4460 -prefMapHandle 4628 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a368778f-df87-4741-b545-714eab559edf} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" tab
        5⤵
        
        PID:1820
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f21cf8fc-bdb7-4fc7-9b60-4f7f0711fbdc} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" tab
        5⤵
        
        PID:5108
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5828 -prefMapHandle 5836 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5311571-0df4-4b2c-818e-e4ca0e580b02} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" tab
        5⤵
        
        PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8f150a15f1140b6bd452b2394d01e5be

SHA1
f2c48bbc12a1116cf3cd463e2bbc97155c6f9ef0

SHA256
13e8fcdb0afb4d9f63a729d52c222e72742a53fe7bf89672977692bd1f4b1feb

SHA512
abd6856005176ddd24cd753beb141335d259c55367412ad689c79cb9fca38cd75aa0bc324f31a5b83e81295b063d96123522ec942166bcb94ed40b7add23a66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
76dd0325b7cd2d4fd76afe75c2be93b9

SHA1
44849bbe6f35cc09e22e5a4c119aee23db1a4ed1

SHA256
0fadc7154ced9142fb738904a5b1b2da6a02e0143d6477a5d7b4a2e0b63c81f6

SHA512
2f12e9fe182d144d3a10f657ca4214858a26f468d8de3e2ff741f63105f218a5d4be679159a1b44f7e3418724282de84233a13ef0fb57b89b8c13890f30ae99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d0a21df7279c6264f5a4d1e05de4e144

SHA1
e8756e47ab4ab823861dcaf12d61e1af4452cf46

SHA256
5c543f437901e6ba803f82836906d025e56de3aca77643a6f926d79939c4059c

SHA512
94c6f6a9fddc6a2937ba3e8621c54d56462f7bcfbd754d492cb6b88caf0b1073d71354ca28e9fceead7d4c6cdcb32c62acef901b0e968a2babd3e6fbe16519a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
0f89c2c81edbea8d39b966c6e6083193

SHA1
ad379b216314fd9c7ad9b7fdd387ae8aaafef0ba

SHA256
037a325044b2db4e6589054788e95d9ecfe19a8338f5f778c0adb98377a151f9

SHA512
72dbeaeb0b0e310d7bcc8c2597ade8da63c5e7e65bf76a93cd7bb72dc165324c53cd8504d8da10e05c1ab26372c7fb773a3698ef13cef3e542fcdba9fba0a34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc089873f173a1873b1fcd46b2b1b4f1

SHA1
a1d362de7a968dca55fc32c4da17e3ca93699c7e

SHA256
7758ebe7933db40cf75909bf66976bb57f4bf9a8a6a59c3c807761eb0ed58b9a

SHA512
59b517ea5f444feed889d9fa302e2df75d72bdfd200b0378d8593f0e8adfafb14d4a257dbc118543bc85a879357755b9d1a29681b4339bb60c0f6f2af2c7777c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
782a0cb79f4dd98ed26c7c658fc3da02

SHA1
4e3a55f7c4f9f2678e0d0ac2e16a4970f88bd3b5

SHA256
ccbf37eae7ae7cc2c0294e14439a58968ce7480405e69273f6b9468439bdbbbd

SHA512
e5f358f1796b87bc46fd1ee8b67503c7f78c3f55944e1e38cd653a5536468889b8b3ac7ece0cbcbb27583142b2aa8b29f6de6b4a448be6494ef3ddbb63c26d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ba605ab9c12076680913131be464729

SHA1
102e86719276ec19f55126671c754471a2aa98fd

SHA256
d7c9675b955db1d9e948f544cad424d4195fe4b7c16ba151ba327ba900f635f0

SHA512
88648015add9fc2927d6279f7eb6b46d5da419bd0d02353cdb21643c03d36c818a8154b5432fc2f5f8a73db7fbdba2588f54310034cb9dc011423ffc0e794276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73510aa8430430570f276781d3aa7a06

SHA1
5ef0a3a050d725b4958b50a3fee8963b7deadcf2

SHA256
7a2b71df5c09e992f2be6fa72f9cd8f080a7599c3c22cb3ea243192dcbec02dd

SHA512
37cfe80e1706c69a43de8b7a2757e0c8bc5793a52c85259fb0f59825023054d9241948ced578468c18f17f725c38ca87b4140df7907263b6bdd07b4e59bcda1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b79344e1ba45ec732bcbf4ff0d3d4f7

SHA1
298920ede84ce7a66debbaea577281c2e9ce81f3

SHA256
7f2bdeb98401bdd76ebf0855bddbe0313bd93053d8f8e57f5afdb3454fc57d63

SHA512
ec246048a90a1a1a0f1cda2d9fb7d7ebd79fe7e7f967b060d9e9f8a5d831b2eb4f8a710866b516d312dec1ea1e1aec7252fb4563dcf89d7ec60d4642d2357aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
219a5fea7e46c00752d774910ba8c8ea

SHA1
df7ee390f74cfff1c56325e480196cf41f8d9001

SHA256
e4ab3815d917353d0b8505cd5e4d01549754c0a0f4ab2e7a79b13fa534609118

SHA512
8c8f936fae97e24af9ae3e419f78e7007d78ac4570804e7cd2713875b5f599562d4582b4d8ccedc45f6a935072292ae1da8af5d34186ac55aba41850618201df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7f97253e76afbede6ed3defd5b973a5

SHA1
d7c9ae9279a075deafcb2c8d604500072202970b

SHA256
021970786bcf280db2d18cdd475ddbc069cf92013c8f239aa1ba75b83f2cee82

SHA512
b14e923152a6acd5ba207745f266799763470e78947862d639f905f0c7a46c9a6bb5826339cceb6e42b802867e346b2ca6118787549dd28a9026ccea201bd795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82ca91ae15d8f11d9c67442995493a5d

SHA1
f52534cdf24bedea19a787fc493399639aeb4d13

SHA256
300c423aa15416b29008e71386cf368212096312f8b19f3f4d61c4b468811503

SHA512
a7b0ad8ce07a88bd185f57dd381f0c66b748909bcf8294cda4e9d17219b8f2d3470d6d01d623e2272f9907beebeda5480fb479b6dbd64d869fdc63e4c0914edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83511719aa96f06c6ceb7034815b6c82

SHA1
e66d3bf783f9aacae7f4a55d286a79cf4eb1af6e

SHA256
35f63b60cc52be53ff2914f23c5d5702f3d5d1a00ed92c8b5b010b2d43982d8c

SHA512
c3544c3771ec5ba5bd1039130bda2ca28b09dc1844cd67a3c21b6360045145370d4d98cac78667c4b515f81a82ccdb42bd84dc97f49e0726d1fb50f59714a75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f8a99b7120b49351deb75dc23f4b328

SHA1
6afeca9ff3343f00f9ec4937405f2975626211a5

SHA256
0fac2c2e010d692d0c091575f7f3581b270220e40256845312134fa43e95a59e

SHA512
623746fc909d0aeb854a67926beedf04d2fe256420b31848d33c2947ac93dd46b1e31bb33d3de0af295dde2c253d195f74c1ed325186a87c0364152de1f116b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cd7c544117ca57dd4e55e90263d43370

SHA1
75171e59f9b7e9c11289dbd356b96a7d61e7e54e

SHA256
17a3310b324707974694b2bc04afabe538defa8aa4e3f7befe87551d5f16855f

SHA512
18bf616960fac9317304cea2bc9661fde16df4d77bb726a79668725936a2af73309581e7dae10f162b839426e6513bedc254b588a1815c8e88a5d780289a386b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
cea60fdb0697e1f8c6206216d33eb87d

SHA1
882df71da3bbfd886234d5c8875651fed2ebb371

SHA256
2e0347216724b5b9d588241463bde38ccedf549fd0402b89f2f427dd4b147d9a

SHA512
750b4a5b4b21f8c3a0cea981b4ec8918e5f97c7008fafef8030cef026fdd13341289a2e274f435da37084102e41c8f8d9987023065a81fbe4f00391f3edbf4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
f6de5014079fd840cbc042d4816355d6

SHA1
74bf8deade7292fb32f78d5509a95a3f103f87a0

SHA256
4209911fe99a769ca2b1873be4bbddfede0a55d7002bd6710912dc4c4824f762

SHA512
f74c9b407abcefca81e539d1f7d922cd16b4e40623660d0e4d81af6bd150725a22729c74540fa94cac5ac5bbcd7b0d90322d9662de0d6b5ddc1a2007382e385e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
daa6948a37ac312342600f2b96db15ea

SHA1
0bfa2e04bf51480baf1fc7e7819f65cd3b0c90ba

SHA256
de7cf820e8eb0aa51d82aff3a848fd853dfa878674cc67094aee0ac115c85fee

SHA512
5af3ceb0a4c56b767792ad349b83a179191d9fe6dca8e3795cb48edb87ae6a8b89e51a64ebedd68857c674befd71dc1664a2e8380ac21abacc9566329d8c2e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
a1cbc8600fb0e0b668df61bb5d1737f9

SHA1
65aaea9cf40ee7aafcf033f35980aac172b0a267

SHA256
b0324009cc7d496245d763710959284dbc9eb3c4aa93227cd6fa82772ff5a2bb

SHA512
c731cbc3fd2397fea0afdb98ad7e0a2624dfdd9da00da2032cbb425ff653291bd3e9290514d6aac2761923a055c0666b521a61524595c5ab1aa2b56ce18b2338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d10fc132975ae2e9699664fa02e3ecf7

SHA1
ccf665d3199157d3eedd6838400a0caabd814306

SHA256
73316b2c9255b2b5ce4b246d8b119ad916f4c2a442826e1554f9540b8b869dcf

SHA512
46349c3080e63f4a00f4b2628870a7758b1a143441a5abbbb652360cd2e77b4ed558a69c0f920c08e6134a820b20e695c9943654ba424fd4a519d0e1ab0486c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f73387e5cbe0e74dedd88fc05a7d9732

SHA1
20901f5ab23d5d6f3ac930cfa0af2c681e1f84ff

SHA256
6b4534878ca023181e632e052ac606581e5d0e68f0a8c4f349a044ee9fd69472

SHA512
631d06d14d4d87096acb977b56c72d34c2d3bcaa1935fccb404f8c2335282353a15986b309a1263e4719fa742aebcf328c8b5cd4ec00e695b2a52b6b68a69377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa285124362e299df601a862a438fac2

SHA1
bc6b5bee4e8c75cfa37c7807fcf59eb753ac6e4e

SHA256
da553a65f42a356cc49d91f3754a1cfb9c3532b20fed23ceaf44b4d4275b6a5b

SHA512
c430ebeec190e631327e4e5434c9bbdeb78d63d76f43cc5b427249bd433d79a65aa63643385e676543d83e22fe259fd10ed884ab1a9246beaa1315086cd7a560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d257cd11-b570-4f48-8adc-37db3c04c96f.tmp

Filesize
5KB

MD5
6fcf5cdf310595bbf7ed18f11fd8f1de

SHA1
a94b1a31280bbea09e9fe536cbd12accc51fa829

SHA256
270f1ce358b2b967e2b72c5b9e83645040d7d65556a9cffd9ba4ca6143800da3

SHA512
a9003e10cf0691e70e798a73a30ed88338fd4d62fd418b0d77b612f6e0b250e77ecde603a6c2b823cebf02fe079ff98de2bf082253afa6a0e10b2433834b9c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3344406b95ade25fdd80ab3e190b0af7

SHA1
8369389f71ad85514c874bf2492d43fd19f33ef0

SHA256
72006f092d60bca9a7ae1ec94676e39fcf4a8d515bfdd098876297f5ade2cbce

SHA512
3373d614de22cf56f83c8357a192cfd28a27bf2b215068b12a8e0c71b3a2d3c6607c6f79918067f2b88c8aaddb6dec5192bb83f3c7c157bdedc4b79f7a0c5656

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
d1868761bb2f2cf75714375727d6b59b

SHA1
3b3c586b4f059cf07c0dab934e875e458f43257d

SHA256
990daed78c88eda1b3c0f52b6466af56e3ca6503991102c03ba29ec02f657285

SHA512
ff4c1763f6108f61cd123cbf3f62d3104dd2c038640acf60c7de59c44589a0a1a74861fe367df8875a3758d08960b3ed51977a024e31a9c56a348dba1a33f5bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
bf0f409e5f0908f94f5ce9984430c5f8

SHA1
331db0ec419cd87334ce91ab01d7ace8d5e68d67

SHA256
f9280129637ed1e3336029c21a43fe9fb33b7fda1eceb8e79cd3992ad33cc6c8

SHA512
6d8899620f1adde676e7fa6783493c366292eed63ce4ded27a0cbb15634cb232a768b08f8626dbc7ebe281f4d233657bc894363ace1f7c4431be4e6182ba926d

Download Submit
C:\Users\Admin\AppData\Local\Temp\8155.tmp\8156.tmp\8157.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
7KB

MD5
45fb6c1895fe941ee5aa9f9806a96cb7

SHA1
f6b27c2c9332a16c4fd628f4d0fb11ae22f066c7

SHA256
aa1231b4fa7c1f810958a695644be40d95134ddf91d81580b728147313706e6a

SHA512
a241d9d793678bdad598145e197ac7e086df99e1b88ef9629ebe3be078e5f6d9b8673723fdb12f06a851934f9b9c671f7be7326756b7674f0b001e85180cf2f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
1f20770c1b42a72d87363955d24fbb91

SHA1
b03eea3c020a253745143dc1d3c8720906d646e6

SHA256
5a35e55c94a88b9827b39a03e28b5e29f0a30a342b3357b40c1b0498bfe046d5

SHA512
452857b845edd6111ace2bf2831ad1d19b48144f27f6280774b39b2c36ee2a48af32de81e1db3807d8760685429cc714c0e4f4fad5bc21150af0d23c38f60fc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
2896f4e86931a3c3de5acb299be05061

SHA1
1f338ff6c5a44a795e65395318201c44dca1af26

SHA256
e21437df7aaed5834ea872939d3f7d059497ecaa9b626d289371ef047104a26e

SHA512
df69f7eb11b306fd613d8d26bf3be05a2ab3ed5ece2ec9850f03433a953af88fa69acd44196452e10b4e12f801657ee5f467d4cea738ad9982302a92d660bf93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
485226b8b41e2fc14e995793a1b69841

SHA1
df715f468a8e0a2d963cdb475b18a5c79821dced

SHA256
276efb5666e1863b339cc6543bc5a8118b092d5714f0311e6145d68c9637d838

SHA512
b72dcd07b87501516f047ff235df10b3f38dc6acad3d43e71c656590cbcaf9dd4435a521ee944e682fd9a08b8892aaeda27a669977d08c7b786808e38740cf92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
396d9a2e3a54a2f0b46bcbd6b86ef7e3

SHA1
901abd4217615cc667b132055423644da58afe4d

SHA256
c4160d4af4a464730f57203c345c1509ab28d15a80da109c97bda5a9d2f50541

SHA512
73409e3ca9fc061caae11c8f04438c0e253193f46d78cf27c1f5ecf50f4da31128065a4795497c77ec98606119b2a571bc12f4485dbdba3d1585fe18066c85e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
36e4e3dd61480b2020db40fe1f4b68f7

SHA1
790320d2cb42e1d0a15f809a8f729b216e349b9d

SHA256
e239563ebd3787aef02d2be0d2900aa62450b377985472a8fa76ac1bdca11ccd

SHA512
dae419e0b86c13872db0f8c6fa29a47586bf95bd92db12c6ed62bed1a3c3efc1408f6eba98d027a2f48205a02708dbaec77ea07e210584a53ab5cac87ad79770

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\3dbd685b-b1d9-4813-b684-9ee76f3033e7

Filesize
982B

MD5
ceebea5faa69eced6352190f35a92bac

SHA1
9716180155b1a5644f7993e3349b1a3fc7156fbf

SHA256
cb7f629a0660830b220a14f39b7bf25cb638c4d82c23182029986ea22a39ef60

SHA512
1899673902d76e468b624acaad0ee2a98a4900484f20d782eafb36e892af98745064b786cd6b08b0a476da6b1228963427e0771146c05261910b5f75b7442b23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\fc0aee4c-d94b-4f49-961d-499c70dd92a3

Filesize
659B

MD5
1ac180a54daf746d6a5c3b6c7d2411a4

SHA1
004529b5823050c5d652a64a7002035d07dbade1

SHA256
0efc25031842a56530da50b84f346e00898f1eb6f71d8b9b7ace1a5c3b0764b7

SHA512
33c5c1eea1b1d0796c0247db828420df7c840ade70a93216165db298c3cdc2afc8e0276dbaf1c53edb11498cec315412299e76fb86405ef374f03efaef78f6fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
81e918afaeb3119e95b47267af55cd3d

SHA1
697c7b83486c7c0223e42dc3d1be59e903ed45b9

SHA256
5b52bfdcc2806bcc54bbe9e9f350995fb996ea676c5fadd7f1c74c704fc47f7c

SHA512
4805d73b440c5bbd19cd4c35806dad2dea1e403f6fb5c961b424d0837a75df6c71e219e40d503dc90ab2cd46cd49f3f86ea66d9c5b8c652c22b4f83cb7eac592

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
12KB

MD5
6d117c60cfddd1a4adcb30ee3a35a0b5

SHA1
05ac52e21b91db93c549a85ffda580e88285e63b

SHA256
d6d122da998d8c2a9cc70e13d7ff90dd8ec28598e12b79391d483ff35359e4a9

SHA512
09411753af7841db8c808ac1ad652143c72c73c64d207f07f409dbdaaa395dab326befafe4fc1fbacc60969d21156f5a1074911d6b8f65fb350eaf99b17519e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
16KB

MD5
30b17699c68fb27d88e607157bef5f03

SHA1
649f908b23602d123de88d385b7112bd2da7c630

SHA256
d412828a32a80f25e6a55cc257629ec1d1437a8fec571c0debfba9cafffc7b52

SHA512
74d845e4227d1d6159fc39e6c7a2d186c1149ba9f9b99adf60ed6f3a499b3d39589884e61e24cf1fe6e8b7b0d52766921f398aabffd302a13241aa328f17adf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
ea0bdefbdffbd65ee62dec07274aba46

SHA1
80452142c7e6466b6e46f15c77b2c8e8ab1a0e93

SHA256
3f6d0e88c0a481029dbb44401ca2248e76edc0db40859278127c608f44f8b006

SHA512
14b407521d9058cc9066a462051eac2cc502a5f5e86dbc6be8d83aad5ec832238add0466286e2f53e361ad0d5f1a05273df6b147a0f9bed78fc7db030017d790

Download Submit