b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe
Size

89KB
MD5

0fe037b7319582dee5ae75eb5d272603
SHA1

beddf2471511b2371bd4fc3eafda812aa5a5f2d2
SHA256

b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57
SHA512

f2695a55c405a534851d299133486cf142579b4fe14359bf69231bd716bb166980992cd96af463a9da6d0103eba275958683e67a401f61802bd85c6d9e8df010
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfYxRYwVL3Oq:Hq6+ouCpk2mpcWJ0r+QNTBfY0wl1

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133665765221515037"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
3344	msedge.exe
3344	msedge.exe
392	chrome.exe
392	chrome.exe
6444	chrome.exe
6444	chrome.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
6444	chrome.exe
6444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
392	chrome.exe
392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeDebugPrivilege	1116	firefox.exe
Token: SeDebugPrivilege	1116	firefox.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe
Token: SeShutdownPrivilege	392	chrome.exe
Token: SeCreatePagefilePrivilege	392	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
1116	firefox.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1116	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 5076	1880	b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe	87
PID 1880 wrote to memory of 5076	1880	b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe	87
PID 5076 wrote to memory of 392	5076	cmd.exe	90
PID 5076 wrote to memory of 392	5076	cmd.exe	90
PID 5076 wrote to memory of 3344	5076	cmd.exe	91
PID 5076 wrote to memory of 3344	5076	cmd.exe	91
PID 5076 wrote to memory of 3132	5076	cmd.exe	92
PID 5076 wrote to memory of 3132	5076	cmd.exe	92
PID 392 wrote to memory of 2776	392	chrome.exe	93
PID 392 wrote to memory of 2776	392	chrome.exe	93
PID 3344 wrote to memory of 1052	3344	msedge.exe	94
PID 3344 wrote to memory of 1052	3344	msedge.exe	94
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 3132 wrote to memory of 1116	3132	firefox.exe	95
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96
PID 1116 wrote to memory of 4712	1116	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe
"C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5A8.tmp\5A9.tmp\5AA.bat C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:392
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8d910cc40,0x7ff8d910cc4c,0x7ff8d910cc58
      4⤵
      PID:2776
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1352,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1844 /prefetch:2
      4⤵
      PID:2456
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      PID:5092
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2272 /prefetch:8
      4⤵
      PID:4036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:5324
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
      4⤵
      PID:5408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:8
      4⤵
      PID:5764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4816 /prefetch:8
      4⤵
      PID:5904
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4680,i,10138138912909308412,880558817673010976,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4648 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8d8fc46f8,0x7ff8d8fc4708,0x7ff8d8fc4718
      4⤵
      PID:1052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
      4⤵
      PID:4520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      PID:2672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      PID:3308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
      4⤵
      PID:1428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10667073165878062856,18253803431419297113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3560 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1116
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1848 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a502f1-45a3-4734-a88b-0aa2e68bfcaf} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" gpu
        5⤵
        
        PID:4712
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {100b2747-c585-4afb-ba9c-78797e757bf3} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" socket
        5⤵
        
        PID:1280
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984b049e-db99-4dd2-8a4c-bb37935edf09} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" tab
        5⤵
        
        PID:3948
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3736 -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f7eaeb1-ac62-4e93-b091-807b40c67062} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" tab
        5⤵
        
        PID:5184
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4560 -prefMapHandle 4624 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {616d0f1b-c219-48a8-b63b-65c01d12c4ec} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" utility
        5⤵
        Checks processor information in registry
        
        PID:6108
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5240 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66eab921-1394-464f-a1bf-e753bf9510a0} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" tab
        5⤵
        
        PID:5936
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {749f59b7-21c5-490e-831f-c75b6fbb5625} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" tab
        5⤵
        
        PID:6032
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbb9d86b-1fcb-49de-b3ea-a704a8b17df1} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" tab
        5⤵
        
        PID:6000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5456

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 7a2f1a41740add4ee8d8f282c2e99d1a pOgKlkiK6k2+PQxt7PMvww.0.1.0.0.0
1⤵
PID:5764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3fac1e456e6d1823a4a08d5d32e7d289

SHA1
4314d1a3f1914bb9501eb9172d80f2f3701f35b0

SHA256
954d729b6349af25d9de249f64739bc5cb0bd3fbabbb9b20f9c351aecd82fca3

SHA512
e43c0320ac438867ac6a7758f282db5c8987199cd240b6b68a9ea23f6c8ec29802274f8e834796e479ebd9eeba2e21a0824381f2f65997d8e082dbe1ae1a878a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f5654873055e2d9a2269084f870e205b

SHA1
78af2ff52f55beeee911e31a7c3fd081b0c274df

SHA256
84c0bd1f4094d8bae69409d5f1ab2e77ea9d636a34b2dcab421b3dcd35658ce4

SHA512
cb3f64a18e2cdc38ef5e6bb98a79228274964e23e650d84d6654dbbfb3606db4c7a952841007fa9bc8844be5d6f3707c054574c7f7e65c8625d5c794a7d7e08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
30ccbe4abda64cc3e1b903cfd96a556b

SHA1
556034a7c4b970c66551162b098370797e602637

SHA256
da77e2bb7b4a31d33f7c082e9d2d8d7e9ee28a79092e498c8d0712dce217b969

SHA512
929c5f776bab02750ac20998a31a89cb52731ae5e3554d6f3006e253ba89add93ad8106bd9c5aab9724b1668f7d32d33dcdacabcd266268ec1798090b819addc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
548a95ce7514928f868d54c7f889b689

SHA1
b79f6e8ed25d11eab1585f21f74915ecfcac5c7c

SHA256
de73e0dba8fb7ba74622e1cfd104959e8129c4fd1d309ae43ccedf7de12c67e8

SHA512
ea43d9d64454d19f59a80e19084afe399141030e09b3b50d7b738abdb3a6af307bc97931cb5193bce1f6c9a88241b162f0c7e6d3236fbcd9841bf3e5892b65c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f5b3d40528808bf146abb316b0a5701

SHA1
e81107f3afc0d4774c4f20f0dc92a1437e01f5c0

SHA256
e528cd0fde5c55c926252f8c434469ce8e1bf4af85cdc256c3308b9d78477a69

SHA512
c62bb1288d5cdc8575e8d8258c9cef86889fea00abd71334cd10120a835364121cbd753405b144e7d7aed209accc379be8c9806f475028ba65f1d517c1025c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a00afafcee5b7546d5ef76ab6c08587

SHA1
58eb135cef468a035344b56467b1fd7192fdc787

SHA256
7180cb72adb107900e2d55566f8bf8592cfd4c79c47b16dc804efd6b860d844a

SHA512
e567c7fd2146081b5f569de75ec4c585d4bff8f058bbca9402ed1c1cbe4e7e7f92d1d4ef07cbeb08e7f72d30f3bf56bd9e7ed1219f5273c892a6f7831bc08c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abccb2d4f9e12d86e9739a9642a3bcd1

SHA1
33d94ced3d9243dad4469d59d21c834557b5729d

SHA256
925b7e0b23e950718f34249283a259281213b437a4382a6189f5ea6b70acf3e2

SHA512
7ae8dd9c78113880c7d99a9cc347a9c43f5d050dc7456345ca8ed2b8820dd70137b4e730d3a46907d12175dd72f6b6ada2bc5a8e295a9d07781f3556324e77d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
087757be34380de105226bb6b5018611

SHA1
ce3fa66f6cde2bb71fb49fccb1fbbf51e96b8c88

SHA256
6672f3a5aca100d434fcf80300eae7ca57ae303b737fe3e6023254ebab188021

SHA512
83abe431aaec2feb2871941acf206b0650fbd67d4459491c35c78fcf5148cc6119f2044c0ab29b391b8f58a7f295447e8afdc363cc7d7fa68c01b2f36ee4a753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0062f0ea1231550d6541e686e39fd87

SHA1
385c44340d6b901de4159f53b11245b023ddf2ff

SHA256
7f6ab1405af2e937afbc4debdc848e152dc1f9456da7e07854090e98af454d78

SHA512
d541cdef8b3f8efffbba4a4bc875c9795980335b05983987fe9c4e73a71aa707e319c80da8be0c89a8a136c131616b38399da4440ce877ed356a6889657dd711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7102e5710a7e0a5af44cf65534eb6a19

SHA1
e774cf9f1685b90e3e6b293b2272760b2744047b

SHA256
5408e6d82fbd8962ffc35ce457479b9b85b031f5001974e8cc0e357495cc155d

SHA512
951cb178cdfa443c0c91aac513f92652f0d32ecf74d16101fc744526949c182b4b804aba90d16ae051c00513443c5ba1be7b174d31ba84b2eabc4b2ac9177b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd2ff069086758e4af6b3a9572065d2a

SHA1
906fa758dd545eb0aacbf8a16793445d954ca51f

SHA256
658ed87acc99ecf945c3b2b7e6de1b7f57f18f7dfad943415137a1b1f0f344fd

SHA512
6bdbcec2b8bea346b690508b54253aeb4fad06a7835598a69110119026ab6daa9e7f6b7a0452bc35fc48b8d10e60afd164a54d2b2a21e3bbc27a0b95bd28c6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ac8fda92ef9e3705c47fbb6ec9e45f4

SHA1
1ce843fc5ba006a234711cc26d2ba0df05bf442d

SHA256
79b9bea88fb0314a7cc90039c369a9eed0d33bd5cae238eda0220f8d6776408f

SHA512
cbdc5382f7771319ebef70c47d9af70f9d45c9df63f2b83c9ca70abdcaecdd7ee56535956c89585cf75396def4484e30def6e053f90033452d14e4a7228cc3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05551cf040d1326622877be07bd1fefc

SHA1
282d36dba945c321d35475c45484d91c03c7c727

SHA256
2f4a62950fec988d9c2eb840939914fd747c0136931941ff59fe4faf9e100847

SHA512
e377c494d9662ef62b2907894b9230446d8807b4bd5598d4eded734ab9a6bae60d6c063be90d55694fa096e9dbd9efeae07723a3a473960be614cb196c1bfa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf86322ec48dd1b4cbf59f0d7655a284

SHA1
a3786ccff5c867d6970a5d5cfaa2bd7fc1a44f46

SHA256
1173475128efb1f6595832b0bb8159eff3bdcd6a81e50984bb2f431efe572a73

SHA512
7ae27c2f6af4d673670f2cee2393ef198ff0ae32333c110e310b7f02220327fcd3b7aeb5203cb07246d0c5ce3d604791923cce06a15e6f1d12a2e6a493e281ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
6be5a2de001bddefb0891465ba48d4c0

SHA1
d7e7eb0179aee2d57ee4513d51f0f6c3194cc681

SHA256
c28af23aba3c4e1914ffd4413115b1e5a5a12b0847a984a6b9d0ec2ddaf319c7

SHA512
30da641e5dd56bfd41ecef96407491920258b5a43a57aefba64511da816b249e03481991e92bc1e488970a80d0a36c30a745388e20ed6be869c1c0d709df7d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
962578884ddddfa32702a7087c3e82e8

SHA1
cf5be886aeed4e3e1f22dfdf9bad1ef2d1b478f6

SHA256
035dd9bb88673795a2246d69ab13254e687d2020115f9fe1eea8f75dd3b78688

SHA512
170e1c252f9add47dcaaa8b8fc2ef7a9bb64d9b4c49adcd890b318fb72ad38d37bf4d1ba1b1f0300efa8ebd2f7ac22b5f3ba06ff207f98ab1b830ed3320ff100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3f6bab80-70b9-4f01-a47d-72d6975e3259.tmp

Filesize
1KB

MD5
e576b44b872b27c16f43feac791e3be9

SHA1
d0f9f317a03bcb8daf80eeafb0bc85eeb55e4067

SHA256
60e3432a1c5c26a378ec3c291f7dbe6e6d9a5203f1fe0f8cead55a4872b66998

SHA512
79b5545928fdaec00898826e96821a788770613000770f579d90f9d6481664dff734d4355547d4716193b240fcad3caa6c636b4ea5df599034ba4f9fd973407e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
a1cbc8600fb0e0b668df61bb5d1737f9

SHA1
65aaea9cf40ee7aafcf033f35980aac172b0a267

SHA256
b0324009cc7d496245d763710959284dbc9eb3c4aa93227cd6fa82772ff5a2bb

SHA512
c731cbc3fd2397fea0afdb98ad7e0a2624dfdd9da00da2032cbb425ff653291bd3e9290514d6aac2761923a055c0666b521a61524595c5ab1aa2b56ce18b2338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
71072983c81e76fb756b9a201f88d35d

SHA1
c3ad7c9b00970a475507454789621a620e02e6fc

SHA256
e58ec57fc6d4ebbabc9a628d7d4b083995fd3da76b4ac2ee517f8a06504c5161

SHA512
ecb5ac96d393481b6cc18e207c4ce50ffba62967167bb5b57df927e6a2ec95cd0f931cd67abc48545ad9e50cccbdc3b17d84095c20fcb3f1bc39f4395aecf114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13615cf401f1184b0bd5b947514fc002

SHA1
9cf52d3e8125b155cf65cb74b374997d54fa22e6

SHA256
10930c7cff4143b29cdb0164d791d62f43eefc17097c385d85d18ec8564c9e36

SHA512
69b0ccc71e692b2d6efa5ab1aa0706ca45d17020c83c1b0013facf8e0da5e47ef71ba462b1c51f00467a21b5ef6bac66c628faed45d49be8a8b4b0de7542c017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c7d94a4551d6a2ea49e1e9f6ebc2d46

SHA1
75499c56c0a469ec33321829970374fb0a15e233

SHA256
63c920d4dac00c9173b02bcd15b163bea5ec2e1f1dac91eb49427dd6f6444fec

SHA512
1878592e1e1a9382f163564c2a500716b2c25e34f963ba086ac3b9730d55ae5f663f8c3dd5662e18b18b05bc9ddbcd364259b5f1c5531935beead7194f38c759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7616d025a82c1c098925410d7926ecb

SHA1
ad056cdc45a2a9977c97dfe48f965201c6d69d4a

SHA256
808f9e35655a62cac7285a5d8af2a1507530deaba4d1c503608853a7356e6007

SHA512
0b225cd04c1fbbc4a75a1f2a313f18b8e81b79b8274a723f2ba4876149d0af21862dd5edb1d039f81bae6869327b54ef5b1c61a3a77c09c6fa7ca00e19d14b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
99ba58e2270a3a395395a4703add2b4a

SHA1
7972c2a26e5193adcf4604cc64c7714a712ae1f7

SHA256
c6880512782d7de23e5e86b3fb4a93117ca5c47bde393acf293a8cc9438b9bb6

SHA512
b1e3b2fa89d6aa0fc6efd5770ed384e268512f47e84fc70af5b84df0347c206a83b69866100b167f1bc680142e5c19a491557e38d5a7815ba5cba2d7a63b9000

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
56da7ef9901d365600c1bfe60a17e816

SHA1
1eeeb8a7c8ee0639910777683cdbfad1b9f942e2

SHA256
5ccfa604ad623964c869fb920212d4838e1b394bbfb21760af63a8b48b7d6d91

SHA512
b5195d94a7a8b794b10d82425390360089327ca7dac48a62046ee084fd8cdf9f6149c2c48e246addbe956413dd6e60e4ab25d9f8cb595f84571205bb718cf798

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
662468fe74514f1336a5826a4ba7195f

SHA1
9644e6bc2ea2c7823873b9a9d0411d4b2428c56b

SHA256
60c1eb995a1d8f5712c8ffc34180b2daf08eedfb66d60d97a18810caef24775a

SHA512
630d3391a16bdc58347b2cbecb47bd5997f3a289007a8dc900fd8ff7fee1508f807d4702c02e7094e73adb556ac4d12f3a951b1c2cc070be1a2f749c70da8863

Download Submit
C:\Users\Admin\AppData\Local\Temp\5A8.tmp\5A9.tmp\5AA.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
17KB

MD5
b878510abe23a2335650a1907d615482

SHA1
18f0e541c52af669b586504ac3ee0117e92c0806

SHA256
e0a3a7dd3c49aa094889b800ffac8b880dd3d70559783ac2b1f1d3d5f270b388

SHA512
9b5aa473456b6ea9780ed1074171cac8bc1e4983a5b9e47fc61b69285c1e6b87fa2c13f49d03ab27481f5a4fb6090f0aec517b34c0f78c0a63da2597fc02e198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
8KB

MD5
5aa33852b7d3c6e1ba47fb4a7eeb0ddc

SHA1
87781104d68976f78045682416c39de0ada02c12

SHA256
027dda26686cb77b43a963a869f37c85bda2b892270c852cbf72a397d596bf71

SHA512
375a758dc735f71e65431fd3b07db733ab200a388d1cae0022cf99f033c66affb2754f0a2f6ef30e954d9b3b3ea660cf2fd4b63dae8a05f68930c48b51e2e366

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c8bc988392fbba805e19e379a5e168f3

SHA1
18ca9cde04db17ca8ed0b61661b98fae34914b0f

SHA256
4206c03ed8bd3a4e581a39dd3d4e04e8bb9aed47b85a8f8954c5b9011131e191

SHA512
fd8c76f50d6f20fca67f7599a95f8f049b55bf61a139c31c6581337cd24e36e9570a8a00a930445c163c6a88d792ea44f9ef369d756233e64cf3014e9bd4f172

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
2c528df3beebf7e79bcb9a9f38b47bd0

SHA1
7535bf90138c3200a6ed9d1153a113e307df9779

SHA256
30cdfcfd5e9e1fe050577abc9a467e72aa43aa03b807a590e19fb4bd216691e8

SHA512
a0b7a4ba037af25ae90f4b2589d5c88097fbf82d1bdac5455bdb602df5b3ea922b17406465a885294dc2da97cb9612918e0d7e76562304169a19db795bb98e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\387eaad6-ca58-4aee-9d40-ccea04cc6725

Filesize
982B

MD5
0c3af4875c031ba4c8032d99b5438009

SHA1
39d7a92fffa42f17001da8561ab6a9a4d2413482

SHA256
cb5f12e8ddf747df41c4a1909f3ab39d5d1a11e4e757841f9e2627fe43653b70

SHA512
b7b3e303a73c9f8c8c8917c0b949b8db4d696daa0470a1d4062da30e6c23dbec7701bfc9b8b4e2cd364ca74e887fe4b9e93893e49f54919cb52db1ac4d4f4e00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\455a36e8-63a5-448c-9d8b-cc2def05064b

Filesize
26KB

MD5
26761ab89b3cabe91f4afe34bac35cea

SHA1
ede3550658e27d8d2e9be973012a9d7bdb95921c

SHA256
700f74a4cddd13cad4e0b79fb573b136c777004d5636b42b7bacda34a49790fb

SHA512
035d6dd6a9b8e664eb79159e84758d79d8b4f5fe7b24e0b247f0630df338783a0c463778fcda7d2d6f7f675fa32bb1065a57827d259e1bf50501dad707a5e846

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\51b51e1d-e996-402a-96f5-3c257bea8380

Filesize
671B

MD5
6ca5f15fce807305d5be459e98b2260e

SHA1
bfc17e0bc2dd963b32da5165df6ad161b1c223d3

SHA256
9fd39a98a5ed9b2b4c7c01526c1939a3d8bcbb9e107810a4d21dd2265eb6f54a

SHA512
626c7eef17312b798752b8ff151e37633d7cf3c256e7bd8bfe4781d5695ccb6590bd06ee5b9a7777f68ca33d4e8114e7df9d4dd5b0ac3a7fcaff3032ca1687a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
11KB

MD5
c84ab8b8ec0f1a1a8afefccdfc8cd397

SHA1
5a6110d50b7cb460cb4ffd5d6c7acf51946e5c89

SHA256
50a17004282e867561d092a0f82857e2cd3a872c8a632037be5cec8d64cfb5d4

SHA512
6982559cea1a4d0d14be3c290eea5698e41a580eab8bd902dd3619be77ea0f0328f0eb69c3536a72c55c063029bbf596f5d23dd791c35163aabf0da62588e625

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
12KB

MD5
9d5c17ecc65b6a4d21a1ad984f58be45

SHA1
be88f786a6dadf4ebb154613c28fffae6b672281

SHA256
3d19e568a7899a5a6d4a34938d0a98a8e8f7afe89371536e93cb995cc5c65ebe

SHA512
bcdf6b91ab3d13cc6642f8a8f414a737f77084e5ffb59fb2428321e334f59e2f4b76356a2dd3648aa48e92f7c6391ca74c5a389519876d3937975b0199660f0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
14KB

MD5
69ff0b7df78e6dffd44b7a83c73d9aa4

SHA1
3a41e777e9d0ebd511b29c1ccbbfed544933b866

SHA256
e9c81783300215e8afc9d42403d43cd1551f3aecd075ca17f59b93a9d18613ef

SHA512
d6afca287a2d22724aa4e8cc66f16409be23b4ff4c604ee8f9ad50aab983fd0aa6964952c5eebf297e5103767c34451a9137cb32217ad54fd73e30709a8b1a1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
8KB

MD5
ddef0ff28794b329ae70fae73160ace5

SHA1
aedc0372db6ea5b5479c3f5658f65a3f458b0660

SHA256
d853838b7d77de433a4541eff2e7c83b864b0a07da7958d52263567ca2b89965

SHA512
4f04a3bb641decf27a8887537e93b6061e76a654ca7e5af3aa35206e5779c061e8456eb0183ef03d1b8fc7b352f866d65304037bf28f4a2b00e0537c7999d071

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d139b279ec235f398367671de45c6e91

SHA1
86564be2bd99fcd32266e8eba8ec370377256fb0

SHA256
230b46d169df01551f34118ca120c4a29c4469a00aaa440928456f73b5df1cdf

SHA512
14d8c2e8800a7b5e7d5e582d552cabef2f39eb91011a8a7db3d8d3be0fb78fe3a1bd932b091065b743159535e8f0216d7016b90cdbcefe3c4705393c5e7f1873

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
9b41f2025b08739db4c7c3ada473f8d6

SHA1
30461641e65d9da09c07086ec31da4d5094bc19a

SHA256
1116f86c6a52a691991ff8a3658e2b403cb04a1cfda970065ed9641a82830083

SHA512
14fa97f1c237c3c0d0831d80a61f8e9276e88fc5eaadf9786b5fe3f21bff81d6a97010099794d74e34de23ce3ae5c4f378ed6b011259050ca7b3551510785672

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
987951692b6dfcae97f98ceae73c49ec

SHA1
5b49702311b19a2e4d3f980c96dfd8cfff23142b

SHA256
b7e658f293fb6a696e9df29f7521137fce6fa0b533e3aa316b0417999c95b56b

SHA512
a2aabf858cecd48828c8842129fb67e9e796c45a0df53899d34beba91774ecd3cfd1000c5122496cb4112cf3ae1dbcc5d09986ddcf24ecd0e7216ca10a224a0d

Download Submit