Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-07-2024 17:54
Static task
static1
Behavioral task
behavioral1
Sample
b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe
Resource
win11-20240709-en
General
-
Target
b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe
-
Size
89KB
-
MD5
0fe037b7319582dee5ae75eb5d272603
-
SHA1
beddf2471511b2371bd4fc3eafda812aa5a5f2d2
-
SHA256
b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57
-
SHA512
f2695a55c405a534851d299133486cf142579b4fe14359bf69231bd716bb166980992cd96af463a9da6d0103eba275958683e67a401f61802bd85c6d9e8df010
-
SSDEEP
1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfYxRYwVL3Oq:Hq6+ouCpk2mpcWJ0r+QNTBfY0wl1
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 2120 msedge.exe 2120 msedge.exe 4416 msedge.exe 4416 msedge.exe 4068 chrome.exe 4068 chrome.exe 4824 msedge.exe 4824 msedge.exe 5556 identity_helper.exe 5556 identity_helper.exe 644 chrome.exe 644 chrome.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 644 chrome.exe 644 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4416 msedge.exe 4416 msedge.exe 4068 chrome.exe 4068 chrome.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeDebugPrivilege 920 firefox.exe Token: SeDebugPrivilege 920 firefox.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe Token: SeShutdownPrivilege 4068 chrome.exe Token: SeCreatePagefilePrivilege 4068 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe 920 firefox.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe 4068 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 920 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4936 wrote to memory of 3204 4936 b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe 81 PID 4936 wrote to memory of 3204 4936 b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe 81 PID 3204 wrote to memory of 4068 3204 cmd.exe 86 PID 3204 wrote to memory of 4068 3204 cmd.exe 86 PID 3204 wrote to memory of 4416 3204 cmd.exe 87 PID 3204 wrote to memory of 4416 3204 cmd.exe 87 PID 3204 wrote to memory of 1252 3204 cmd.exe 88 PID 3204 wrote to memory of 1252 3204 cmd.exe 88 PID 4068 wrote to memory of 4988 4068 chrome.exe 89 PID 4068 wrote to memory of 4988 4068 chrome.exe 89 PID 4416 wrote to memory of 2484 4416 msedge.exe 90 PID 4416 wrote to memory of 2484 4416 msedge.exe 90 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 1252 wrote to memory of 920 1252 firefox.exe 91 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 PID 920 wrote to memory of 3380 920 firefox.exe 92 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe"C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DE0C.tmp\DE0D.tmp\DE1D.bat C:\Users\Admin\AppData\Local\Temp\b6c483b6adf9a022edf135ee22b8b10ea09daa5b2ba2bc22e7820b2e06defb57.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"3⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb0fd1cc40,0x7ffb0fd1cc4c,0x7ffb0fd1cc584⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1820 /prefetch:24⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:34⤵PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2156 /prefetch:84⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3100 /prefetch:14⤵PID:1900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3164 /prefetch:14⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3532,i,16009670703255335292,15335557544187100539,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4228 /prefetch:84⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:644
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffb0fbd3cb8,0x7ffb0fbd3cc8,0x7ffb0fbd3cd84⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:24⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:84⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:14⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:14⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:14⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:14⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:14⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:14⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:14⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15270031605791310277,16614768368623833447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2632 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:780
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"3⤵
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account4⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:920 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25673 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ad17085-44bd-4843-81c9-0c763dbccbe4} 920 "\\.\pipe\gecko-crash-server-pipe.920" gpu5⤵PID:3380
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 26593 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8227c07-0cf9-4116-8520-cbdc64ba296e} 920 "\\.\pipe\gecko-crash-server-pipe.920" socket5⤵PID:4288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3096 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85f34fb6-9c18-4af2-9377-273bd7a79e10} 920 "\\.\pipe\gecko-crash-server-pipe.920" tab5⤵PID:2164
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 31083 -prefMapSize 244628 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b521c8a8-5732-452c-8bce-916f647fa876} 920 "\\.\pipe\gecko-crash-server-pipe.920" tab5⤵PID:5284
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4208 -prefMapHandle 4192 -prefsLen 31083 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f11a25-7c89-459e-afb4-15f3c7e16414} 920 "\\.\pipe\gecko-crash-server-pipe.920" utility5⤵
- Checks processor information in registry
PID:5836
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 3 -isForBrowser -prefsHandle 5584 -prefMapHandle 5576 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58105f64-66a3-4d4a-a02a-f38d831a35e5} 920 "\\.\pipe\gecko-crash-server-pipe.920" tab5⤵PID:5368
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5744 -prefMapHandle 5504 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d86f549d-18e2-4a50-8164-ce5da3664efb} 920 "\\.\pipe\gecko-crash-server-pipe.920" tab5⤵PID:5512
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5920 -childID 5 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40e1b5ab-89ba-45ed-8219-0f813531f8d9} 920 "\\.\pipe\gecko-crash-server-pipe.920" tab5⤵PID:5492
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1168
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
264B
MD512dfab9f59fc294c130e3054aa1a28ef
SHA1ba120f84001cb6a554d9822edc8cd2b4f898c501
SHA256e065735eb621d2da1a978d71e4c737930716f9b9aaeead735b7c1c7d453cc737
SHA512ae3d92b714cebe5e21f478b8321a2436417632f4c9fe7cb88282a17c2bb99ff20edf21c93427c9e7ee3bf12d4838fe7b04729cc4f4c59802718420a042f9f6b5
-
Filesize
1KB
MD5a111b50534f0a63611ef1a9c3887ae50
SHA1cac82789a5c16a4a0aae97ab21a0c9635ec7f15f
SHA256a5c58a4b45369cfc3b1c693c027adf17e19a63b001b0f4ca9eee9a7bc8e7c659
SHA51226cc5f164572bf275b7ad57d46e6c0f2c515a8e5f709f8e1b7820dc07489e61bfefb8a76aa252b3a2c0a8a1b09368014119a2fa962b208852bf4685ae5c18e43
-
Filesize
3KB
MD597ee1621f266a4d41c5de62da7f44976
SHA15d46ef5b534ea6f24266a78d51943117e67036e5
SHA2568609ffbd1cad73b9fb8761c20782769da2ac8ec7521f15024fb48df67b2c12f7
SHA512008019636b7e5d88e84d2d2ba889a5e2d03587f0156abfd052eb52f6df69e2eeb6506832587b90bf85ad17b46c8aba965c6b4c5fec9f1b81ec21cf702d829610
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
520B
MD5499a9600b24e0803d046c284940e0f84
SHA1fe48dd84a4c9da50bb3a2d78309d1e91172e2c83
SHA25656ca9951cd048962fb14d5e5b08cd3f16ad5108dae36a9a36fe7cb41ceea8c63
SHA512cfbf1644cc28ac7a8f528c318899e6131b1ea99a0f04dc14b39e4d3bdaa2ded931068a2367caa07c665373dca841da3d1486efa94a0df8680077d3b6d320ba50
-
Filesize
9KB
MD5eb17002802a874d4885e9ea08372c104
SHA1f2b8f3945b2d0308911878ea6cb2f49abb210751
SHA256f17b7fede6fee8004173a811ca70fbc52a7f16d61218b7bd96a4d04fc7abecdd
SHA512194b95bf75e122e6f12314ea3e21ed55a9945f45734a2f59de9d62f66c75f8151ed9c1073722eb2ceb6e62b0ce36506a55e5d508cf98fc7b46af3222b881ae3b
-
Filesize
9KB
MD50b0a498d7177a381b012702dc83e4103
SHA15218ef03d79bb030480128e518100a32955c655b
SHA2564fe539536334abd4907d5c89f9f6632143cdf2a36b5083da26421477b10f5381
SHA512aeac8c4526964a7ed31fb73e03f1839c30118976cffcf4a71a0c6b0c145329aea9b9d2009cf7c5db98fb9ba7f899978d23c08ec76a5ce4da60baba5c89fac228
-
Filesize
9KB
MD52a7595ecaafba61d4bc09dbd1c9bc671
SHA1ad395cba4b3de1a36b4af3b428a90e52d29d099c
SHA2564437003c7457eabbc070e98007a776f2ef7fa362dd5a91ee368edc6ff0922a31
SHA5120fd798e8ceba410da72df2cda2ca57ff8b8133ee8245efc91334a1f7bcf572b45d9f1cd7c46bd5465fbbb4f98a590dd61fb59ce345e8397d728bf27748ab5693
-
Filesize
9KB
MD577be96843d1cafee6eb810835bd5bc04
SHA1aa2ab052dc9d96fed39360c297c9e490e5e6c94e
SHA2562c1f2a917a49884a06921180557b61ecaf242f1ce97622f4e5b6f9dc89abd9dc
SHA512a3f9de341f2e0b73c1a13d076456f349c4c3f9e17546ec94896714559132f8cff1374ee5a66fdf24680c7ecffd15b512f2a94a84d8484a982a493a59a59fe6eb
-
Filesize
9KB
MD599e8664aa9d9eec46ed0690cce26e404
SHA1e67ad4453e553cae5394c6e593032c42dd1bebb9
SHA2566cf50c9c046e5bd3c8a86c14ca1443cb5023587527a7de1e20023f6e36696d4c
SHA51222e387cc6bcab3397e8d659b22659b0e6f25c57b4fbc82be43cf80ac64e3ac8a2e2b5f6df282e69d3054751cc7fe6f0d8ae58d9e52ca929c56a6308789be3d55
-
Filesize
9KB
MD5f314cb11892598f5fd6aa1eccf13afcb
SHA1a829a75f2a1498a7cce118785a8d63052b9da31a
SHA2567c181703f0ce1ae7e41b13a35073ffc97c150acf8ba76e798cb4bc1727cbf42e
SHA5122942011c797b2ffc3285e9c980c100f73a82ad3d0dcc967f7251c739f1f872c754796027bdd6c92b1196512260cf9223f0844c2e3f71c638cf7bd9f85322fd37
-
Filesize
9KB
MD5a7015e941253204d990bc1add36476d2
SHA11cb2d9b8f8b4fc07eafb1880d6ec91d80b0f92d8
SHA2562d8fa3a87e4e04f8830c7b4822142b4954577dd104d15f334fd752b953b4836c
SHA512bdea93fe59e6089d0f1e400d908b6ee4fc8025c0900ba8c8e656e579799f94c1d376bbe5a9d4103dec9c4a33887518e007bc541d13eace87122f49360e8870c0
-
Filesize
9KB
MD592b7f2891d78f5386ddf4af03a5b9d1d
SHA1180488c9fd5bba6a3c1b8fa86fcf9727f146870e
SHA25650e6ad68e170c4fe5378f2311fc10df1c8895a65d58b8f62a956da717dc7bd47
SHA5122d752424350e6a1e046d81f579f20580fadb01e610c4ae695b0e2059b42f3b9fbe33cd7b633281376ba2191494e60be184d54ace0418473ffcd555fcdee44333
-
Filesize
9KB
MD513db1bcfd5aec6d9d856b83a14375457
SHA1562ace1e705828aaad4638a4344884b19e417ce2
SHA2562597860a5e749fa0336ecb5cec218956574a01fe109cba37691568bdf9023c12
SHA51200784472d64c0a4c81ae1b973de19ecde0413ee9102c938d15fc804bebaba6a9d9111ef81ef2c1c6ce7d46585980521fc8eb49e60422f8a4cf68634446927f5d
-
Filesize
9KB
MD56eb635244080e3d174867881e9c6a064
SHA12880094bb98abf6e22db186b956430cf7faefc4d
SHA2563b9be0ea5bb58497111f77984caacaea92f0b36c56838bb205545807ab27a229
SHA512714096e343895b3a66ffd34b1b24987d1f57e50d2d38d36ec78e31e487718bc6f27b48a1b0997922d45fe2c2ceee00a85e48e9ff2bb96ac0bae3fe095f4cb95a
-
Filesize
92KB
MD52f9430ed5d25801234abe49224a3e548
SHA1e7f14c9dc3cc04e48bebfc033f962b0763751c43
SHA25669f33930c9174eb482c64023abcb968a35e6b95c62191cb2e1cc3d24075b6a3f
SHA512a6c9748371ca6ccc35e76e7e9652c8621b041571145648915eeee21578555d131d4dfd662a8ed94883baffa0ba5fe251e715111a2bf0d1cecf50059595e3d94d
-
Filesize
92KB
MD5986b1cf48ea2e0e863ee2bcdc9ba5155
SHA1b8e4d435a45369f6377d98f6d2acbd062398b4fe
SHA25688c798da21efa78c0d647292eb4c75106ef0cd8b5e719d9f2372273d0dc6bf12
SHA512dc715f8327cba9541b3754e54cd95b680efb38f3e3d76ba4666222265be452ca1e8f7950554e3d52e87ad920aea269a30c856a9b9c7141ebbe8628061f77edcf
-
Filesize
152B
MD5c1ff2a88b65e524450bf7c721960d7db
SHA1382c798fcd7782c424d93262d79e625fcb5f84aa
SHA2562d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409
SHA512f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3
-
Filesize
152B
MD5562b59fd3a3527ef4e850775b15d0836
SHA1ffd14d901f78138fc2eece97c5e258b251bc6752
SHA2560a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430
SHA512ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2
-
Filesize
33KB
MD5daa6948a37ac312342600f2b96db15ea
SHA10bfa2e04bf51480baf1fc7e7819f65cd3b0c90ba
SHA256de7cf820e8eb0aa51d82aff3a848fd853dfa878674cc67094aee0ac115c85fee
SHA5125af3ceb0a4c56b767792ad349b83a179191d9fe6dca8e3795cb48edb87ae6a8b89e51a64ebedd68857c674befd71dc1664a2e8380ac21abacc9566329d8c2e14
-
Filesize
38KB
MD5a1cbc8600fb0e0b668df61bb5d1737f9
SHA165aaea9cf40ee7aafcf033f35980aac172b0a267
SHA256b0324009cc7d496245d763710959284dbc9eb3c4aa93227cd6fa82772ff5a2bb
SHA512c731cbc3fd2397fea0afdb98ad7e0a2624dfdd9da00da2032cbb425ff653291bd3e9290514d6aac2761923a055c0666b521a61524595c5ab1aa2b56ce18b2338
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5bfc8168a665c8cda3b1e0c3ab15e743d
SHA19cf2bd5b3104edc6aad1b4c24923e035ee6c4114
SHA256d1c4ff827a77fe00d3f182a01c85977c41d9ce2114c44647166eccf32a9c1201
SHA5122157d8b0f648fe3a8d909837f79bb83bf17a0dc6d10e23dedd9bbf3140b7c3fe608b49d3d3e5e001167c789fa12d6cf96c1d4d1cdc498589f9cea198c99a3290
-
Filesize
1KB
MD5932d2fc0d8a52154ad74bd5a80965bce
SHA11c4344b886dd53f3a5eff07bda30e95eeeb34b1c
SHA256ae6b81c84a5dc82b349fe18aca73f8deb1f133545befc84cc0048d592fc11162
SHA51288e124b65724affcfd334c06be87df6412747dacbd31cbbfb8417c624306aeb9c02e465bb8f0dbb55ba3c3d0caaebf702708a04ca608ed18ea1f8941f3c56fd4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5c311df99135ec3f18fba2e61715cbd80
SHA1c5aff7daa1acfd9b74a494acb5c6f5fc337c9af0
SHA25699def6f3321ba4f6e0c1b5b118f7a0e3d355915880ae66dfea698fcd70b12b16
SHA51208e58bbf1d8301b6ca3112cc3787c2476292f7e864357557e6f84c6c5a3a962a18ccaddd0bee97ee1beabd3aeadaf336296aa438b298c5e2d7eef2c02f44a6d6
-
Filesize
6KB
MD5bc3a37ff64116e468ceff26876485f35
SHA1dbdddb7fb938034c702420c1f3b67f5679438bb9
SHA2561363c1db7ee74aa9537748ed662695fcc826aafa9ebc3f7125de3be2a6a633c3
SHA51205e840bbb2d36702bd1ae597b5868371421b2a4c1749b51a65c2b6e4cdfae7f90d9546e40ff73a68b6e1e78578de9492344885e79be4404ba9efab6d5aec4361
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD501c782d9c33184c761d68d7794754bdf
SHA1405bb8f9ff1f55771336821393e1bc50f0b19b65
SHA256c1be8fd08bfdb6fabb901922d5dbf5d73e4e2a7ce8e708eafe6bd37797806397
SHA5127df7bc5a1e0302db0aca1a2b7ec2958e78002355eca4f5aeb14c22ad86871c5b41c58aa9b34fcc13b8a295f2bbc715aa4f1b8f86ed34f18a66729361dfd5c966
-
Filesize
10KB
MD5a428931f03978e6a8e140c89af2f1213
SHA1ed88900181306a423845b11f6e16c1969888459b
SHA256abbb6d65e23a675ce37e27a743ec3bff96fd645debb23784ad1b233a05969593
SHA5122a38cfc12cf8304bdc7c55f078f0a869786ca05e7c2db17559c21f7c67e55caaaf1cae94940ac6c812011e9192661c1dc590f9093fad619a8a2006ce45ae1b2c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\activity-stream.discovery_stream.json
Filesize30KB
MD5c63bfd5c262d90070447d9720441093a
SHA1fba65aec5e43c1b19566c298795934f3d26e3820
SHA25619bab08d17acf74d3017eafb72eeb792b458371a7f1a4c6905cc9ccefdec67c7
SHA512a14044425eac0d5d80e70310cb4a7e5db837b517d618e6b69d6869b62aff3b09429f9b8919e0f5e916a543391ffd29d5478eaa88757b6a93e22da42c518cd158
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
Filesize13KB
MD55bc1bf6aa2a3a5846994ca7bcb0300db
SHA1868c6de9ee252b92c4a9efe6f6ff63df174f0876
SHA256dfa5d7b14e79b90d4030300f779ee241bf82a32daff258f3c3e7f61952d06f74
SHA5120673be3e03a970ae8a849a2b8d65c749afc2c72bf8d79344f1141207f3b5b24b210090806b90a9751bdad98d09f208ae44bdf989b1926ce303a1f2d97a90a8f4
-
Filesize
2KB
MD5de9423d9c334ba3dba7dc874aa7dbc28
SHA1bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA51263f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin
Filesize10KB
MD5cdd1943771c043369e468eceed1c659e
SHA1d7e01c990154940a6f3cd812031ba8a685deb4fd
SHA2564bf484c6171c58892e3f869ca8d1725a0e93be62271c2e7690220d5637496be3
SHA5124b94325751ecf5019d8ca0b73dde77beee659a3377f451d7cf5222bcb294f8c12cf137261c497213d6fd03d244a88dede194f30fedf72696ddf7ebf06cdcb3b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin
Filesize16KB
MD5e830336005ab5860ef05c7eebcae5811
SHA11a3cd58b62ecbda6e187411306d35d64017de822
SHA25652f683d63c5d88b241941364313ca6484ca762da1e9d94a8bc8e1988fdc91859
SHA512ddf51c6bb7059a0f5b629cb5173ad68b61ad052eeef6e70f0d2ec16996f3884d5bdecd43a72b5ce11f6b5ded526ad42b141c19af3670ed79515788d89cd13c14
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp
Filesize15KB
MD5d71884099e52389fd50b1539404c6d7c
SHA1b440ea059598252b5c841679addaae0b63ac4d9d
SHA256691212a48bd9ef6c79698b50ed2942cb402793e3f45ce31c1e4bdfa4faba4eca
SHA5125488f3871ecf9ba893092ccee226db97462874721300618d94901dc13a2652bc28b93582f8d56f567e63939bc30a4d71366139218e2f970761e7274f9d70a7d1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5aef7300a551c4f420cd9be93c76a2d98
SHA10b3e325634a545b957dc4782a24b6a9ae4a4b649
SHA256985e7a5554a28f20c4caa23c8ede4873858b2ab2a6e38fab00b41d953ee0681d
SHA5122d776ab07a4b2638a8d1b272ca3799b3687c0c13fbdd3f1cb2df4d2f348113455790b7f7bde5b69c58355ab752eaa6e9b9df9c4bd002c0f7d77f123481f2f257
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\6366c464-0978-4111-b736-94715bcb4859
Filesize26KB
MD56c3b460910b703298deb4592d2175c89
SHA11e29c2e7643218e51430e35839d8291c5af0d7ae
SHA256eee28384fd3068ce009747d90c842adf865ef9de2ad78858abc9c3fe98eaec8b
SHA512a01ee7419ad3ef6fa4968e886dd3ae12b3db0f37c96c3cdad5dff1a0fa7b75bcd5993f62aa95a2126953a5ca4b9ae68d73bd322bf1b53783123929e6fc3be8c3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\6f3fca8f-9859-46e3-958f-e217507a1183
Filesize671B
MD5ed9c98e0ea28d502829dfd561b5099c7
SHA10717a1485d58c758068693009d6b35bca752a0eb
SHA256f4a8dbf0013edbe34ea09f71f8903aaeb4f4f8f566247b1d115735de1668e038
SHA512755536fdbe81ef8faabc61e34f74e73ff563834a0ac834fd271dd7915da2a3eabdd90661d3d150086496b02082fae3bc01f8d7e2d521feea610a163d2abe46a4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\8772a696-e245-4dfd-8420-e5ce8fa7a739
Filesize982B
MD558bdfd5035d83da9838b578652783473
SHA1751ebfe21397e416dff75b7dbea822ad10fb7785
SHA2561ec4684ef4ff505715a9eda71f2759effedff2e984ac4d838e105f5a69b2a365
SHA512288f18a800cfa3eaf057a4d17d0cf3e8118e6d1119985f0a231b28bdc92cbfb81dc1310c8f5ebf779c06b78271f00c87b25722bce3cfad12dd42daffb3ddb9d0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5d4010e1244fe15fd4a6139415036540c
SHA198967bddff149078b4eddf81c4fcb87398af952a
SHA256fccbd3ea41fc9c7de9eec48806b7ad59e9bfe7c413ff1e1614db248481a9b588
SHA5122de1bbe3e3d7b2ace180815f2b3f29360ca90d9d25d18dbb00d075decd2d9b95080d2d19fff1f93f052b46e395c6644fbcddcc20cc71e5a992bf24ddea244630
-
Filesize
12KB
MD5cf6bbc63806dc9a9eb9927965dd279b1
SHA1cca23caa5736effcc1b488c9fad7a84aa5a35c67
SHA2566778663beeb8c6b1abed58da5d0ebb71bf09dc692106944262d884869dbd4982
SHA512580b209c3a9816a13c57d63986ba8c4f0588fe5a4d8e87c8ba1bc8268246f77a98e48db6d05b8b1c534db1c3a188150579afba0317914a18167caffebc7d4fec
-
Filesize
15KB
MD5f694ea7bd4f2a901d9d541ea11ae8249
SHA180c283c3325817d7a3eb5125d2e5ddd4985e9bee
SHA256149f09941287d49fe34ad41318a919e5ca3267e9e93806e05aaefa228e4c2c05
SHA5121f8f522bf9f7e0db16df2d2bc31bf438d8f363815255ed16f9be62773bb14d0cdfb4d052d2c7e4b6564c6a207cdd23a3d514646b83cbe6ce19f160e03c1fa482
-
Filesize
8KB
MD55a9fb9f3b383c51f13a1a442865dc128
SHA11bd235a7c8503cdf2520a87ed6738a98c0637f1b
SHA256e16cc6571091ce886f04658d2ed47758723620f0c3dcc1cfaab7a240db8663c2
SHA512aebfe1212752b606bcc1d340b90c318a821218450d27d731a7b443a90774fb73ec351b4072f9e0aa564d4ed7b3cec2aa79c5e4c8d59fb8c14328606a6855d8c9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize2.2MB
MD54f74efc21efb6f885a5a5359c14e57ba
SHA1bdad711e839e5752d2aed76618f5f5e2b2d155c4
SHA2563fb22619f3a6f5d6d1aa5ba857ac217471b87339cdd46e94325fb50609291a7d
SHA512bdb2d797c88a32b8cd4c891fc9560d8cad6eccca4cba800963c7a7a2a5a1c3f00a886505db68d546c76bc960290c2e37e4aa886d2635215567f03dbb80bb4ec8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize2.2MB
MD5d7093c089468cf743099ea97acac5a6e
SHA12283945711f3290382daab0db8e4cd328286234b
SHA256b57643788497fd216c203affe94b86ea1ef0e5161a04ae87375ba2226e242f85
SHA51239821b71d4cbc24e4ed159646018d9f66e3ff151482b303f781ade889aacc8c6f4875fa3104f347be2607ac032c3aa8626fca92c482720ead89a095da2796d0d