Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/08/2024, 22:02

General

  • Target

    7ebe73969ad2d1ef48410c2dcf7f93b1da22f168c2b133e9b3f2cabb2546a8cc.exe

  • Size

    89KB

  • MD5

    dc68f223abc843178d0043140b28deca

  • SHA1

    322d60b1bafdd005c18dfa1503eedd1dfc5066d1

  • SHA256

    7ebe73969ad2d1ef48410c2dcf7f93b1da22f168c2b133e9b3f2cabb2546a8cc

  • SHA512

    bc9a9cac0a626a50e144f8ba25c643c567e19742be00108d88f9bd686fd441b69d03f480e08b5acd024ae6dc7975ac33f197aac9964f8929098be07c52ac1828

  • SSDEEP

    1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfQxcSO+:Hq6+ouCpk2mpcWJ0r+QNTBfQB

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ebe73969ad2d1ef48410c2dcf7f93b1da22f168c2b133e9b3f2cabb2546a8cc.exe
    "C:\Users\Admin\AppData\Local\Temp\7ebe73969ad2d1ef48410c2dcf7f93b1da22f168c2b133e9b3f2cabb2546a8cc.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3792
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\827E.tmp\827F.tmp\8280.bat C:\Users\Admin\AppData\Local\Temp\7ebe73969ad2d1ef48410c2dcf7f93b1da22f168c2b133e9b3f2cabb2546a8cc.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4416
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
        3⤵
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3864
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff99675cc40,0x7ff99675cc4c,0x7ff99675cc58
          4⤵
            PID:1872
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1872 /prefetch:2
            4⤵
              PID:1892
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1388,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2132 /prefetch:3
              4⤵
                PID:4684
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2376 /prefetch:8
                4⤵
                  PID:4732
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3092 /prefetch:1
                  4⤵
                    PID:5112
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
                    4⤵
                      PID:3740
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3580,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3588 /prefetch:8
                      4⤵
                        PID:5492
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4568 /prefetch:1
                        4⤵
                          PID:6060
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3788,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3520 /prefetch:8
                          4⤵
                            PID:5500
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3596,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:8
                            4⤵
                            • Modifies registry class
                            PID:5512
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5068,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5080 /prefetch:8
                            4⤵
                              PID:5920
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4508 /prefetch:8
                              4⤵
                                PID:6652
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5084,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4544 /prefetch:8
                                4⤵
                                  PID:6656
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5224,i,3184817108288266440,14161580025733357274,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5228 /prefetch:8
                                  4⤵
                                  • Drops file in System32 directory
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5956
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
                                3⤵
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of WriteProcessMemory
                                PID:4776
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff994263cb8,0x7ff994263cc8,0x7ff994263cd8
                                  4⤵
                                    PID:8
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
                                    4⤵
                                      PID:1564
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2044
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
                                      4⤵
                                        PID:3912
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
                                        4⤵
                                          PID:1056
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                                          4⤵
                                            PID:1084
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
                                            4⤵
                                              PID:6296
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
                                              4⤵
                                                PID:6304
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
                                                4⤵
                                                  PID:6680
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                                                  4⤵
                                                    PID:6688
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:7080
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:6160
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13747398166278316763,9085662688089667359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2116 /prefetch:2
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:6304
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
                                                  3⤵
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:488
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                    4⤵
                                                    • Checks processor information in registry
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:4840
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1908 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f1f15a-9cfa-4dc1-8488-d5b5d52a6e65} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" gpu
                                                      5⤵
                                                        PID:2188
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93202b77-96b3-4783-bef7-5eaf74595804} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" socket
                                                        5⤵
                                                          PID:1472
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3260 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b94d2000-00ab-4b6b-bddf-a40fdd9099aa} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                          5⤵
                                                            PID:3680
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3212 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76cde10b-d4f2-486e-ae62-9f5303b31b7b} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                            5⤵
                                                              PID:5148
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4272 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3708 -prefMapHandle 4300 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4e6cbfc-dbaa-4bbd-98c2-4ba4ff13f16a} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" utility
                                                              5⤵
                                                              • Checks processor information in registry
                                                              PID:5700
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b65c675-5223-4d6f-bb35-ef225dc45777} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                              5⤵
                                                                PID:5884
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54bbaea0-2a92-4969-b73c-a3a3cddad347} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                                5⤵
                                                                  PID:5900
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5844 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83912b3-6647-46ce-8756-e917a800c13e} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                                  5⤵
                                                                    PID:5944
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 6 -isForBrowser -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1172 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7cae6c-566d-4a92-b4ba-b19104b0ad7f} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
                                                                    5⤵
                                                                      PID:6244
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:2324
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:3792
                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                  1⤵
                                                                    PID:4416
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                    1⤵
                                                                      PID:6184

                                                                    Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                            Filesize

                                                                            64KB

                                                                            MD5

                                                                            b5ad5caaaee00cb8cf445427975ae66c

                                                                            SHA1

                                                                            dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                            SHA256

                                                                            b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                            SHA512

                                                                            92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                            Filesize

                                                                            4B

                                                                            MD5

                                                                            f49655f856acb8884cc0ace29216f511

                                                                            SHA1

                                                                            cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                            SHA256

                                                                            7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                            SHA512

                                                                            599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                            Filesize

                                                                            1008B

                                                                            MD5

                                                                            d222b77a61527f2c177b0869e7babc24

                                                                            SHA1

                                                                            3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                            SHA256

                                                                            80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                            SHA512

                                                                            d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                            Filesize

                                                                            649B

                                                                            MD5

                                                                            554bf50db8754fb3726abce6967dbf2d

                                                                            SHA1

                                                                            a56b52a76e87c8175c18dd51edb0af6002eef7fe

                                                                            SHA256

                                                                            99f447f99deb455e48fdd741644dd833085b2eb3c1479c1a8851848e3e9a8ea8

                                                                            SHA512

                                                                            c75a944d18b4fdbb6bce3d6154e5609cecdc859bc5d773ef0a34087f41e7b0d8686342052113807068e4b5e2094e6b5894ef4b7f40e6c450d6ac6cfec42e7c09

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            384B

                                                                            MD5

                                                                            eeddfb9e210595de8e83db224734dc3f

                                                                            SHA1

                                                                            35c188684beaa2a1610a756fd8d9eae3faf385d8

                                                                            SHA256

                                                                            de6a5e672d84ff5c051cba633d17a4f4d3b9d2068227d704562191967518afee

                                                                            SHA512

                                                                            9007d18b1a99134b279ceae323d14545b49f89351ca301c85361a1f879be2fda4b2bd531a3e34b1bb8095103ce77937f608ae0746cefe6c642af658bd8ee52f3

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            33e9669fd7575796d49d20b17ae868b2

                                                                            SHA1

                                                                            c5da686579e4de9a1c971a907ae938e6606752f7

                                                                            SHA256

                                                                            a7aafe3da840e3ecfe54948d3b270bb3ee115d4171ae115c57309e35407fc6b0

                                                                            SHA512

                                                                            3ebd0440532fc3c940b9bcff79d8cdf88c2fc700dd5cac3ad21c5174b4a50e8d8f63b2f5f6d917a5253203e058146dbb254843efbda51f46b4274bc927d57812

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            75fb0110ad783787e8a0d60ee9c2b367

                                                                            SHA1

                                                                            13703ea2c911a0574ceabc3f168bbba80371a623

                                                                            SHA256

                                                                            dfdd45a70bf73b63862394dc93f536985c7412b639d89905e72d1e3451f12e3e

                                                                            SHA512

                                                                            0851d99748da015ace18d9f0143885d55aedfffa9f027f51384882734254f1f75999258bffb9b8bf3955b480e9b7db1cd5e28611fe20152430d0c5ce197fb95a

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            d751713988987e9331980363e24189ce

                                                                            SHA1

                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                            SHA256

                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                            SHA512

                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            356B

                                                                            MD5

                                                                            4dbdb0aa3d6a73d0c5d17c58fd338c2c

                                                                            SHA1

                                                                            84d5f09a4dd646e3b309313ccd0081bc8dfa443e

                                                                            SHA256

                                                                            2d37c136b37f693828c018a54f386d964b5e50310888a3897a5c8d57c8527dc4

                                                                            SHA512

                                                                            99cf5a81472c841d02ef01e8795bc384c08caa2a0c19a3ac164693e0140977da769838edd1ef81aa01e44c731f7e543ed9cbe9f81458ba085b391f74390ccd71

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            356B

                                                                            MD5

                                                                            0e8b187d15416a0afc2a61fc4800129f

                                                                            SHA1

                                                                            6576c4a7a9d1296d8d8d3250cc82337e6f29aabc

                                                                            SHA256

                                                                            73e5ef36d6868f5f541b65ccc908a34a240c012f9a28eb394ca69fd95118f21b

                                                                            SHA512

                                                                            42309dc8562da7b89edb3778ea2e66824d2c802939aca80be6ebc679fca57a8c4f0531dd607584b49a408645d5655b4a7d1a62a03a15b29cae5a116ae7a776b1

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            9c9335cdfd31287c93a79dced3f99a34

                                                                            SHA1

                                                                            c8a9e2e09dbd292289a63d824a0b179b952e56e2

                                                                            SHA256

                                                                            3cb12163fff82357c3f434dc87e305ae7bccdd7470b0091ac11e45cefdd6f543

                                                                            SHA512

                                                                            d8089a1869cf3ea0429283a8402a08ab68d872b449eb239af7fb1387d595ec5eec04d9ba2467fb6fc931796aac15ec7d1082d8c565ed07ac2a7d0460f1fc29d8

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            27fabb316a4c9fee5725467fa332da6f

                                                                            SHA1

                                                                            592fe4b3412c09db59cf464d2bde458fe2945637

                                                                            SHA256

                                                                            2f3deca91247b7be1bb31ff135ba37649e2326f2ee3e16b19b6bcca05afc87f6

                                                                            SHA512

                                                                            7f445b5fee04933751e8c92fcff380e036e934258ac374c0d5327c521a420d4cdcf2d4b33b0bd31422a0438349dabac3e761e933a93625311fb45b309a991fea

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            e408079d14b4a78a98edaf538b9e0b3d

                                                                            SHA1

                                                                            01544063245866ae20eae0d57d17a2004cf6f43d

                                                                            SHA256

                                                                            e7fbbf099bc9797b99775c6419b660bef615166838dbf9ab1beb42b112042c8f

                                                                            SHA512

                                                                            1e0a9dcf91e4a66d7fcfc430730daef174f6d3c67cec7e493c9af0ec7d00338bc8f4f7db35042b849f84a1233e20ed13d026b89753bb5534f1b28741b2f2f95b

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            137fc58ec8c1bcbab5ba87f0088948b0

                                                                            SHA1

                                                                            2c457864be7c6aea6b319650b31f9c233ea4c217

                                                                            SHA256

                                                                            a23e75bb7ebda6c92ec79417ee3e7776039692e6eec3d765a3a90cfec3326f5f

                                                                            SHA512

                                                                            8b9c745f481f00aa459f193d933972fca6cecd3ec98260fbdef194ec239d9076f5af6b0ccf0ab8dfaa14b6712748d5bb226039af89683906790ee8cca71053ba

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            2a42f273dcb0df7bc984bbaaa9fff201

                                                                            SHA1

                                                                            58067a949b597372f9dde441b65726dde58e9e6b

                                                                            SHA256

                                                                            59effc83cbf2e5c8029bbeaf7c2675e405894fb2223af18e07520b0f6bccdf4d

                                                                            SHA512

                                                                            498d363765e946fb8173e7cf7d3eff119d451ffa11a2474324f2a09b18ec9112acc3d835f696c19b936621aef5498325694e2f970f8db4ca3407957837f724ec

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            9e71bd120fbce047ad401fe5084cb792

                                                                            SHA1

                                                                            3cd232217d521508e1192a4f47cbb546c3f87380

                                                                            SHA256

                                                                            78239ac43a9a0af6a35631b1908235a616b05f45cbc5b8c03ab0270178122bde

                                                                            SHA512

                                                                            17446b59f60db108ba3443028d4f9de9608e55ea6bb1186de2a504bd93b5775f02125c979aade61752c790b46cfe2903f41581f709d62e749dff5539cf98b5ad

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            998179c628c3194ec6efecb7ac5543a6

                                                                            SHA1

                                                                            2751fb91f47c7e59a2121c61ed24f737aa16d14c

                                                                            SHA256

                                                                            fd65c07cc0c20d0075f8ce255b6cc6310d27957b25b9953376888539b906117c

                                                                            SHA512

                                                                            04e5ed28e7b5e7183db2c30d48c637146bc6a317d6c6c4c5b3c0b2e9626b1626475e76c2f066838bceb55eca7d36cba249316ea0fca80c4b329ec2146a0f7b62

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            f971b349df0f948426d6e61098aa4fd5

                                                                            SHA1

                                                                            33817809f49582e2241f063e20811cdbb1bb4afd

                                                                            SHA256

                                                                            f9cee61782374e28b43a1d37c0e3637fee7a910508d95b0728fab71c1352daf2

                                                                            SHA512

                                                                            02bf19ba0d2f8fc19288fc508d349a823f19c95ff785ea0d492af34655eb14ffaa2f3e2109e886e9e2fa72b09285fd73e685ba25242d860e3e57c5a8d107f7dc

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            890e505960ecf04c44dd4042843a07fa

                                                                            SHA1

                                                                            1f5a30b65a236689ceab9a8723fb3abc7c43426e

                                                                            SHA256

                                                                            d072c53c657184bd35bdea9691e80e3d50b3c4b93da8d3e7d1ae52963b3832a4

                                                                            SHA512

                                                                            7b3ee6e1502820a783ebb2d17dbd2b123b1b208d92e2fc9464f9ca3c9ff633601b7e48fe71cda36224a8079d97501e77a11e07750601aad4f8c52dfc9a8a5b3f

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            36f1e4662628f909f8ced62b74a519b8

                                                                            SHA1

                                                                            67ec493e50e77571a0bd11e6a67f21378d855076

                                                                            SHA256

                                                                            4c85767bb44840920494d77438fa55bdf201fe348a748bf8a270e0a3c4962484

                                                                            SHA512

                                                                            4b867eb8fe6a0929444cb26113f21596769df3e5dbfe72548b2c1bd630c6f76eb9407eafd56040726d0e0725bfee363cfe314c5db0c144cad9b8945a94267003

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            2a36cdd8f74cfbe80bb940d2da2a656f

                                                                            SHA1

                                                                            27c791b78694293138a93e7382fec3cb9b2f347c

                                                                            SHA256

                                                                            f80b6ee7231eac7d690deafce994841638e46bb6bc3fb326487ee28be51365f3

                                                                            SHA512

                                                                            067d2960d401f13e5ee169652cdf9c607a0b1f484bc9f1adca6c443d44199e69b0665f953b064e0c15ac769975cba83bd14c314cba8169f598d08ec0cb53e590

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            101KB

                                                                            MD5

                                                                            2157c7a720122b2a8c88a7525a7c231d

                                                                            SHA1

                                                                            c207155f129cfa9f9b9f5abc49d20fa4585d92ef

                                                                            SHA256

                                                                            efe5cf20ff1ec107c9997b5e223bf0823004c8c7b97949dd7d8e42ddc00c2514

                                                                            SHA512

                                                                            7c05a6ce57518db2e3efe31b4d72b03d5b59c4b0c4f9824c177ea0cf822ef6cca987f5568e154304a10a94d1f44609c80615284b250076f398bf2977d1883ce9

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            203KB

                                                                            MD5

                                                                            01bcd423851c0cfcb9a767097b95b0a5

                                                                            SHA1

                                                                            a4fc9104282222edd793a326b968cf2cf8830604

                                                                            SHA256

                                                                            8c6ab50828e229697647fdf14d11c5e5f83f72feeb931cfd5e4b34af32fb3ff3

                                                                            SHA512

                                                                            4e8e5e851fffba42e13c5e00127fcffcd32baf104abccb1e6decb4d89794086d81379388c55e0c633a88aa83376a921a9ba55c5af349af079e1c2dec09861e1b

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            203KB

                                                                            MD5

                                                                            5916244e82089800e86bc3006ad2d5d3

                                                                            SHA1

                                                                            1fdda7e5c634d247b73c33cf364e3443ea0cb38a

                                                                            SHA256

                                                                            96572fadd2e0787dac12701d280967b20f3fa569c2f2414727452b2314646608

                                                                            SHA512

                                                                            0bd0e22d8fbd92374c2e974aefafdff1f5e5ad635606c581818f040a5584010ebd0de34992ea445c46c95c1f0e6d7f6cd3eb1ca911e1dea4b87d6405533fce98

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            203KB

                                                                            MD5

                                                                            275ebcba9b801c1dd36eb169df31187f

                                                                            SHA1

                                                                            aa40a4d3323cdbaa20140c9edac2ebb55ff36c69

                                                                            SHA256

                                                                            ceb21fb06e06d49850ca6299becf22587a8335361c26f218c9fa0a85fe70bd5d

                                                                            SHA512

                                                                            332ce18ed112a8736d8be4b1c332e45da8fd685c984c328fb88b7f8978a76bc5cb9dddb5ffa2aecc855e18ba087446f6d149a7cfd7586968d4ea5aee98c55166

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            232KB

                                                                            MD5

                                                                            245c938dd059d15047f79c10d5357410

                                                                            SHA1

                                                                            baadb2f993104d46659871a98de58be29827af01

                                                                            SHA256

                                                                            be736ec5d0261920f75fb9d7ed5860928764e5f9a4b41b34281465e986ac2fbc

                                                                            SHA512

                                                                            937b1379f5a2fdf0ad451fb2c649f2daddd94404af180e7d2de9364d379fabbdb75030691dea8e549480d80f15bf2ed4541ee3c390c5a3bf12e7e453e59c026a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            4c3889d3f0d2246f800c495aec7c3f7c

                                                                            SHA1

                                                                            dd38e6bf74617bfcf9d6cceff2f746a094114220

                                                                            SHA256

                                                                            0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

                                                                            SHA512

                                                                            2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            c4a10f6df4922438ca68ada540730100

                                                                            SHA1

                                                                            4c7bfbe3e2358a28bf5b024c4be485fa6773629e

                                                                            SHA256

                                                                            f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

                                                                            SHA512

                                                                            b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            336B

                                                                            MD5

                                                                            2e29a5d559e1783e0857f9acc1bd4d21

                                                                            SHA1

                                                                            ec63aa47be4da4f06c75d344960458e334d1ba33

                                                                            SHA256

                                                                            be9b95d8f3914cb3db13c9dfb478fb5600aeadb9c2db062243974f14777bd820

                                                                            SHA512

                                                                            70f464aba2a010bbb8bd1d4392119b65d09cd5e5b4e2f7392addbf2824ba3a1c7041daf869a918bca9b502b89e8237a63c13e98eaf0fe73ab891e2e72f88febd

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            eb414bd641bbdcbb8dde8458dccf7469

                                                                            SHA1

                                                                            74fd479b02350c43f8ea6ac0ad74664f5f71d2df

                                                                            SHA256

                                                                            d70c7b8dd2d70f11da2fd3a8fae0a6e54d1421a5d66af2a235477acff19546bc

                                                                            SHA512

                                                                            ee82a66fd33c8a26420efd5e887b6ae4c23311c5b13209ccedec944e0d64312a978a333596f39b7aabf38d3fee5488d7f99b711f493c929a98f212fdc09b3bce

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            230001565338d42f6dbe9a483ff38eee

                                                                            SHA1

                                                                            318e843c8fcb71d8a72ce4852641cdf7d187f228

                                                                            SHA256

                                                                            887705a5604c6e837b63e6885151c8b24d175488191292b3852a5747c600ad6b

                                                                            SHA512

                                                                            d80bf7dda7ded91e24689cd19b51166352cd8e0d73748a78d0de33d633e402f8066e2d51f20236ec81c5efe96b57873ec49907c80234e2c7407a92f66f96fc6e

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            b18c949288ab2cd7e698d193be53d7f6

                                                                            SHA1

                                                                            afb594dad98dc4e9ed6b8c6300cc8382418ee71c

                                                                            SHA256

                                                                            d9f7726a75057ef66ff652e8c73a409121086b9d9033e0e229e163aad483e4a2

                                                                            SHA512

                                                                            461c9bac3ad78cc4a1a45892effd2948c517294cd162e6299758c1bf41f02fec5be1f7b1f436af26e9ad4ea281841771ab17fe0ac3c836f4876c76f4966842ab

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            27263626643a440266952da31ec5ae8d

                                                                            SHA1

                                                                            c9f014a71c0c75d3a8902805419cb284419b0617

                                                                            SHA256

                                                                            f4afa5fa9b5332601c074ea07a141eccd9d1b2e7006aeafbb6aab0f8edf7fb2c

                                                                            SHA512

                                                                            d956d9d29d9ca30104f1937ba9cc903eabc22d5b7bd138f9c22a91b2d6d40aebccd01b6d28f9b803a3c55a7630f0b493ea6dcec01af721c7e91c5afbc434a1fb

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            203B

                                                                            MD5

                                                                            d2a1b31fd67facad7dad57b846d0208b

                                                                            SHA1

                                                                            8004ad143feea550ad5cf62a2fca77ab3c3197ea

                                                                            SHA256

                                                                            a106b8c8cb4c77940bc99be28732a4357922c5574b2fb24bc27d08d9b6f248a7

                                                                            SHA512

                                                                            7d909eb191a019a445714f7fa7a447109ab962dedba60f551003ec398780cd87227ee4175601a4303ccdecd69bf891c648b301dc93c0763579c73267bff3a7a3

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            203B

                                                                            MD5

                                                                            e810f4062cf6c6b7574dfc3a35abc56f

                                                                            SHA1

                                                                            08c490416eb331005e5d4a51be89ae6cbe3b361f

                                                                            SHA256

                                                                            6b6acbe5281c407ee405effaa5f96d99b153a9b6efaf1574ea862f6ea27e9403

                                                                            SHA512

                                                                            b105469be617566ac1dde6c30fccf77cb98a81b78786d0e05e7fc062342aab6e6fad8860df339bd8867985859a2889350004cde676db9ebcde3378572e8cf64f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab6e.TMP

                                                                            Filesize

                                                                            203B

                                                                            MD5

                                                                            1154b041b8334654fd4ab6c8112c7755

                                                                            SHA1

                                                                            ad7af916c338b28d25cb3ea540cd8ca63c7b72ee

                                                                            SHA256

                                                                            7db15d321686f3526e0734ea12a2cda675a7e7137dd2c6001759d5f436144911

                                                                            SHA512

                                                                            03a22bdc334e2b89c3adef4ee3514f3170f291cf6189291bf8e0684caef49284d302d8e0d4050241a2800f14d77043d34837b6dc9bc06253aeabb65b5a111c81

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            d4c4d6e4222388a595e1d482384d91c8

                                                                            SHA1

                                                                            c9961a44141b6c2d391811c960f535e367e735a3

                                                                            SHA256

                                                                            deab6a7677f3f43a2a968b66e4d36232d154cebcec0528aa57fe07dc84c4c4a3

                                                                            SHA512

                                                                            5510e8114db7a49987169aef85a6494a150348b7ca319fe24e45dfff04ff0fb38c9bbdaa6683aa0f8c83a435a63a3992879b377a9a42d2693df03c118344789d

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            a8a9a9d423ab7730ac04437773b0beb7

                                                                            SHA1

                                                                            801c66390b1b11703055918a7e2ac8212da43d09

                                                                            SHA256

                                                                            6f585f2f092d9e56c383314273d9eacc60d8a9fe788db810f8fd7838a9c161c0

                                                                            SHA512

                                                                            7d01266709710bb53f0608feba17ba533bfc8f6639ed0f3f26794660f3cdb7f43d8e34a6e2721a83f62ad192a41106e6940238c37419546700ffee1a0e366968

                                                                          • C:\Users\Admin\AppData\Local\Temp\827E.tmp\827F.tmp\8280.bat

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            31c09b550c61042384ef240a1cd226df

                                                                            SHA1

                                                                            731fbe63179f646915f8fa37ca9f8c85fdb9b48a

                                                                            SHA256

                                                                            752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

                                                                            SHA512

                                                                            8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                            Filesize

                                                                            479KB

                                                                            MD5

                                                                            09372174e83dbbf696ee732fd2e875bb

                                                                            SHA1

                                                                            ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                            SHA256

                                                                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                            SHA512

                                                                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                            Filesize

                                                                            13.8MB

                                                                            MD5

                                                                            0a8747a2ac9ac08ae9508f36c6d75692

                                                                            SHA1

                                                                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                            SHA256

                                                                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                            SHA512

                                                                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            2b9d15d10894740ae199348496536eaf

                                                                            SHA1

                                                                            ba17a5016a2796ca6c927aee3cc5bcfd872506e4

                                                                            SHA256

                                                                            97c75f5a525f71bf73d74b1f1f14b8bdacfa86df156f53b8aa63ec6200edf6b0

                                                                            SHA512

                                                                            483b5e6eeb036b273d99818e96f28d1faada89e820e1c0d630dd6133b019550c70e4a4ad6515be82be7b1253fbb74a111001b50a09f279ad51eaf538759b4f6a

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            e7c4ff17c9c728a084671ca4249b8ed5

                                                                            SHA1

                                                                            eb95b051754f48ceb7a3aaadd62c3e8293fee656

                                                                            SHA256

                                                                            3a5ede77ab32d76140c8453e901023b6cc74745b36d71374e2c8461b3f41009d

                                                                            SHA512

                                                                            b8d273a03c3f58cd5f1737219d91a74a67ee79ac00a45d533ac5f700e88e1a393eee29637b2646d208fecfeb9397d6ddbee5d2f54b4f3362d250d1919647e04c

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            d49099c232fe926c002776e571c84183

                                                                            SHA1

                                                                            0392ed6e8b834bb1dde2ad8be27fd3f82dc75033

                                                                            SHA256

                                                                            24e5d200f01e305867e34a17af4bfa75e4117edf5d8fffa9fb3b77f207831614

                                                                            SHA512

                                                                            88b5106754572404f4c7f9b9758c8da903886bedf25423c95369bb2966303c7f0fd25cb445db60fe67b55df7b272470031d500b05e06b17dbce97b8af685452e

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            4d4c71ffbeba6dec165a42279c3d7ab3

                                                                            SHA1

                                                                            caf000cea704184784de74f66f5948b32fa8471a

                                                                            SHA256

                                                                            e030c8da55e2dcba70f74deb7db18f1866e07e334f776902013bd1400b312ebe

                                                                            SHA512

                                                                            5cde61b4ad6e4faa717ca40578a1bc55c5b25ab34da1533ff3f5a74fe2a311b79fbcab2193d1d6a12bdc978e4be239438edc9918ea4ffdc9b96b06312e2e9bca

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            0436e403352b37299980449731629123

                                                                            SHA1

                                                                            b5edee6f4426fb602e44bcae773d96944607e911

                                                                            SHA256

                                                                            11184141e0529cbd969f7511b6db32065b70d4824b388ddb3f0890844e9d51cf

                                                                            SHA512

                                                                            e05201391e492f0b15c1ded5f688401eb9adfbefe2ac377051d22a2f75f1e29f11c5a3343468e9767e2cfa4d456f37cb0dffee5412d17971152ac1df021b7393

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\6d48f7a9-0ab9-4a07-8d8b-9787d9b98d39

                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            cfb161b6f12fab52e6e425fb4b568f0f

                                                                            SHA1

                                                                            f798028ee012736ec6b0e34a49ceadae5ede3cba

                                                                            SHA256

                                                                            d5201c353de24d921268f921466be0c1d60e0e4adf8673ce96ba7658b0ca56a4

                                                                            SHA512

                                                                            72d4eb59fd543a0180a0ebac5173e56f39998da507368ff728ed306b1ff8ac2e699752036c9ec594d2543a803798159deba53a5b3d29fcb0e322c4202c5b2f4f

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\7b1a73b6-fe73-406a-99aa-b76a37a3a9d9

                                                                            Filesize

                                                                            671B

                                                                            MD5

                                                                            f726f9a1c6b62799a9a5668f7d259b63

                                                                            SHA1

                                                                            b94a17e5ca2d150df3c4acc81561ac6002e30dce

                                                                            SHA256

                                                                            8b5254812e9c1e947908eee3e825a9588b4c13363ede64674d5a0dc04793d839

                                                                            SHA512

                                                                            fcb4f7c4b704784f7590acfecd421f6dfc42d2e90860d116eb0052d00334a01b32402ba99dcf05427906a6ca62ef3cb721c9d34232529a0bf63328c154cbcc37

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\9e44777a-7f9f-43eb-b235-9147c6f39ef6

                                                                            Filesize

                                                                            982B

                                                                            MD5

                                                                            797c72775bf20268edd1248787f1b6d4

                                                                            SHA1

                                                                            64f5aef5ca386b90911d88e98ff1cddd85d7434f

                                                                            SHA256

                                                                            c5c6391430d9c305cd20b4484a14f0815ceb4c7abd49812a1c444503e1a4afe7

                                                                            SHA512

                                                                            758fcb0f0a18b011ed85ca359d1f8bf1ba59ce81eb686c122e27f39a03950cc6481d86c3b882a00ddd878241d034dbfbeb29c6807ea702313aff1ec006a195ea

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                            Filesize

                                                                            1.1MB

                                                                            MD5

                                                                            842039753bf41fa5e11b3a1383061a87

                                                                            SHA1

                                                                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                            SHA256

                                                                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                            SHA512

                                                                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                            Filesize

                                                                            116B

                                                                            MD5

                                                                            2a461e9eb87fd1955cea740a3444ee7a

                                                                            SHA1

                                                                            b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                            SHA256

                                                                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                            SHA512

                                                                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                            Filesize

                                                                            372B

                                                                            MD5

                                                                            bf957ad58b55f64219ab3f793e374316

                                                                            SHA1

                                                                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                            SHA256

                                                                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                            SHA512

                                                                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                            Filesize

                                                                            17.8MB

                                                                            MD5

                                                                            daf7ef3acccab478aaa7d6dc1c60f865

                                                                            SHA1

                                                                            f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                            SHA256

                                                                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                            SHA512

                                                                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            2e5859c2672e74289670b5183a9e321c

                                                                            SHA1

                                                                            7e76483942339577fcf2e0728c1c6d40b15e7482

                                                                            SHA256

                                                                            d6b2a7e761f4d8bbcb06b8680b73a57033af9d02561bae33fbb67991386a4b26

                                                                            SHA512

                                                                            520b4b07a6a1c864f52c99f0e230c66e7f243963a52a273d3e9b0d7a0f6410f39c9d7144cc11b46a3843c7c6b386937426b85008e19e645a9a944e50faed02e3

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

                                                                            Filesize

                                                                            16KB

                                                                            MD5

                                                                            2f79d77d471891d6e3f4239fe761da73

                                                                            SHA1

                                                                            cca362468caad28f79af43235233bbee5ba8201e

                                                                            SHA256

                                                                            30246e07aeb49b49780e9d42eded7177f10b947c8943330723f019d44332927e

                                                                            SHA512

                                                                            eff57003a64f7363a8a0d64a4994d3ea3fd8c9aa95c8ce4b9d7e31d680f6b465c60ba1e40f5e43325f6eeb732ecfddae3bf2705ae177889de35f52b93609258f

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            80ffdf61793a24417768d44780d2e623

                                                                            SHA1

                                                                            0c822b0bbeea7655812d2121f63350c389925846

                                                                            SHA256

                                                                            212a329e8ba515619ec6d0eac514447945f26a258aa80fb48a956d09c0b52544

                                                                            SHA512

                                                                            5484aa0f8fd9f1065b2a514b08c05287618d80630d8647be4a5e0ae16fd2d167af6d112ffdd5ae00f1240165491f8084c48c52a012ccf3407a14a748dd27a794

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            10e18b22f144635fb2f5ed7cef54ab1d

                                                                            SHA1

                                                                            be4a13b22e3ea1ed12e12c8dd3b2e020ba54420f

                                                                            SHA256

                                                                            139c92aefb9c206fb933241d53f50549a771a747c777dbe8bf6c5ddaa1e394af

                                                                            SHA512

                                                                            e6db793e77688a425c2ab395663ed093f7131f43407e52ab447ad39823f41d7c825b5460d2508a2ff0758319dfc1617270a62400652a94ad0e3f54af23255557

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                            Filesize

                                                                            1.5MB

                                                                            MD5

                                                                            730d90fee8498af458155fd7c0a3a1ea

                                                                            SHA1

                                                                            92dfa390e581a80b1e9f6732fdf526ad377a8b78

                                                                            SHA256

                                                                            2c22d49253caec286c9be9cd39180347d1bfc78e4d53561094c5945197197a07

                                                                            SHA512

                                                                            7cfec5ad77b8ea8d0a7a8156e9f1d33de8755e567f9c2e2dfddf04b39c48ed84f0a236a0a4a1eaff57e3fadc51962276a622721621315ceaae0797c7282ed6b6