hxxps://doublesheeps-china[.]com/?uoaeholm

Resubmissions

28-11-2024 01:34

241128-by58asvrgl 5

28-11-2024 01:26

241128-btj49svqcl 5

28-11-2024 00:30

241128-atfleatlbr 5

Analysis

max time kernel
209s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doublesheeps-china.com/?uoaeholm

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772308343016481"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2508	msedge.exe
2508	msedge.exe
1640	identity_helper.exe
1640	identity_helper.exe
4312	chrome.exe
4312	chrome.exe
7112	msedge.exe
7112	msedge.exe
7112	msedge.exe
7112	msedge.exe
8168	chrome.exe
8168	chrome.exe
8168	chrome.exe
8168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
2508	msedge.exe
2508	msedge.exe
4312	chrome.exe
4312	chrome.exe
2508	msedge.exe
2508	msedge.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 3176	2508	msedge.exe	82
PID 2508 wrote to memory of 3176	2508	msedge.exe	82
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 3056	2508	msedge.exe	83
PID 2508 wrote to memory of 2216	2508	msedge.exe	84
PID 2508 wrote to memory of 2216	2508	msedge.exe	84
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85
PID 2508 wrote to memory of 2256	2508	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://doublesheeps-china.com/?uoaeholm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa65946f8,0x7fffa6594708,0x7fffa6594718
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6680323072274753382,18300005841871057443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff9373cc40,0x7fff9373cc4c,0x7fff9373cc58
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4480,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4604,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4668,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4620,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4732,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3416,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5532,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5472,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5292,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3512,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4816,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3484,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4652,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3452,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4608,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5336,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5940,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5848,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5960,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4716,i,14779941775166176556,2977886666660855328,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8168

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3836
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {154ef888-6b7a-4492-bf58-bd0fb3094542} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" gpu
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d02aefbd-3ad9-4f42-a07d-802edb35e684} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" socket
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2800 -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 2844 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcaeceae-bbf9-44cd-a49b-0774af059120} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db34f60b-c18d-4569-94b9-1b2b7dafd21a} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4748 -prefMapHandle 4716 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e4270a-43b7-4127-a47a-51db00915b1f} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" utility
    3⤵
    - Checks processor information in registry
    PID:7048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5276 -childID 3 -isForBrowser -prefsHandle 5268 -prefMapHandle 5228 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e5e61e-9a88-4eb0-b5af-b8a3e2742745} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a89ffa6-0107-40ee-ae28-8028c5af1951} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ffb055e-c893-40fb-a866-f5cc99ef796e} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83453fe-613e-4dfe-b227-5faeefe4673d} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 7 -isForBrowser -prefsHandle 6184 -prefMapHandle 6188 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca723cc4-2642-42c0-987e-78c11805bdad} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:6828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 8 -isForBrowser -prefsHandle 6232 -prefMapHandle 6224 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e21ee3cc-5d9c-4793-844f-e3de5b84a11b} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2720 -childID 9 -isForBrowser -prefsHandle 4184 -prefMapHandle 4180 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30147c7-2897-44ac-8ab3-7e25a00a095b} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7080 -childID 10 -isForBrowser -prefsHandle 7068 -prefMapHandle 7072 -prefsLen 27355 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78bf00d0-42d1-410c-bfa6-7dfb079851ff} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:3276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7104 -childID 11 -isForBrowser -prefsHandle 7112 -prefMapHandle 7116 -prefsLen 27355 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e4007d-b184-4d2e-88c0-e54c1c6df0ab} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7360 -childID 12 -isForBrowser -prefsHandle 7336 -prefMapHandle 7340 -prefsLen 27355 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {225b2385-d304-416b-9276-29a0c81e3168} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:7428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7628 -childID 13 -isForBrowser -prefsHandle 7580 -prefMapHandle 7576 -prefsLen 27710 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef42d02-99b4-4bac-80f1-9cdf1ced018e} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:7740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7796 -childID 14 -isForBrowser -prefsHandle 7780 -prefMapHandle 7784 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3db8af7-f0bd-4efe-b4c5-bd4288627eba} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 15 -isForBrowser -prefsHandle 7928 -prefMapHandle 2548 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb94badf-185d-44ae-9342-57b4b4227db5} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:7736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -childID 16 -isForBrowser -prefsHandle 2672 -prefMapHandle 3308 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {897e4fce-90e8-4526-8c6c-2e3cc211220f} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
    3⤵
    PID:8016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
301e89fd24684237fb7106d5faa1413d

SHA1
f4790087aee13d0f2b28e9daa01fcb3eb33cc5f6

SHA256
d845156c6cc52e57ba12c617aeda3bcd24b19b84cdf68759827ccae24128e8dd

SHA512
0ba611e7a951f812f357fbeafaeebfee0457528833d5d117eab2769baa4e2ea3e989cdef9297b7571fd5aaa04eac46c3e8ba5419bd8dae0c71b4266758393b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
bb113064b67ba397068c8fb0b8b52336

SHA1
8922b6f6ab2071a98f145a73602278d29c6400dc

SHA256
8fd87ee880472354f8e1445fdeba5bb3a6648a7634f72fa8d4c704f8e833558a

SHA512
7514a2216af57abf83158f690383451c4d76d6ac353f7892f8ab3e7ef16b30600523f38ef7a409a036a223756d24d219576c3175c03f220a889e0307f6a5358f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
921dec7477065130547567d650a7a82c

SHA1
49e0153cdb1bdd32c6a5f2b1e595bced9b25add9

SHA256
ac20a6be650ccc292f5f8acc23d3f7b1311a399102bdb47a47f0dd537b349bfb

SHA512
0777fc6733ecc8f1eef00020098ae386692c40bac20db2158ad26bc50b5cd1a5a8b92c53fd1943591a6fec18a0279d08f507dac90b4419fde5e9fe259d33763c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
6f5495e28ac4580215e961eda5291df0

SHA1
974b486545fdd8c50618fc97a9845e12b3602064

SHA256
72c140d14de4a5b7d264c02916a38157fef18410b5d9026aa09b9173dc9d7e84

SHA512
a7695facf6a507fc1ffac233747efa6a9b7e6bfe1df62b1980bfc364c79c95608e1cde927f5746dab9f865f07ea05b97e9f1e8ff0effa42c62087f787d4725d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
f9cfcb6cbfe7fdfdd8a4d09c0b614566

SHA1
110509eb830ab6b7366189eadb9a43e85576ebd9

SHA256
e7cb69aa5d05c32a17feb59c1e47dc593dc84ca1d89a92b75b374f2e9b0ef30c

SHA512
d50089df702ed2e89133f5ad0953b467cc2afa90ee106cbce8d23f811aef0af67e628175273fa7212a9cb36f641b3c1020c49f78bad6d012bbdc528d99ae8d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
385a4b28d61659aa29e1616cbcd885b0

SHA1
5dfaf8875c4ad4effc5321ae86f861a292097ed4

SHA256
180eca430c4bba45ff61083b776bd045a27d1271ecb98bb2aebf45cd19aa20f7

SHA512
3cb03d80c67f6d4ae5fd7f327ab59c6f4d7e411423e5f29c1b114fb3b5f87a7300e27de02ac1d5ced317fcaaf456e4c1d9e04820e5ab32289a50a6ec34d2c57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
453b94077cec46c651c62a1b4b14b0cc

SHA1
49e962aabf4485f6ca1868860d9b5ab15c38f4ba

SHA256
bbe625a5e0e9524742813a53ab8c619886ed55fb42a0343ef01e1909b93285cc

SHA512
1eeac26d74be24ab26f867561d74eb1e482b80df097f2a0a2bebd0c8b81ec0e7b50832b75c48ecf7cb2638cd134e819016ff3995f8faaf83ee383e10c58658af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08af7d354381b2865f7f1d92f2896ef0

SHA1
3dbadadc3e5e5841ec519375bda54a6398b643be

SHA256
002dcf0a14551d3d44b299d0a7dd49a947c82da2c35d7552cebf54928a33a160

SHA512
5239021c1b567639864e83fee77b8ff4d70ceb883918832f33cb178b535d76411a6908b67df28dae35445f5ab6fa97ce8354068d20befca125eee7b04d9f9d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f6cd304963c35721d65c93281cd56d5

SHA1
0c87e99207a19ab803a867526f69cb9111bac423

SHA256
9b58e02a681f86c4c3352397e999572202a5587ec5fb904edba64a34ad3ae0bb

SHA512
6ee2414085a1414caeb28aa285dbb54396da89acb1a88bf73de2495ec73b99ac5b2a67785e8715bc02f7657bf34185c22dccc36cef857503bdcff36180ce401d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9055e5cdbc6f6863dd9bd82e6419a08

SHA1
586d54811fe2d5be0f32a2b8177cfd7886c13b19

SHA256
1ef6750d96651e20e96c0cb337f00d357cd24d0c4a9e8ca9ae72c32548082d2f

SHA512
84b3539f3beeeb4f03f5be9dc3f8b958696ffc85a65e400e04db6ba4b8e1b6b43850ae53133bf4a4801e771950ff5c6f7b477724a7284843159fdc85d37f51a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
991f9a67154031441e137c47f26b2ce8

SHA1
4e2a06bf618eda4d476c560425fb13a4a6fa27e8

SHA256
804aef0288110407347e3199e9c15f160e3d5e68d68d21a4009e7d01577ea046

SHA512
ce08d7b4c29415aae0c576a0bf8232264e3dfcd50e4f82888eda809ec7096023af08f1233e83c4e1064d088c3d30fe52dee88b88118aaf8b9fdd4527c75c408b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3787e6e50a3b333e698f3e67b8caf52

SHA1
18a479a69b1b7243d2f40fe15af148528a8d8d55

SHA256
b33cf01dcdcdba91f0b0f73f3e8959cf7e80ccc30c0a9f3d7e305c47ae34adf4

SHA512
e6f9657e01a30f83150223fe1963dc60a9dc15daaef3a448120beef642f98e6ec2dbdd00ee3a332f0af2db1a5ab19997d0ed1eabf44a00ab34d7ba05ad30cfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9aeac5daea603ec9c4f1397f7a24f73d

SHA1
368af51719ec3a1956a134030e4ad8982f28e56e

SHA256
484a2dad77b99035db0aeeeb02e2a1e540a11a41639d6eeebed31da7a2a47368

SHA512
8dad4567e0c19714ef200057d47207e460dcf70d2bf1238cbd0b30494258918e06fef5fe827c522b3c89beac3ce9f30b4e6bd0a4362bf67486f6693ba40a364a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5caa2cbcd9ffe581d133b7ae80d61672

SHA1
c7e343a6dd254bc0f0e0e45819fabde5e851bc47

SHA256
69571d480b44b4ed05c2f5ee5ce89c9c6f751427a8318acfb787ed4bf3575790

SHA512
a6d1973cab7df44a83a8ee8c916034a120caca6ad6b46503ca18419a295c808c4fc69e391c529e4cc2138ae2c8dbe6b4c73d46ec59d7e030200cf92040041f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d411e6f22247d86301d7f681a38b8939

SHA1
c035b78fd9b53927f2b141c1e23d411377f52b36

SHA256
bc39e11756f9c4d3e16ec7aab1bc42ddb9947c17c5f69e15d00cf4afbb241d14

SHA512
4406fdcde81b9e85ae819e40cf49f0c6cf555086341d96b47c894d9c9578547d8111ce87fac02b091f1b6d06daebc9706dcecf1a4c6ce4cc2f74b73840a193b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee04ccb4bb62d82b101ecf7a7dcc7c7f

SHA1
f0531fcc64ae950cb35887a379ccb8b5b1e4a41b

SHA256
cb5cd01b2ea71d88c2b37794d726008b1e403bffc0d950b5f4d9f57d45c7aef7

SHA512
e13972d7d93eba27cf67355b8b49334550d939d529545d3fb9b8474e42a50fced053128219cac6700a341d4b415cd5070ea4edea7eb6bd8f143700d10eaf5323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
141a0914c16b7036d05aef9cba16e370

SHA1
cd9ec47e6870cc1ce767bfb8bd8d193dd5c4c386

SHA256
d76dc5902ee2a61fc341bf94e43fc09c461a60b742432bf402c4c8be0cb7bc40

SHA512
3f28614836de911a7e0ef4e9f67e8b0926de73de1fc16b939a95044b1174068c63a7549eebe7b317941216052d75ed64e4c93ece2bfc4c46b8ab9fa490b7442e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
41a5c0b1e5136a4bc093d28c318288c3

SHA1
f503c0b9212df8aa854848b9b25fb9b8e7dcb0c0

SHA256
d0e0ad45bea35810db42daa2706d7b6ec5b1e3aff787d52eb82a2cfee2335d5a

SHA512
2f14c5cd44e04150f920dbd247ad9a5b8ebaf9197fec3ad5166f96fd62e7d6cf0efb1820a860e6dad3b34ecc569a357c6a4e443d99e07d4affcbfd56d85f5ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
1df9b7e4297093bf556c3fa4fb8d6176

SHA1
9e9c8d4e7a76d9663d32b2f3f4af0cb0a982d2f1

SHA256
c5a19237f68cc6ad9c4db03f4ca7e05ed8483eb7a72273cb34064ba78996526d

SHA512
2e0b0addd951eaf669545d3836530611d74f7d63c106f336a6e61b29c932513c216ec9ded967fd08d982279166a6ff2d6807ae13b2bd21cc57b998d0fd08540a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
96e76b29b7ce75a03411d8071f4eb04b

SHA1
7c5276c6f6d8a04b35a364ab569c663f87c8a657

SHA256
475384787805b03deee1508460b6e56c43fcd390dabc7984621f55bf48398ae6

SHA512
a07611cafbd9deb8a0bc0879de82a5e44ca10b518c22a8752922065c32546a76d8c3f83b13789660b64998bcdcf9d5227dd1ebac9a1d8ac39d0e3837550419f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
f0de9a98dbdfa8c02742ce6d92fb2524

SHA1
cdec682aeb9e39edccc2374dab26f04db754a8b5

SHA256
faf4294f27a542b0f9ea2a7cb2711529ab027cd84a5f5badfae752100855e6be

SHA512
856fc9ab199997e69a9487372bc0083564f7115b3e0678cf1d542b9864e9a88d5ffb85697fd93538dc9439071e3bcd4b8bccbfc610e1a45de104d6362d8adcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cf116bf87698d67b7f1dec0705958be7

SHA1
98db70866fb554a3d39a6ac9ab49b2a90fe751d5

SHA256
b4237a756cb7b008e153c656b25579d4aeff249f4ccc9c5454ddd042a6118bf0

SHA512
2bb6c0b20355ca7bba37fbc7a6e08a731280c61f4af9b8f5ef9f8a612fc768fda8c33d12f59be11acedab6e975837388d853353dfc35dd64b0fe1fed3f91d019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
de33f4403f7a3782353edbbf9c57107c

SHA1
04407f5e420a2e37287ee0bff93b2017209c9d7f

SHA256
0df39b2dae423680b39a676709333b2fbfa9aa0728c36c6f2b4c213fbed15954

SHA512
9fe3ce00c0ca6c07d114966f18caef2510030c122f31b37c9b5318ef83e6ea30a731a7845952f27152b3a143cbf3b7ac88c6b33a3afbba0aab0246b43ca72565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
513B

MD5
cc5f40afab09ff13212e893d7a472b21

SHA1
f06f744a8c3e4df945d0585de04d4760d1039043

SHA256
8a0f98613480051769da3afb822d975c70405f2d3f195a109c67ed7e41b41a3f

SHA512
110b9d5f036717e8177f93f869da64135a7d04067013841cfd3d34dc9787c3dc623621d6662cec56999d79497a44c48eca50c6b4dbf4fb77a583f442ec997cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff33686e795cf6245f11a3518ae96538

SHA1
103e5141dd1318b7a57830961e3455abf04e9446

SHA256
bd7a8ce7079deb84e3ca47fd9ceed0e2898dd747a3dccf6073c4f71bcd7f58f5

SHA512
ed1381c2ea616a3925cfbd751c923d6b69d4acd75c067c72c9eb26b637cd1a3fedd09c405b5c1a3d599b4a0ba2120d2b4cd4260cdcf7ff991468ccde37f287e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72a792f6c745754d9b4613cc28dcc83f

SHA1
bf926fdfff109ba58aa909a594143c8cbb7f7d44

SHA256
a6e1190d5aa9183b9fc00012d46b53b0e79c4fdcb675404dbeffa9cafc6ce321

SHA512
044587494be6f27218f91cf6e5571c2854a27bd3b44d436c01fc4b2c21c173749ddeef7bc88d946f2e0d0a5abcc0bd6390472c26419c2ce244d6106f9c2cbda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abb2d9c33891387105a82647e17e0c1a

SHA1
a0857acc33be82bdb42f90766339321ccd8bda79

SHA256
4f1dd03eeeaac124c66d20a3b4a8134aa8b71e9a01ae97b53ad2ec3943fe4c45

SHA512
b4178b1d2b02c9d608cb74a8ae46b661fd9871b82ced019569a3ff1a4a1aafb4efe1e1088a0111e52fe8c741626c3800f4dafc2f1fa58d1a582a5bdf948f2867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef681298b4002ee4faca1e3facdd3c14

SHA1
b237d818ab89c31d8b71ff32f3a94b1a3643590d

SHA256
a74824ebbb77c2c1372bd39ea786160eb1c670c2c9bd9297f8d17ecb66da545e

SHA512
d85607d239a031ef6c838829a04ad68f3ba99554d568f532b0cba8379eee32d88d9af6a31712aaa6302d80d86ae52e8f447d22617edeb26f1d94380a06a36d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f1cca09e1f1dc91483752ed7da596e1

SHA1
80d3a2e7e6f22ce14c50dddb26c56981d218f174

SHA256
219738d66f07021299215405e404102c41f2f4d869451ee3cb63f1bb1f946600

SHA512
b901c9426c0bf8d2b2769e79c1cee3fc3455ddd490c66b0a216e0816e2e11d6ea53c1df2ef189816be15158ea7fe562844242f87f7933d7eb763296bc7eec980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
ff0a8e8da879c2d52c881997955f5c4b

SHA1
412f506d0356f51a8348b07e60756410ed769c31

SHA256
c5d9bd3c8ac6ca8b216cb99fc37fcd0f9a2ca6f189f65bf35f7430ae2f3d979e

SHA512
f52d3ae2887dd3920641de8078fb68d6ffba427b1d5ab3fb015341ea10e17ee0ebaaf9a51ec7c1b6d5937e73c504aa35075e9f04bbe480b65452ab9e915b70a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
c5ea4e12cb3a3bea363687ba30d14692

SHA1
4080939d82f5a826b6110689afcc9d54cfbb69c4

SHA256
9f89167514f395865f467c938aee43c3d2811040cd88e180b88a86f366e899e8

SHA512
a45cfb8cefc79dd034b17a3a83fbf9ab72f45ff7ec50e70b437e7b1bd33736bf075c2786e41ec25fd84ef5e220e3865e83b143a30ca02d19fc36de9c6d81539c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a43.TMP

Filesize
369B

MD5
e7b789a2eea8dba2ee4ef171e91a64bf

SHA1
b7ea0a0caad7c447b30f183a5b8255d01ae94989

SHA256
07ead70ba80d549e49fdefe29215249a47a95b5b3a6cf2c23b1fef788fde4296

SHA512
e60bef7a45ad67a75ba04555328748ae2e53396ff622bac2f0a0b727db0a780501b4b69781ad77864728467cfc480e5b00bf65f53503438036facd2acea07806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e41182ca74fa87499cb77d9ac69cad1

SHA1
12209e28970fcb0b848c70cb345b25774e0ddc13

SHA256
4200fe256a092a4c390e2397b1c49b90b03ea61f0510c21b02c6bfc067c3e2a0

SHA512
f41648697245d4dc6f24f1654a7eb2ab67b0ccee8849b214c1670229018e7aba444108d859766c2d609f1033b5e1a255442f5898a553855058be88428fae17f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f92d2483f31c426c9f83cd7e9aba112b

SHA1
0f612ed95f7f9b131e037277d7512e3d6483b504

SHA256
bcac850144b3329a0e94203cf41f350727d8d95194e6aacf285f3ba324be4ba5

SHA512
ceed34e69609de75a607647c6f02b9e6b1412f63a2748abb9fb9d32887b59501621a53cdbd9a75e858fb05ee75c5533e931a84ab94ceffb391a171e30000535e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9d4a54f0cd0a18d6cbdec4c708fe581

SHA1
ee8a7ed49a10a6818aad411039198129e22cf609

SHA256
bcccd1ab6a724ff3dac1256a794791beb6394df15b6a603fe91e6d30a4680745

SHA512
28811d2c2ba4c0991019565204065349eeeaf82c744d9ef66c55df144a8757626f48cc2a5f8e21102c8d4ebc90d46d0dbad55497a706db4259aa8634c9fab280

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
376326e321759c6e795a775afe7795ac

SHA1
face5b58f97f41af2a38bcca833328fa56c61841

SHA256
2b5649a897f1fd4fa8d6d0f65af5af0fa20e8d6bda4364f15d77d7b7d03b3bea

SHA512
b868c904b25cf5cb348b14333abebedff68d13d6cabd206d69a5f38d68fc42c073566b204144d6879aca2a56129459d1554e2b3f002774a2a7d4452ecbe95b85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\05B0E4E83FE0E15EC5E02465DA1F46805B94DA46

Filesize
25KB

MD5
7fd44bd3a6ae190b1b234f0a0cdf584c

SHA1
a5627a3c7e16b6d2afc6408e955a5e076f9acd9d

SHA256
2156c11e4e063fea50a8d2ef4e2afed89e74284d716d122541563415c9a7c908

SHA512
d01c601cf08c1c5e3aeb48873fc15c7b49cabd81e00ea64891a478d1f870e7a7396fa5b80496bb946526d182c6365cd250972230e961bf34c6f224a0e3ffcaee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\thumbnails\f3d7e98b40ce079448d4adc953b581a3.png

Filesize
5KB

MD5
60438998c9ab542ed2810bccec180dda

SHA1
f077e9ec35b62c21374930e5ee3508180a63eb2e

SHA256
dfe2d1e85fd27a315a2fd05f087799619f9501803bc606bc059be8ea33e941c3

SHA512
8f231b48776f18408342337fd96be3db9fe1888dcbd05390cd708fb683348d8160ab02b7b1d3f38db3c5c4b7d2439ff3ed8a0b87f2c142aa2d56e0ab5b6cb05a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
10KB

MD5
cf973996cccefaac549a96eae0279d52

SHA1
8c81a1dfaa809462de5cc8a36eb00b7ddca10d04

SHA256
5053074460d5e9da0425d72f437b397ce126039e1997b73057e5032e6efda599

SHA512
3edfde969f8b9b05ae24b05a4e1e2bccf9a39f6f412d2686ca88a139ef452a2eada800b62004792a0d47738913d55fe14c52b0dc4b5494caeeb5144476dcce5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
7KB

MD5
468b0fed4ec6a60f78b44a8f24d3e0d6

SHA1
ef00a6493b2410d5da30db2e763e12425bece15f

SHA256
acb07d4e7fb61e4fb765f4fc2396b5853d0965108e36b2ffe49ee1346e5b182f

SHA512
fc3c7eb6c16ff3449ed51deed58edcca639079ba7ac03313aa17db9fac8f04cf4bcc40b47706b0202d8a0b3243abfee619a38a0248ccef71393b29124877d54f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
2a76707b83cba200b390a4cc4e4e477c

SHA1
e200e949461b134c667c276e4e4334b1b1241288

SHA256
564dfe0c97fd19fda8fa88c33a7b9e72f4b8c95c8148224e3edcc2d357427fa8

SHA512
fcaf138702f7e3e360397b3a01842d91517307aa81779df05d748b0f78b02418c1c112def69fc70abb40b309b907491e1657a6314bdb536c80953015243f99f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
3a1279cab70755a76390360b53a6736e

SHA1
0e7437546d85a84db2ed5c0e7de8d5ceb6a42c65

SHA256
2b71abc80fd7e9d8bc45aca92654a52978a1988be1d1186090c2789c21b52063

SHA512
5d431194c48bec77fd68dba2fe189aaae27d1ff3fdbfe8e46826d95c9aa0fbaed9f217021dfa865a37c38d3a06f1ba8da5b31be814bdc77a3ff6753e046b4b4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
deef2583748ae38726d41e079dcb4fee

SHA1
a3897da7dda2b488492c05352712f67be2ffc24f

SHA256
bb503abfda50c21c4b11c98863985369042f407d6b46f3c33f58128d690aabfe

SHA512
e3da3997531f2e9f4691a65bbe8102dc813ce62baa885488ec36cb9b7579153fa9db0d898ac0b0d7b01a36de1e74c6651d372959c5d448e396cddb651c10712e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
7833648ae6e4305ce66389d186ce7a31

SHA1
8c921022837965f41fadc1dfc0efed254b5e8809

SHA256
5320b48e90cf351ceac2b54718a51e0868636de4e2c3ec4be7e70cf2c097d12a

SHA512
1832f5df15d8c5ac7a5a7301f1b166273aae13ea54fa01c7180e7c30ee67ace13c06b9187814f609c0f744bd8eaed91647045f07a1b60e56654a4410549a7f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\c3388530-32af-448b-b595-b9ce8b7cb247

Filesize
982B

MD5
7bbf3ba7e104956f541dd57bfdd697a3

SHA1
aeb312f0dbdd917ce243d5e4394776bf1806088c

SHA256
31ef9d1ecbb4ce7c7286572d850d7f830d8429a39a2d15bd26b843450ca06900

SHA512
321b8cc3629c1405466b359b6d6d21bc59fecb7c35fffb5355faa7446b4ddbbd5a130d5d1090e482049a1bb2e6706b356a02b1cbcde91aaa2cec21304c251d2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\da4537c0-566c-4372-928f-ef32a102b5ba

Filesize
659B

MD5
96b621640c77aff94c1f93372db64aa7

SHA1
1a6be86f98b3238aa41956a6b923fc7bdc711633

SHA256
9e9bb3920338b55f9307ecb45fe7b1f9474a0188bcaaaef627f4510dd1c691af

SHA512
65ad16b3ed6dbef199c85f04387bc7efeeb86a15a8b63cf286fd924d11d2cac1487c09cdaee93a3ababab954a04086e5c45bb1ede5dfd53a6c9a32813595d962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
cb01f2d8f5314d849a92442340693692

SHA1
2fadf181b2b57df8fce670b90d39aa6cdf39a30a

SHA256
904429e0efabc4d065bfe11d1b8d1da723ad87a3028e037fb592cf71a12bf781

SHA512
36b36fe4877e98de611663685608b0f6b63605db9b70f56f3735497ef2002b8803ae98b6d7b04967d987a8d45dc78b76e763cccdf4eab557a0b64cd7ecf4c643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
3d2832dfebb8d87f101a3e3d2634d8b9

SHA1
041ebafbfa47f9885e6f9ebad59024106c12c8a8

SHA256
560ef55cae6fa016d2b68df0516ad50d9fc132ca1de3bc0194468b62615ddc27

SHA512
a090e33df168d5f9e13e7e434f36576ffef51f35c91c2771d81f523253bee93b7392d3e86697a3166ab6ccebd70317906f4a1cb9b50ac30de323413ecf069336

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
1188a79ef0f0a80ff4296dc6e30fe23a

SHA1
6cafa1abb6029e933ab03d05fd517ed034a67b87

SHA256
0c53b2e4a391fb0035b06998e750f589c5ef40c3563b8c24013dcb6ca2611d23

SHA512
3a9ddb5b2e7182fea4fbb9e9ced767267d5df2db41ceb4aac68905b43e42da8ea21281f0c8a6c6b6e8a1017fa71bb24a14f3876cb050f3ad42eda552b644a3e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
5c749f5740c7a89582e5efdadaaf4e70

SHA1
ecf2993f604fc801babf6e57381b102d857da25d

SHA256
eb0d357227c930b70d4461424425af084d5a9d768066cb09fd36a6e6b9bb8325

SHA512
33395ca5ac93fb80e00d53358004d566bff2da38d50423f6a114b10b6a21fdd1a2a05ddea1d9629f5c096a65c6c4ddd2e788cc4e092f75b7c12dae3ae3f48f01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
878abe743851c92f5072d71893f300ae

SHA1
a47becf774c879f6e167ea20e7253bc964fe6128

SHA256
223e8cfbc97a83c67e6483d24de016ee09159d0c6c91e080f398f08c9e208848

SHA512
5ecafce053e4e8b3bc0766ba17858b9856287dee185847885ea5a40f2afae7408522df135c0e5c7e90686825a20f3f7838248e909386d221e6854a0c7f89143d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
9b4733564d83c51f2dd9e34925ae890f

SHA1
759c743c401ab2b7e2b0eba96a13b46639346aaa

SHA256
9d0f022e97fa30b398178b4064a7013d6b87c02a022ec6bbef51582f2a291af0

SHA512
0e9e2135dd2be4a5ebfbc7cf2861411ec3714f4ca38632b3e8f25ac9d90bf9f2dbd31f5fbc60922dc99581f007ab9ca125913aa47c8ca7be3d8c2fb73af7a402

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
c27110ddff0dbce29c1a66532f06d664

SHA1
8dd35a4b7d8e7b9549edbb0b673872b843d49d40

SHA256
54ec00eaf29698e33c5c27b3176591be5c9c7268fd95b029e1795c0fe7dc3fc3

SHA512
35b041817ecf2ecbd91c6bfaa9adb56afa9140516184cd959436f77803845b9e05d1d67e1e21c9f92f6cdfbf9ec3bb6b599b7c014150ef62cfd6b5b617a44139

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
3895c839e3818bd53c174a35e61a1b27

SHA1
a085fa59365bc9394f50d59dbe69c216b6e22c5a

SHA256
f0f59ba0c61df876ccffcbbc8b043e9f28f224be61400080c1018865791f45c6

SHA512
c68f12cb95c77623fb9a798f16062afa4756eb53be6a8b51c82de079d17ac6b788ef47709227a214aa042255a45bba1e06e5e67e3d823f187422e27a5d8c1cb8

Download Submit