joker | 5593d214521f32b17f547e2831a91e4a3f814c9979f6598b9c7f7376b4708497

Analysis

max time kernel
108s
max time network
131s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-08-2022 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SuperBrowserSetup.exe
Size

296.5MB
MD5

58fa231f082ef3b0c1e7170823a342a5
SHA1

aff8c9f7b56869f867875dc681f57686af13742d
SHA256

5593d214521f32b17f547e2831a91e4a3f814c9979f6598b9c7f7376b4708497
SHA512

512ecf1672f2a980f867bdf2ef1707625076bf4b878e1f3352d3afbc1a21a99b25fea6328c298d9d00b314f440a7275ebcfc8b9832058ad18df9adcfcff8442f

Score

10^/10

joker discovery evasion infostealer spyware stealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Executes dropped EXE 23 IoCs

pid	Process
1316	Launcher.exe
1196	SuperBrowser.exe
2028	CoreHelper.exe
1712	NoticeUI.exe
1172	superbrowser.exe
584	superbrowser.exe
1744	superbrowser.exe
1136	superbrowser.exe
2148	superbrowser.exe
2160	superbrowser.exe
2316	superbrowser.exe
2340	superbrowser.exe
2352	superbrowser.exe
2400	superbrowser.exe
2372	superbrowser.exe
2492	superbrowser.exe
2416	superbrowser.exe
2536	superbrowser.exe
2508	superbrowser.exe
2576	superbrowser.exe
2392	superbrowser.exe
584	superbrowser.exe
2360	superbrowser.exe

Modifies Windows Firewall 1 TTPs 7 IoCs

evasion

Modify Existing Service

T1031

pid	Process
900	netsh.exe
1168	netsh.exe
1816	netsh.exe
672	netsh.exe
808	netsh.exe
2000	netsh.exe
1680	netsh.exe

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	superbrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1112	SuperBrowserSetup.exe
1316	Launcher.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
2028	CoreHelper.exe
2028	CoreHelper.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	superbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	superbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	superbrowser.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationDescription = "访问互联网"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\AppUserModelId = "SuperBrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationCompany = "zixun"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\URL Protocol	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\DefaultIcon	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationDescription = "访问互联网"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\ = "SuperBrowserProtocol"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\ = "superbrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\ = "SuperBrowserHTML Document"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\ = "SuperBrowser HTML Document"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationCompany = "zixun"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationName = "SuperBrowser"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\shell\open\command	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\shell	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser\shell\open	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\shell\open	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowser	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\shell\open\command	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationName = "SuperBrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\AppUserModelId = "SuperBrowser"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\DefaultIcon	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\AppUserModelId = "SuperBrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\AppUserModelId = "SuperBrowser"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\SuperBrowserHTML\shell	SuperBrowserSetup.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	SuperBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	SuperBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	SuperBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	SuperBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	SuperBrowser.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1112	SuperBrowserSetup.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1712	NoticeUI.exe
1712	NoticeUI.exe
1712	NoticeUI.exe
1712	NoticeUI.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1712	NoticeUI.exe
1712	NoticeUI.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe
1196	SuperBrowser.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeDebugPrivilege	1196	SuperBrowser.exe
Token: SeDebugPrivilege	1712	NoticeUI.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: 33	3084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3084	AUDIODG.EXE
Token: 33	3084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3084	AUDIODG.EXE
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe
Token: SeShutdownPrivilege	1172	superbrowser.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1196	SuperBrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1196	SuperBrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe
1172	superbrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1168	1112	SuperBrowserSetup.exe	28
PID 1112 wrote to memory of 1168	1112	SuperBrowserSetup.exe	28
PID 1112 wrote to memory of 1168	1112	SuperBrowserSetup.exe	28
PID 1112 wrote to memory of 1168	1112	SuperBrowserSetup.exe	28
PID 1112 wrote to memory of 1816	1112	SuperBrowserSetup.exe	30
PID 1112 wrote to memory of 1816	1112	SuperBrowserSetup.exe	30
PID 1112 wrote to memory of 1816	1112	SuperBrowserSetup.exe	30
PID 1112 wrote to memory of 1816	1112	SuperBrowserSetup.exe	30
PID 1112 wrote to memory of 672	1112	SuperBrowserSetup.exe	32
PID 1112 wrote to memory of 672	1112	SuperBrowserSetup.exe	32
PID 1112 wrote to memory of 672	1112	SuperBrowserSetup.exe	32
PID 1112 wrote to memory of 672	1112	SuperBrowserSetup.exe	32
PID 1112 wrote to memory of 808	1112	SuperBrowserSetup.exe	34
PID 1112 wrote to memory of 808	1112	SuperBrowserSetup.exe	34
PID 1112 wrote to memory of 808	1112	SuperBrowserSetup.exe	34
PID 1112 wrote to memory of 808	1112	SuperBrowserSetup.exe	34
PID 1112 wrote to memory of 2000	1112	SuperBrowserSetup.exe	36
PID 1112 wrote to memory of 2000	1112	SuperBrowserSetup.exe	36
PID 1112 wrote to memory of 2000	1112	SuperBrowserSetup.exe	36
PID 1112 wrote to memory of 2000	1112	SuperBrowserSetup.exe	36
PID 1112 wrote to memory of 1680	1112	SuperBrowserSetup.exe	38
PID 1112 wrote to memory of 1680	1112	SuperBrowserSetup.exe	38
PID 1112 wrote to memory of 1680	1112	SuperBrowserSetup.exe	38
PID 1112 wrote to memory of 1680	1112	SuperBrowserSetup.exe	38
PID 1112 wrote to memory of 900	1112	SuperBrowserSetup.exe	40
PID 1112 wrote to memory of 900	1112	SuperBrowserSetup.exe	40
PID 1112 wrote to memory of 900	1112	SuperBrowserSetup.exe	40
PID 1112 wrote to memory of 900	1112	SuperBrowserSetup.exe	40
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1112 wrote to memory of 1316	1112	SuperBrowserSetup.exe	43
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1316 wrote to memory of 1196	1316	Launcher.exe	44
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 2028	1196	SuperBrowser.exe	45
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1712	1196	SuperBrowser.exe	46
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1196 wrote to memory of 1172	1196	SuperBrowser.exe	48
PID 1172 wrote to memory of 584	1172	superbrowser.exe	49

C:\Users\Admin\AppData\Local\Temp\SuperBrowserSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SuperBrowserSetup.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowser_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:1168
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowserCore_Chromium_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:1816
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowserCore_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:672
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowser_Admin_rule" dir=in program="C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:808
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowser_Admin_rule" dir=out program="C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:2000
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowsertstunnel_Admin_rule" dir=in program="C:\Users\Admin\SuperBrowser\5.205.10.25\Core\tstunnel.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:1680
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowsertstunnel_Admin_rule" dir=out program="$INSTDIR\5.205.10.25\Core\tstunnel.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:900
- C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe
  C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe
    "C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" "LS1zdGFydC1sb2c9QzpcVXNlcnNcUHVibGljXGxhdW5jaGVyXDM5MDQ1MDdfc3RhcnRlci5sb2c= --base-encode"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\CoreHelper.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\CoreHelper.exe" by1GQzpcVXNlcnNcQWRtaW5cU3VwZXJCcm93c2VyXDUuMjA1LjEwLjI1XENvcmVcQnJvd3NlclxDaHJvbWl1bV94ODZfMTAwXGNocm9tZS5kbGw=
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2028
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\NoticeUI.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\NoticeUI.exe" --pipe_server_name=1196_NoticeServer --pipe_client_name=1196_NoticeClient --process_id=1196
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1712
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --store_data_path="mbXbzp+4ZOPUH/JOV1Q76RvjMac1/qMw2NCdkk0cnwCQ2FYV20VWkdXQFylj2v4iTM5XAYTCg1NhbJwWh4fBrozYREMKaikoM7xKHU0yQoY=" --browser_id="BrowserWorkbench" --profile-directory="Default" --proxy-bypass-list=work-flow-service.ziniao.com,common-service-todo-front.ziniao.com,work-flow-prod.s3.cn-north-1.amazonaws.com.cn --no-sandbox
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1172
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=gpu-process --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1092 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:584
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --video-capture-use-gpu-memory-buffer --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1328 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1744
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=zh-CN --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --video-capture-use-gpu-memory-buffer --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1440 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1136
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1892 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2148
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1900 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2160
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2120 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2316
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2192 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2340
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2220 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2352
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2264 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2400
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2272 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2416
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2280 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2492
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2188 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2372
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2288 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2508
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2296 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:2536
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2304 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2576
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=gpu-process --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1380 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:2392
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=gpu-process --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=5592 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:584
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=zh-CN --service-sandbox-type=audio --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=5816 --field-trial-handle=1172,i,400566902951403335,7432790263526835105,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:2360

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x558
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe

Filesize
2.0MB

MD5
79a36c6ace81d0cd41aca76b65bf0ab0

SHA1
ec2eca701df0c137dc2bff81f6608db356dabc22

SHA256
4d3d289b7a36233a1474fce1803db844b901aaea4f4c921197448c1faaff0502

SHA512
eaa60850fdf9fb4a85a54608e100b21fce3a0c37b8f1683bdd03b923a7a38579447a7ff247b9ab5759f09d84f84c3fb096d574c7e60da8da486200f329a272fc

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\ZXSafe32.dll

Filesize
149KB

MD5
9e69f387a86f9bdd2307cd6862db731f

SHA1
85dab1e4383d9fce9be58e63a7077d0de5cd43d9

SHA256
8b983cd9581878726991c09e1808e3b0c692216b3875b9be52caf40cf86298ec

SHA512
4267cf86b5079f382b8d9c8f2a74195f9c2f89a4609f18a7d7e510e371b3a845c8c3d83b5898755d55411c7235b3f24d16c68c94823e30d1f3c7efd133803644

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe

Filesize
3.3MB

MD5
6829257785cce9fa4c68e90a05747a5e

SHA1
2caa1745de8eedc57b1b45067585410cf9e28342

SHA256
20e8228ed83ae95e9221772bb7f8956b7f39b29e17a50dcc61afbdd0b3727040

SHA512
ae02a0de1393b0cd3c752a80d88560e30bfdf1a1ed3227da218151b66b5561b42d9bc9164a38d17971f265081b538a24993e897bb92b51c39ead801bd0aea0fd

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe

Filesize
3.3MB

MD5
6829257785cce9fa4c68e90a05747a5e

SHA1
2caa1745de8eedc57b1b45067585410cf9e28342

SHA256
20e8228ed83ae95e9221772bb7f8956b7f39b29e17a50dcc61afbdd0b3727040

SHA512
ae02a0de1393b0cd3c752a80d88560e30bfdf1a1ed3227da218151b66b5561b42d9bc9164a38d17971f265081b538a24993e897bb92b51c39ead801bd0aea0fd

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe.config

Filesize
925B

MD5
affd4103db0f996a5a4acfd3093f473c

SHA1
5504fa264f452ce0cace3e6a1b0583fd20a4e87f

SHA256
94f65ce5615f7ba9e043b41a8a70962e324b8689e7d8c1d419dda5d4d36fb21d

SHA512
0ce7b66d94dbf3aa0661b5c546fa38d1b4142ecc29b0f61b07d4d8571f45d99a041f83bcb71cf2514df5d3dd7466b428f750c78fdd094b293f03e3e6cae346e7

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\x86\SQLite.Interop.dll

Filesize
1.2MB

MD5
2c28dce65ab7443f205c748e79bc8726

SHA1
48c7fe4114315001ff201d0eb4f3921cc2704b8f

SHA256
51f6e78fee9bb16537543e6e03522c4badce7d9e35676551873ddf3db70d072e

SHA512
a2240e499b8ce6c762a03759c8cb3969b13ebf829ae8cf894abd4fd4ed5b2a2d7dcf3231dfadcbffb67db909db89c32a24880431e1473d6be84c8ad2d4ab1273

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\AccessControl.dll

Filesize
15KB

MD5
f894e7068ee5f5b4489d7acdde7112c9

SHA1
79ec857791ad4ac76673b05e6fc44e55315424ef

SHA256
3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab

SHA512
e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsDui.dll

Filesize
963KB

MD5
0770b7e4d5b3ccf1d13562a60f0fa7cc

SHA1
2ce6b4306dd9875efed46eff66c3f90961473998

SHA256
3be91d177fa7fabc153c2641062f289e6cc6adbd20c1a5339f491c730ec86167

SHA512
51ad3704ef14f979072ab20cf992ce38efbb3c5907811c82455722f929b7e3493994adfd2b50cb5f3cc09d2302a91758f84327f990ef91caaad9a546cf27a1de

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\nsis7zU.dll

Filesize
313KB

MD5
06a47571ac922f82c098622b2f5f6f63

SHA1
8a581c33b7f2029c41edaad55d024fc0d2d7c427

SHA256
e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

SHA512
04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5543.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe

Filesize
2.0MB

MD5
79a36c6ace81d0cd41aca76b65bf0ab0

SHA1
ec2eca701df0c137dc2bff81f6608db356dabc22

SHA256
4d3d289b7a36233a1474fce1803db844b901aaea4f4c921197448c1faaff0502

SHA512
eaa60850fdf9fb4a85a54608e100b21fce3a0c37b8f1683bdd03b923a7a38579447a7ff247b9ab5759f09d84f84c3fb096d574c7e60da8da486200f329a272fc

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe

Filesize
2.0MB

MD5
79a36c6ace81d0cd41aca76b65bf0ab0

SHA1
ec2eca701df0c137dc2bff81f6608db356dabc22

SHA256
4d3d289b7a36233a1474fce1803db844b901aaea4f4c921197448c1faaff0502

SHA512
eaa60850fdf9fb4a85a54608e100b21fce3a0c37b8f1683bdd03b923a7a38579447a7ff247b9ab5759f09d84f84c3fb096d574c7e60da8da486200f329a272fc

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Core\ZXSafe32.dll

Filesize
149KB

MD5
9e69f387a86f9bdd2307cd6862db731f

SHA1
85dab1e4383d9fce9be58e63a7077d0de5cd43d9

SHA256
8b983cd9581878726991c09e1808e3b0c692216b3875b9be52caf40cf86298ec

SHA512
4267cf86b5079f382b8d9c8f2a74195f9c2f89a4609f18a7d7e510e371b3a845c8c3d83b5898755d55411c7235b3f24d16c68c94823e30d1f3c7efd133803644

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe

Filesize
3.3MB

MD5
6829257785cce9fa4c68e90a05747a5e

SHA1
2caa1745de8eedc57b1b45067585410cf9e28342

SHA256
20e8228ed83ae95e9221772bb7f8956b7f39b29e17a50dcc61afbdd0b3727040

SHA512
ae02a0de1393b0cd3c752a80d88560e30bfdf1a1ed3227da218151b66b5561b42d9bc9164a38d17971f265081b538a24993e897bb92b51c39ead801bd0aea0fd

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\x86\SQLite.Interop.dll

Filesize
1.2MB

MD5
2c28dce65ab7443f205c748e79bc8726

SHA1
48c7fe4114315001ff201d0eb4f3921cc2704b8f

SHA256
51f6e78fee9bb16537543e6e03522c4badce7d9e35676551873ddf3db70d072e

SHA512
a2240e499b8ce6c762a03759c8cb3969b13ebf829ae8cf894abd4fd4ed5b2a2d7dcf3231dfadcbffb67db909db89c32a24880431e1473d6be84c8ad2d4ab1273

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
memory/1112-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download
memory/1196-115-0x00000000047F0000-0x00000000048A0000-memory.dmp

Filesize
704KB

Download
memory/1196-147-0x00000000057C0000-0x00000000057D2000-memory.dmp

Filesize
72KB

Download
memory/1196-201-0x0000000007EF0000-0x0000000007F2E000-memory.dmp

Filesize
248KB

Download
memory/1196-111-0x0000000000830000-0x0000000000B8C000-memory.dmp

Filesize
3.4MB

Download
memory/1196-202-0x0000000004DB5000-0x0000000004DC6000-memory.dmp

Filesize
68KB

Download
memory/1196-135-0x0000000004E30000-0x0000000004E3A000-memory.dmp

Filesize
40KB

Download
memory/1196-128-0x0000000004DB5000-0x0000000004DC6000-memory.dmp

Filesize
68KB

Download
memory/1196-121-0x0000000005420000-0x0000000005496000-memory.dmp

Filesize
472KB

Download
memory/1196-131-0x0000000004D70000-0x0000000004D90000-memory.dmp

Filesize
128KB

Download
memory/1196-127-0x00000000054A0000-0x00000000054FE000-memory.dmp

Filesize
376KB

Download
memory/1196-136-0x0000000005160000-0x0000000005194000-memory.dmp

Filesize
208KB

Download
memory/1712-150-0x0000000001050000-0x0000000001108000-memory.dmp

Filesize
736KB

Download
memory/1712-151-0x00000000007A0000-0x0000000000826000-memory.dmp

Filesize
536KB

Download
memory/1712-152-0x0000000004F95000-0x0000000004FA6000-memory.dmp

Filesize
68KB

Download
memory/1712-153-0x0000000000740000-0x000000000074A000-memory.dmp

Filesize
40KB

Download
memory/1712-206-0x0000000000740000-0x000000000074A000-memory.dmp

Filesize
40KB

Download
memory/1712-207-0x0000000000740000-0x000000000074A000-memory.dmp

Filesize
40KB

Download
memory/2028-146-0x00000000012F0000-0x00000000012F8000-memory.dmp

Filesize
32KB

Download