joker | 5593d214521f32b17f547e2831a91e4a3f814c9979f6598b9c7f7376b4708497

Analysis

max time kernel
133s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2022 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SuperBrowserSetup.exe
Size

296.5MB
MD5

58fa231f082ef3b0c1e7170823a342a5
SHA1

aff8c9f7b56869f867875dc681f57686af13742d
SHA256

5593d214521f32b17f547e2831a91e4a3f814c9979f6598b9c7f7376b4708497
SHA512

512ecf1672f2a980f867bdf2ef1707625076bf4b878e1f3352d3afbc1a21a99b25fea6328c298d9d00b314f440a7275ebcfc8b9832058ad18df9adcfcff8442f

Score

10^/10

joker discovery evasion infostealer spyware stealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Executes dropped EXE 24 IoCs

pid	Process
4028	Launcher.exe
4316	SuperBrowser.exe
1036	CoreHelper.exe
424	NoticeUI.exe
4668	superbrowser.exe
3344	superbrowser.exe
1952	superbrowser.exe
4440	superbrowser.exe
796	superbrowser.exe
4260	superbrowser.exe
4600	superbrowser.exe
4708	superbrowser.exe
2592	superbrowser.exe
684	superbrowser.exe
5028	superbrowser.exe
3412	superbrowser.exe
1384	superbrowser.exe
3776	superbrowser.exe
4176	superbrowser.exe
5164	superbrowser.exe
5432	superbrowser.exe
5452	superbrowser.exe
5652	superbrowser.exe
5724	superbrowser.exe

Modifies Windows Firewall 1 TTPs 7 IoCs

evasion

Modify Existing Service

T1031

pid	Process
2308	netsh.exe
5032	netsh.exe
4288	netsh.exe
1620	netsh.exe
2424	netsh.exe
548	netsh.exe
3172	netsh.exe

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	SuperBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	superbrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
1036	CoreHelper.exe
1036	CoreHelper.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
3344	superbrowser.exe
3344	superbrowser.exe
1952	superbrowser.exe
1952	superbrowser.exe
4440	superbrowser.exe
4440	superbrowser.exe
3344	superbrowser.exe
3344	superbrowser.exe
3344	superbrowser.exe
3344	superbrowser.exe
3344	superbrowser.exe
796	superbrowser.exe
796	superbrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	superbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	superbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	superbrowser.exe

Modifies registry class 37 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationName = "SuperBrowser"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\shell	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\AppUserModelId = "SuperBrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\shell\open	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationCompany = "zixun"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationName = "SuperBrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\AppUserModelId = "SuperBrowser"	SuperBrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\ = "SuperBrowser HTML Document"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationCompany = "zixun"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\ = "superbrowser"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\ = "SuperBrowserHTML Document"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationDescription = "访问互联网"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\ApplicationDescription = "访问互联网"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\DefaultIcon	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\shell\open\command\ = "\"C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe\" %1/"	SuperBrowserSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629973501-4017243118-3254762364-1000\{E67BE064-3543-49AD-818D-E36842F7F0BC}	superbrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\DefaultIcon	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\shell\open\command	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\shell\open	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\URL Protocol	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\shell	SuperBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\shell\open\command	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\AppUserModelId = "SuperBrowser"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\Application\AppUserModelId = "SuperBrowser"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowserHTML\DefaultIcon\ = "C:\\Users\\Admin\\SuperBrowser\\5.205.10.25\\SuperBrowser.exe,0"	SuperBrowserSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\SuperBrowser\ = "SuperBrowserProtocol"	SuperBrowserSetup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1488	SuperBrowserSetup.exe
1488	SuperBrowserSetup.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
424	NoticeUI.exe
424	NoticeUI.exe
424	NoticeUI.exe
424	NoticeUI.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe
4316	SuperBrowser.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4316	SuperBrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4316	SuperBrowser.exe
Token: SeDebugPrivilege	424	NoticeUI.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: 33	5780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5780	AUDIODG.EXE
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe
Token: SeShutdownPrivilege	4668	superbrowser.exe
Token: SeCreatePagefilePrivilege	4668	superbrowser.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4316	SuperBrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
4316	SuperBrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe
4668	superbrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 5032	1488	SuperBrowserSetup.exe	94
PID 1488 wrote to memory of 5032	1488	SuperBrowserSetup.exe	94
PID 1488 wrote to memory of 5032	1488	SuperBrowserSetup.exe	94
PID 1488 wrote to memory of 4288	1488	SuperBrowserSetup.exe	96
PID 1488 wrote to memory of 4288	1488	SuperBrowserSetup.exe	96
PID 1488 wrote to memory of 4288	1488	SuperBrowserSetup.exe	96
PID 1488 wrote to memory of 1620	1488	SuperBrowserSetup.exe	98
PID 1488 wrote to memory of 1620	1488	SuperBrowserSetup.exe	98
PID 1488 wrote to memory of 1620	1488	SuperBrowserSetup.exe	98
PID 1488 wrote to memory of 2424	1488	SuperBrowserSetup.exe	100
PID 1488 wrote to memory of 2424	1488	SuperBrowserSetup.exe	100
PID 1488 wrote to memory of 2424	1488	SuperBrowserSetup.exe	100
PID 1488 wrote to memory of 548	1488	SuperBrowserSetup.exe	102
PID 1488 wrote to memory of 548	1488	SuperBrowserSetup.exe	102
PID 1488 wrote to memory of 548	1488	SuperBrowserSetup.exe	102
PID 1488 wrote to memory of 3172	1488	SuperBrowserSetup.exe	104
PID 1488 wrote to memory of 3172	1488	SuperBrowserSetup.exe	104
PID 1488 wrote to memory of 3172	1488	SuperBrowserSetup.exe	104
PID 1488 wrote to memory of 2308	1488	SuperBrowserSetup.exe	106
PID 1488 wrote to memory of 2308	1488	SuperBrowserSetup.exe	106
PID 1488 wrote to memory of 2308	1488	SuperBrowserSetup.exe	106
PID 1488 wrote to memory of 4028	1488	SuperBrowserSetup.exe	109
PID 1488 wrote to memory of 4028	1488	SuperBrowserSetup.exe	109
PID 1488 wrote to memory of 4028	1488	SuperBrowserSetup.exe	109
PID 4028 wrote to memory of 4316	4028	Launcher.exe	110
PID 4028 wrote to memory of 4316	4028	Launcher.exe	110
PID 4028 wrote to memory of 4316	4028	Launcher.exe	110
PID 4316 wrote to memory of 1036	4316	SuperBrowser.exe	114
PID 4316 wrote to memory of 1036	4316	SuperBrowser.exe	114
PID 4316 wrote to memory of 1036	4316	SuperBrowser.exe	114
PID 4316 wrote to memory of 424	4316	SuperBrowser.exe	115
PID 4316 wrote to memory of 424	4316	SuperBrowser.exe	115
PID 4316 wrote to memory of 424	4316	SuperBrowser.exe	115
PID 4316 wrote to memory of 4668	4316	SuperBrowser.exe	116
PID 4316 wrote to memory of 4668	4316	SuperBrowser.exe	116
PID 4316 wrote to memory of 4668	4316	SuperBrowser.exe	116
PID 4668 wrote to memory of 3344	4668	superbrowser.exe	119
PID 4668 wrote to memory of 3344	4668	superbrowser.exe	119
PID 4668 wrote to memory of 3344	4668	superbrowser.exe	119
PID 4668 wrote to memory of 1952	4668	superbrowser.exe	120
PID 4668 wrote to memory of 1952	4668	superbrowser.exe	120
PID 4668 wrote to memory of 1952	4668	superbrowser.exe	120
PID 4668 wrote to memory of 4440	4668	superbrowser.exe	121
PID 4668 wrote to memory of 4440	4668	superbrowser.exe	121
PID 4668 wrote to memory of 4440	4668	superbrowser.exe	121
PID 4668 wrote to memory of 796	4668	superbrowser.exe	122
PID 4668 wrote to memory of 796	4668	superbrowser.exe	122
PID 4668 wrote to memory of 796	4668	superbrowser.exe	122
PID 4668 wrote to memory of 4260	4668	superbrowser.exe	123
PID 4668 wrote to memory of 4260	4668	superbrowser.exe	123
PID 4668 wrote to memory of 4260	4668	superbrowser.exe	123
PID 4668 wrote to memory of 4600	4668	superbrowser.exe	124
PID 4668 wrote to memory of 4600	4668	superbrowser.exe	124
PID 4668 wrote to memory of 4600	4668	superbrowser.exe	124
PID 4668 wrote to memory of 4708	4668	superbrowser.exe	125
PID 4668 wrote to memory of 4708	4668	superbrowser.exe	125
PID 4668 wrote to memory of 4708	4668	superbrowser.exe	125
PID 4668 wrote to memory of 2592	4668	superbrowser.exe	126
PID 4668 wrote to memory of 2592	4668	superbrowser.exe	126
PID 4668 wrote to memory of 2592	4668	superbrowser.exe	126
PID 4668 wrote to memory of 684	4668	superbrowser.exe	127
PID 4668 wrote to memory of 684	4668	superbrowser.exe	127
PID 4668 wrote to memory of 684	4668	superbrowser.exe	127
PID 4668 wrote to memory of 5028	4668	superbrowser.exe	128

C:\Users\Admin\AppData\Local\Temp\SuperBrowserSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SuperBrowserSetup.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowser_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:5032
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowserCore_Chromium_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:4288
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall delete rule SuperBrowserCore_Admin_rule
  2⤵
  - Modifies Windows Firewall
  PID:1620
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowser_Admin_rule" dir=in program="C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:2424
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowser_Admin_rule" dir=out program="C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:548
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowsertstunnel_Admin_rule" dir=in program="C:\Users\Admin\SuperBrowser\5.205.10.25\Core\tstunnel.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:3172
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="SuperBrowsertstunnel_Admin_rule" dir=out program="$INSTDIR\5.205.10.25\Core\tstunnel.exe" action=allow
  2⤵
  - Modifies Windows Firewall
  PID:2308
- C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe
  C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4028
- - C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe
    "C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe" "LS1zdGFydC1sb2c9QzpcVXNlcnNcUHVibGljXGxhdW5jaGVyXDg0NjI3OTNfc3RhcnRlci5sb2c= --base-encode"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4316
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\CoreHelper.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\CoreHelper.exe" 1TRNQzpcVXNlcnNcQWRtaW5cU3VwZXJCcm93c2VyXDUuMjA1LjEwLjI1XENvcmVcQnJvd3NlclxDaHJvbWl1bV94ODZfMTAwXGNocm9tZS5kbGw=
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1036
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\NoticeUI.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\NoticeUI.exe" --pipe_server_name=4316_NoticeServer --pipe_client_name=4316_NoticeClient --process_id=4316
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:424
  - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
      "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --store_data_path="mbXbzp+4ZOPUH/JOV1Q76RvjMac1/qMw2NCdkk0cnwCQ2FYV20VWkdXQFylj2v4iTM5XAYTCg1NhbJwWh4fBrozYREMKaikoM7xKHU0yQoY=" --browser_id="BrowserWorkbench" --profile-directory="Default" --proxy-bypass-list=work-flow-service.ziniao.com,common-service-todo-front.ziniao.com,work-flow-prod.s3.cn-north-1.amazonaws.com.cn --no-sandbox
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Loads dropped DLL
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4668
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=gpu-process --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=1708 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3344
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --video-capture-use-gpu-memory-buffer --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2032 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1952
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=zh-CN --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --video-capture-use-gpu-memory-buffer --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2112 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4440
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2772 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        
        PID:796
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2780 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4260
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3188 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4600
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3408 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4708
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2592
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3488 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:684
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3524 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:5028
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3540 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:1384
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3532 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:3412
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3660 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:3776
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3688 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4176
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=renderer --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=3496 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:1
        5⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:5164
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=zh-CN --service-sandbox-type=audio --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=4896 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5432
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=zh-CN --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=4920 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5452
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=zh-CN --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=5612 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5652
    - - C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe
        
        "C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=zh-CN --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --sub-token=TM93Nhv6Uu+2y8fJmyKLFQ== --mojo-platform-channel-handle=5784 --field-trial-handle=1892,i,5013907436327727562,9637647638489140101,131072 --enable-features=UserAgentClientHint --disable-features=AutofillEnableToolbarStatusChip,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,TabHoverCards /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x320
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\AccessControl.dll

Filesize
15KB

MD5
f894e7068ee5f5b4489d7acdde7112c9

SHA1
79ec857791ad4ac76673b05e6fc44e55315424ef

SHA256
3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab

SHA512
e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\libcurl.dll

Filesize
628KB

MD5
73adaa2886fac58ed44c657787512ded

SHA1
95479a35ed77f0b31ca61437be3a2b1751d7f14c

SHA256
96a281095b37ef312b5503129b7ea8ed451fa625456d7b864444d72832ff7844

SHA512
6a69e7bdc7c6b2cc5898a42877ea85cba0805f5d081574d931476c25a03fb502c16e5ce41d4ee52a831dcb25c3354913d4e3bafc078f855175d9bafa6ac36de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\msvcp140.dll

Filesize
440KB

MD5
1940325e1e8ca37e09f84545dccd07cd

SHA1
333952b9b0dbed320539fb30ea77928010bcaadb

SHA256
83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

SHA512
760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsDui.dll

Filesize
963KB

MD5
0770b7e4d5b3ccf1d13562a60f0fa7cc

SHA1
2ce6b4306dd9875efed46eff66c3f90961473998

SHA256
3be91d177fa7fabc153c2641062f289e6cc6adbd20c1a5339f491c730ec86167

SHA512
51ad3704ef14f979072ab20cf992ce38efbb3c5907811c82455722f929b7e3493994adfd2b50cb5f3cc09d2302a91758f84327f990ef91caaad9a546cf27a1de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsSa.dll

Filesize
184KB

MD5
fb89751ff86cd368cdfdb0f631daf16c

SHA1
d1f9d17656b1c3555120f0372f1029a013f4ee02

SHA256
565f8a8d53b5da5e209b1a7297f85494de99b271dc0fa73888d3ed1876066af9

SHA512
12c7f3de1116d85f6593bd8b0ea5929f4169def2aa0a091a454ad1c0829570114632b121772b5927f1e60148ef41888aa497d8c78dbd1bca680f359cc7bd50dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\nsis7zU.dll

Filesize
313KB

MD5
06a47571ac922f82c098622b2f5f6f63

SHA1
8a581c33b7f2029c41edaad55d024fc0d2d7c427

SHA256
e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

SHA512
04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE8DF.tmp\vcruntime140.dll

Filesize
78KB

MD5
55a044d2655789db09e84bf699034493

SHA1
d653b8a89776b4ca854d6e4d2c9d33f08d4b0d12

SHA256
f779e79ffa7abcc303b6208b5fc9650c54bed6bb3342687e82a9ca17f9ccc415

SHA512
f24bba548fe37206b4cccb4cf5105de4a7101c94c92663368376ebaca79281af351c7b8c667f05e65cdb6b44a407136460d67c421961046084a7c136e917e9db

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Browser\Chromium_x86_100\superbrowser.exe

Filesize
2.0MB

MD5
79a36c6ace81d0cd41aca76b65bf0ab0

SHA1
ec2eca701df0c137dc2bff81f6608db356dabc22

SHA256
4d3d289b7a36233a1474fce1803db844b901aaea4f4c921197448c1faaff0502

SHA512
eaa60850fdf9fb4a85a54608e100b21fce3a0c37b8f1683bdd03b923a7a38579447a7ff247b9ab5759f09d84f84c3fb096d574c7e60da8da486200f329a272fc

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
6e704280d632c2f8f2cadefcae25ad85

SHA1
699c5a1c553d64d7ff3cf4fe57da72bb151caede

SHA256
758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893

SHA512
ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-conio-l1-1-0.dll

Filesize
18KB

MD5
a668c5ee307457729203ae00edebb6b3

SHA1
2114d84cf3ec576785ebbe6b2184b0d634b86d71

SHA256
a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503

SHA512
73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
9ddea3cc96e0fdd3443cc60d649931b3

SHA1
af3cb7036318a8427f20b8561079e279119dca0e

SHA256
b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5

SHA512
1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
39325e5f023eb564c87d30f7e06dff23

SHA1
03dd79a7fbe3de1a29359b94ba2d554776bdd3fe

SHA256
56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a

SHA512
087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
228c6bbe1bce84315e4927392a3baee5

SHA1
ba274aa567ad1ec663a2f9284af2e3cb232698fb

SHA256
ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065

SHA512
37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
1776a2b85378b27825cf5e5a3a132d9a

SHA1
626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df

SHA256
675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee

SHA512
541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\DLL\x86\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
034379bcea45eb99db8cdfeacbc5e281

SHA1
bbf93d82e7e306e827efeb9612e8eab2b760e2b7

SHA256
8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65

SHA512
7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\Launcher.exe

Filesize
3.8MB

MD5
9ef616b1bdd1105a241433ded3267ed4

SHA1
0835295861fe2890c023d7a1abc75863fe25a9bb

SHA256
01d4af40ae4776643814b284964ed9dbcd873f9fdfa5e642863f95c4a0c20581

SHA512
6dd47b70ea9d511a601c2438e29932e72d886610713c01c1d7b445c7019c5a4914f051630d3a80d88c6fc7329ceaedd0643afcc1befd1890a1c242c29d0434bb

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\ZXSafe32.dll

Filesize
149KB

MD5
9e69f387a86f9bdd2307cd6862db731f

SHA1
85dab1e4383d9fce9be58e63a7077d0de5cd43d9

SHA256
8b983cd9581878726991c09e1808e3b0c692216b3875b9be52caf40cf86298ec

SHA512
4267cf86b5079f382b8d9c8f2a74195f9c2f89a4609f18a7d7e510e371b3a845c8c3d83b5898755d55411c7235b3f24d16c68c94823e30d1f3c7efd133803644

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Core\ZXSafe32.dll

Filesize
149KB

MD5
9e69f387a86f9bdd2307cd6862db731f

SHA1
85dab1e4383d9fce9be58e63a7077d0de5cd43d9

SHA256
8b983cd9581878726991c09e1808e3b0c692216b3875b9be52caf40cf86298ec

SHA512
4267cf86b5079f382b8d9c8f2a74195f9c2f89a4609f18a7d7e510e371b3a845c8c3d83b5898755d55411c7235b3f24d16c68c94823e30d1f3c7efd133803644

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\DotNetZip.dll

Filesize
466KB

MD5
4f42b8d49c01ba724c8f896de97368f0

SHA1
1613ff359ecff83d93bf6ec5f0338a89c89a3b54

SHA256
04ab9c8479dd713b61710391ac20a81e8330f22d5ffa283b1170f4b24d64f1d9

SHA512
a92ef23c288eba3571bef26ed0c238681927dc2ba0121d1a1765ac0ea8d71a9fbef04a924a099710b216caa66a3e4b2fa66477c9359d4c67a79c182db0c050d9

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\Newtonsoft.Json.dll

Filesize
694KB

MD5
e2a510b3daf6b3a43ab9cb838287fbff

SHA1
6ff097a28d1216bf3c4efb48ea616c43e716de5e

SHA256
53e0af7ccded460d0aa58f1ff0779217b0dd2c3b42b330e3325c0f9bed7eb5e9

SHA512
02b70c96a41c1d1c9f44cee7e3c42037a3cfa2e3219de12fa23dfef9f59f0d0ca5103db73bb4008a4504ae697c2245d561ec31cdd5fb562f764b50a98c612b7b

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe

Filesize
3.3MB

MD5
6829257785cce9fa4c68e90a05747a5e

SHA1
2caa1745de8eedc57b1b45067585410cf9e28342

SHA256
20e8228ed83ae95e9221772bb7f8956b7f39b29e17a50dcc61afbdd0b3727040

SHA512
ae02a0de1393b0cd3c752a80d88560e30bfdf1a1ed3227da218151b66b5561b42d9bc9164a38d17971f265081b538a24993e897bb92b51c39ead801bd0aea0fd

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe

Filesize
3.3MB

MD5
6829257785cce9fa4c68e90a05747a5e

SHA1
2caa1745de8eedc57b1b45067585410cf9e28342

SHA256
20e8228ed83ae95e9221772bb7f8956b7f39b29e17a50dcc61afbdd0b3727040

SHA512
ae02a0de1393b0cd3c752a80d88560e30bfdf1a1ed3227da218151b66b5561b42d9bc9164a38d17971f265081b538a24993e897bb92b51c39ead801bd0aea0fd

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\SuperBrowser.exe.config

Filesize
925B

MD5
affd4103db0f996a5a4acfd3093f473c

SHA1
5504fa264f452ce0cace3e6a1b0583fd20a4e87f

SHA256
94f65ce5615f7ba9e043b41a8a70962e324b8689e7d8c1d419dda5d4d36fb21d

SHA512
0ce7b66d94dbf3aa0661b5c546fa38d1b4142ecc29b0f61b07d4d8571f45d99a041f83bcb71cf2514df5d3dd7466b428f750c78fdd094b293f03e3e6cae346e7

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\System.Data.SQLite.dll

Filesize
366KB

MD5
aead6011fa01fac821869140d3534df4

SHA1
32539cc9a74818dba84ae2035c944e469f9d3096

SHA256
a524b71e5af22d3f75a39313a8bc40f692e013896b79994fc1375b4f39b7b8c8

SHA512
7835bd972a9f843859897b34393459108a6e5968bab78c83d6dfeb3216bc61125cb590700dd54c4afb935958052bf9f9fe212393ef5e99d126715e2c67c9dc52

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\x86\SQLite.Interop.dll

Filesize
1.2MB

MD5
2c28dce65ab7443f205c748e79bc8726

SHA1
48c7fe4114315001ff201d0eb4f3921cc2704b8f

SHA256
51f6e78fee9bb16537543e6e03522c4badce7d9e35676551873ddf3db70d072e

SHA512
a2240e499b8ce6c762a03759c8cb3969b13ebf829ae8cf894abd4fd4ed5b2a2d7dcf3231dfadcbffb67db909db89c32a24880431e1473d6be84c8ad2d4ab1273

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\x86\SQLite.Interop.dll

Filesize
1.2MB

MD5
2c28dce65ab7443f205c748e79bc8726

SHA1
48c7fe4114315001ff201d0eb4f3921cc2704b8f

SHA256
51f6e78fee9bb16537543e6e03522c4badce7d9e35676551873ddf3db70d072e

SHA512
a2240e499b8ce6c762a03759c8cb3969b13ebf829ae8cf894abd4fd4ed5b2a2d7dcf3231dfadcbffb67db909db89c32a24880431e1473d6be84c8ad2d4ab1273

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
C:\Users\Admin\SuperBrowser\5.205.10.25\zh-CN\SuperBrowser.resources.dll

Filesize
13KB

MD5
4deefa1c3094afb382df41ba9b26c9a3

SHA1
0b63832a56f505dd254af170445fca5945dba17c

SHA256
2df16ed44cf1da9586a349c7c5027225ad53ed5e414d03bb214f88a2fd8285df

SHA512
b988c1dd44a7594bf2798f7b7917fa4c390d1552732a1010c67850577024d668c131cbcd9b7e33bddefe73809ba303f1e25be36e92c8c7c5d0024f13bb67eb9a

Download Submit
memory/424-219-0x0000000000A10000-0x0000000000AC8000-memory.dmp

Filesize
736KB

Download
memory/1036-216-0x00000000000E0000-0x00000000000E8000-memory.dmp

Filesize
32KB

Download
memory/4316-191-0x0000000005FF0000-0x000000000604E000-memory.dmp

Filesize
376KB

Download
memory/4316-200-0x000000000A3F0000-0x000000000A412000-memory.dmp

Filesize
136KB

Download
memory/4316-194-0x0000000007710000-0x0000000007CB4000-memory.dmp

Filesize
5.6MB

Download
memory/4316-220-0x000000000D210000-0x000000000D73C000-memory.dmp

Filesize
5.2MB

Download
memory/4316-201-0x000000000A990000-0x000000000A9F6000-memory.dmp

Filesize
408KB

Download
memory/4316-217-0x000000000B630000-0x000000000B642000-memory.dmp

Filesize
72KB

Download
memory/4316-199-0x0000000008E30000-0x0000000008E3A000-memory.dmp

Filesize
40KB

Download
memory/4316-231-0x000000000CDE0000-0x000000000CE1E000-memory.dmp

Filesize
248KB

Download
memory/4316-177-0x0000000005350000-0x00000000053E2000-memory.dmp

Filesize
584KB

Download
memory/4316-176-0x00000000004C0000-0x000000000081C000-memory.dmp

Filesize
3.4MB

Download
memory/4316-181-0x00000000054A0000-0x0000000005550000-memory.dmp

Filesize
704KB

Download
memory/4316-185-0x0000000005CD0000-0x0000000005D46000-memory.dmp

Filesize
472KB

Download
memory/4316-195-0x0000000007250000-0x000000000728C000-memory.dmp

Filesize
240KB

Download