hxxp://ccleaner[.]tools[.]avcdn[.]net/AAkPCVwaAN77a21BgQAAEAgARQAAKKJrQAB9BumRCsgNu2hu8OHMdABQh+R1gHJTAIdQFAAAAPoAAAAAAAAAAA==

Analysis

max time kernel
190s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ccleaner.tools.avcdn.net/AAkPCVwaAN77a21BgQAAEAgARQAAKKJrQAB9BumRCsgNu2hu8OHMdABQh+R1gHJTAIdQFAAAAPoAAAAAAAAAAA==

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365767589342936"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 476559.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
4364	msedge.exe
4364	msedge.exe
4200	msedge.exe
4200	msedge.exe
5884	identity_helper.exe
5884	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
1356	firefox.exe
1356	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1356	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 4680	764	chrome.exe	80
PID 764 wrote to memory of 4680	764	chrome.exe	80
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1984	764	chrome.exe	82
PID 764 wrote to memory of 1132	764	chrome.exe	83
PID 764 wrote to memory of 1132	764	chrome.exe	83
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84
PID 764 wrote to memory of 4324	764	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ccleaner.tools.avcdn.net/AAkPCVwaAN77a21BgQAAEAgARQAAKKJrQAB9BumRCsgNu2hu8OHMdABQh+R1gHJTAIdQFAAAAPoAAAAAAAAAAA==
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa66d19758,0x7ffa66d19768,0x7ffa66d19778
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4612 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3744 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1776 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4112 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5132 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4392 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5832 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5624 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5212 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5672 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5264 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4392 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5388 --field-trial-handle=1848,i,14021533504344419456,17846026475544105367,131072 /prefetch:1
  2⤵
  PID:3304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1888
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.0.862234720\2120110789" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3210a897-6348-44e7-9471-2f6688ee0fc4} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1980 167d5cd4b58 gpu
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.1.474681740\1343201465" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2364 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88651e8c-949c-4a87-8f6d-8a6841723248} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 2384 167d5bfb858 socket
    3⤵
    PID:3868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.2.255220159\2075146320" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {157dcb83-1c83-4b96-9917-40e391fcd551} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 3196 167d9c90b58 tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.3.229778580\1367173219" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3560 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3ba9d9-9009-4df6-bbe9-00b49f2cbbbd} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 3580 167c9272858 tab
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.4.637770611\250522492" -childID 3 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f427d6-158a-4688-9611-231c117a7748} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 4012 167d9d10f58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.5.55446437\2127229797" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bafd600-1a4d-4120-9ba5-fa0200107986} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 4964 167d9d10358 tab
    3⤵
    PID:3004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.6.1546682544\1800234677" -childID 5 -isForBrowser -prefsHandle 4980 -prefMapHandle 4148 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4880435-ddc4-40d5-a6e2-4aca85ae7a2c} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5000 167dbbd6a58 tab
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.7.240365903\1494275476" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7835d2c-8be5-4ffd-8311-bcaf192f7dfe} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 4148 167dbbd5258 tab
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.8.768527847\1300389898" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5760 -prefsLen 26672 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f81ae687-98b4-488c-a233-26b18218abd2} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5800 167dd916e58 tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.9.1394219604\267578334" -childID 8 -isForBrowser -prefsHandle 4996 -prefMapHandle 4992 -prefsLen 26672 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0132ab74-4e0f-420d-bcca-afb45809dc37} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5088 167d93c9858 tab
    3⤵
    PID:4332

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa56ff46f8,0x7ffa56ff4708,0x7ffa56ff4718
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7303983405506403464,9156022570898325024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv JWYa/uZKpUy5Jj5aqHU4Aw.0
1⤵
PID:1560

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
823b7c10a87dbed64d326365ac2af950

SHA1
187f931e52552bd8657b96ac0e9a0f8ed7c57042

SHA256
894e30140e72511611241c7484ae915699ff316e9ee0a7eda66c4a6c2e8936cd

SHA512
9004424ce184737048718b7f7e3d72dfcf47baf419ad9890eb566d78b97a084fb56e18b732c4946db6cc247aea9d6a14fb7d52c4febb236c171349e76ef8ccfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44d6fb44-a680-4edc-a8e8-d1d0cd2cec5c.tmp

Filesize
6KB

MD5
f262e542e60dd37569444c0d1f23eb8b

SHA1
b4bb240f2f1d427416242ee473cc0f0a94d7046c

SHA256
ca239e176b71b57753a72ed546653e69c8c288b4ee4108a01294522bf2519a3a

SHA512
e034d427d4af94b216be642e7599aa4d601b9b63e944352909d0758afff249d64adb997d3116f739e5f4116c543aa46d37f60377ef47d643cab6a09886d54c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
630B

MD5
fdea7a18792031a06daeaedf05454a31

SHA1
ff557229ad2abf41f279e2bf89aa2144d7bd3f08

SHA256
571e86f72dadbd4e18365504a91a8de10426db3a293b57d183539d365ccd38bd

SHA512
12fc5802f72d16ea586196ab2709da21f87efc88d186f572a5b96d6dee71d1323d3207de3738ed91adc5116478b527d83829f924b29fcacc68ff611ea82d0114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e3e69b69ace142c361757af496037a4

SHA1
d56b59f61d2def3439af707b55d47014a39a5f08

SHA256
f862d00fd40443917c8ac2ce7ea170edd75eddc26d43283dd73cdba8771a0110

SHA512
5f159625e25e45b58aaed8eebbb0daae3f78fd447319ee6e5a28733dd16a755c93fbcbb89a198a8a48ebae448a822f471fc1c3da535a6fe3c51dd4a42fb98b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d397a32b1f499a3c0ca302d5fc6da569

SHA1
ae88bd0b5bd0d62f3a5e58eb90640e61bcadafbe

SHA256
75766472639d311205b578c5eea6bb8c38e9daf99cde127bec12be905cc62c5a

SHA512
b7df7bd996cafc90fc76b3e934d14f92acd38f1ab5be063b1f0c4d41190e8518b20f7366f03a0d7222e9d881b9493488b34cd5cc53d46df84f4581c7f5a4295a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
55c585b35e1893c84c8b919f39314fb4

SHA1
f9f980c9121323bb3d6d2823ddd2da6328579068

SHA256
fd7cb19167da12bf502f57f6ac68418bb98edc57dd43192ad5c7dc462e316812

SHA512
87bc7d1a82568e3f90d36790a469521ff9cc90351b3609377eecc4f9f4f977c0cecef2e35a5e485c834b671d5f58db9ded552b9cde121fa9357f6165af938002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
098dfe711ac76ebe9fd194cb65f13c2d

SHA1
717b2efaff76ed722a9756d0b7d9ba3406e02ae2

SHA256
3f13f37df484402940ea8ab1dcdd1a9fbcfc7f2db797ae81d2faf748ad576a4e

SHA512
37180b71361f3b16a7e4b8a9c21abcf04da47fb60284e45a58601b43bb40771d9c06ef7f317eec0fa6c775f26ef150fb48c99d4362a9ab5f1d2b98c4448468fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87c5adf18847897c0a12f0e0891e08cb

SHA1
0626292efcf49c33e606bed40a90ba7e433c96d6

SHA256
73a751e8fe99c3f21066b8bae9f30f7d8ac80d10b144b5e358563fad24c6addd

SHA512
d92e8112f1230e01e2dbeff1fd354103c7b9610cca2616203d6c5d74e2291aa65ce984442cf7dfb968a919d01d856834ec0de4dcde32e81ff98d144b8a76c980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3b432636e13aaf47f8c7a7be7208c673

SHA1
5f683d61ea0d4106d91f7713813433d0708f7d21

SHA256
25221caf290e8b44bc0a1119dc59b56f721d9532324ba7b993be0b80c780da4b

SHA512
d222e811c4b8f9af08a2b756ebf7d51711f2d389724c0e0eb7baa7f4a3cc0729c0f46dfd76297914222908a10d5d07b51f11b9e6629f2844bf2d1b6edcbd02f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b899b2f2869847bb15358b3120e86097

SHA1
ba944a660b8f3fca37083ab6c654764459ea3f0c

SHA256
c52f5f034dfa6ff42e37b1f2c9093dbaaa3a66d56611f36feb1015ce7987cc74

SHA512
9fcd9a61e285826c4a37c2addb039d9bce132ac8ec3b905196a04e5bc3a58f8929e8b60b9deccb7d5ed34368eb947396a7c5f843651696a97246c3b2cfe33dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f582bf86b9e6b1ce2a6631aeee4c0f6b

SHA1
5094c176588146d39535f687627112837f24dc6f

SHA256
2b2caf72c2662c10d5911e1f856fb08b46f9dda0c82a11cab5296db78a8dfd50

SHA512
b7d59c7559e020b10cca2ab814f772dabc82d3c12e3a639c3ce101951304f0c8f8309d3f7b88d184a9afb87a8522ba7c3accfe0c0d99d4d2a7e39585d671429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c1bd715dbe2e32b45914fe043e76a854

SHA1
e27bb53b1fdf3c0996815bf067a6197268b0e580

SHA256
0696340562a16fad411e258cd781ec1edc3f56e09dff1f474c92d1435ae8c226

SHA512
b35c9dd27b0928866bd7b214d8e602e572ef777a3e6014e835ab1cf324ed5f00bebb0303bbd4643b0f17078b3e27dc6b60906c278c4cf99addb4140b5c5a2bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
b79d8936a6308e294875c0976b1acf37

SHA1
e38d5ebf01bd8dfe7a7859343f0eb961996bd840

SHA256
00a702120a19f25bb7bdcf8f85d7fdd1470b89ca5c7446ad5985a193a1d93175

SHA512
4d4dd5a5e6b64ce7b0ddadb51af889c8058ae9ad9882a9a9dc7e25bc0c925635d024cb2e1cc6cb3cb1f696ac989231c16268c28e53ca4ecb71e536109fee0a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
a5ff8076dcd4e1aa62e2b7059d07d70c

SHA1
bb3c7352ef1a83f3aec97329dfa31eb244cc6add

SHA256
6be2d4fe552a1157095efba917fa71bc4134e1e4e4e65d56b9d6495722271e88

SHA512
ba70aca9cbd86ba2041dd1324e247646ec1224563a6f2751d8353da368d1fa1f15ca371eacbbc5a309b0a89482b6ce42342062f15c2cc7fef6c5af9fb4911049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f2b8.TMP

Filesize
95KB

MD5
79bec6a61dd030aad4520701f24e75bd

SHA1
7ad22bd74c59edd5cf4b0b129d2c92e7df58d538

SHA256
39b8500b4894099b0647246b00838a9b1ef2b9fc4de7c479869115b94dd26f55

SHA512
8bd6a8d222575f766802536a2411ce989b5d797f2ee09d8d974d94df06d2641f3cebda65777d39bbb2b712fce0589f54cc274e9900572d01ce3c47e4f8324aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1231cc27ec34e1746969c3f1fd212884

SHA1
2716ae0ce25ebafcdaf2b8088a51dd7d86f341c4

SHA256
6fd5c94cfdb7b5e0981021c2efc5b70debc46baa01068e3e27da82608cd3cbd3

SHA512
263a972e79eea6d22da8d5f4aa47e5aec1972dd7215551a87bae1993fb22ca0b82feada7d9526002cb1cbc313758930221f66d8a30fbf36a921da68f15451da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
531e618d3813b18b2e647c4ab99b8630

SHA1
6e29d503f401b2641ba317bda6218500c0d61a27

SHA256
bf123ec1ece497af46dd10743fc55043465075c5bc50e803f5b6424c0be926e0

SHA512
6cfbcc2b6ecbac28583b95a1adab2f6d0c3385f30366057aa40eabf238e4cde6ddeef4d9f10321482e757b90e3cc1f890887f5a052bb75d71b12da748038eb8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b48b894a7d93cd7d04a42ffbd8d2045

SHA1
be12754794dc8b4d69bccd06ac4ddbbd506863c9

SHA256
5b2548a7fe5d7628875f13c9aeb3fd02f013ded53e00b8a6e1da33917ff02a51

SHA512
59736f027e7ae766ee862877a0d0597446ff55989551843df1d83e80f5c05115766baaad1c9afdb42c0a4e8eb327727394a0c8c29bd6d2bb4507686120b0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
75b527ac7b7f8f1a5191fc09f8e52683

SHA1
384e80895031c48b5c89cdf99f308093c58cf6b4

SHA256
8c225f9098f28ea93b20106b0da579c7506cfcf14988b91984b6536e7b3f7038

SHA512
6569bb208e49700d280ad310c208244fb866123a2944fc80f9d54892ae2991fa9cb4677108746fef71600bb66a029c7e8babfa6e04a16ee972830d87f22b1192

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
6KB

MD5
09fe6b25fafeb6fdc37392283173d28c

SHA1
e79d5fc25170a9ae3e94e997a5804fede7b7c76e

SHA256
42772f6456145c0a0b356452a15140f068e7cf22f9c44fd84a7653200ed825c2

SHA512
dea3806601f746b75186fd2dc3e97546040804db1335134cf4c28f2a7911feb32863cba791b5abd45e6b8bbc0f4344e562beb23e478a1be8b3f6092e98f61eab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
7KB

MD5
8836563fcbccc58d487b0a7e0a8bd75b

SHA1
393e5812b64dbfe91f643926e22d242c89c4170f

SHA256
5dabdcb5a37a57ab62ceaf0f523eeb2629f573483a2808a0c46feb48e92ac23b

SHA512
b1359ee99ec9d693106742979f1e281a899052ee71aacfe6eb9f42442390b57551c7189727e605a505d12d654c0f3a7ebad593a1955d0c82509485b38eb767f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
6KB

MD5
1c14c48b59e545acc5f2ecd505a80382

SHA1
fee3903fb076caf0378f37d4b2cd43b378af5078

SHA256
2b53db3548fedf103f13828fd667cd9a347096190f2e185c4e529b85cb0e3ac2

SHA512
55bceb213ba4b530e0d1fd0220cda79e0e0a3b23b8eb82cbc062367d0d86d4382e4ede147e9d108f510eeea2ded695880d851e4ddc07a72a108bda4a06fb2695

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c8153a63d3a89138503ff0eeccafff54

SHA1
0b5712c58548ea9bba18ae193b258bc881cd97ef

SHA256
39cfdce8c31259fd38b2e01663dcdba0f4ce82f4f1c237e991ad5d42bb46351e

SHA512
b3e3cf7286f755c74d48f5ef5274e1ed6629a71f3a4b78bf2c958b1949af41789d9ad57b9dffb772598838a8a9f32724a3e8bf069c34084513b9e945e54cce35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1624031a1e3108b5ab24fa192dad592b

SHA1
36c17270a731c38582ec63e86cf051caad32f6fa

SHA256
55095972a43119ee8cb48feb62786f6c2bec9dc9a9065275654af35ad7b42d0b

SHA512
1c3c9b84959c3345a7cb623619c817fb50abc939f7cce607b04c3d8e6796354056c9e221cd13bcf826e03b02d3050adb45aaa012fced02e6fd598df6bd870a22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7fced249801f730bf5f164cc88ede2df

SHA1
fed211ffc2b174cfeb9f5d0927f3da08aec7d564

SHA256
49ba0cd20501e9abbba62442607532bc0a8486faf7d745c98f3821a34ccbe5a9

SHA512
3670451ce7c61351c15c73fd009c49c0a30e01c534ef97b8e66c330a876cb3d43d683946d5c29a827034667595247fe127d612ebaf8bb3e835e15f3929322e1d

Download Submit
C:\Users\Admin\Downloads\20180205.dll

Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
memory/4692-490-0x000001EC3BA00000-0x000001EC3BA01000-memory.dmp

Filesize
4KB

Download
memory/4692-474-0x000001EC33690000-0x000001EC336A0000-memory.dmp

Filesize
64KB

Download
memory/4692-458-0x000001EC33590000-0x000001EC335A0000-memory.dmp

Filesize
64KB

Download
memory/4692-494-0x000001EC3BB40000-0x000001EC3BB41000-memory.dmp

Filesize
4KB

Download
memory/4692-493-0x000001EC3BA30000-0x000001EC3BA31000-memory.dmp

Filesize
4KB

Download
memory/4692-492-0x000001EC3BA30000-0x000001EC3BA31000-memory.dmp

Filesize
4KB

Download