hxxp://filecr[.]com

Resubmissions

27-04-2024 10:59

240427-m3vg5shg4s 8

27-04-2024 10:57

240427-m2c7gahf9s 1

Analysis

max time kernel
135s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://filecr.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
5168	chrome.exe
5168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3244	firefox.exe
3244	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 3848	1792	chrome.exe	81
PID 1792 wrote to memory of 3848	1792	chrome.exe	81
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	84
PID 1792 wrote to memory of 4508	1792	chrome.exe	85
PID 1792 wrote to memory of 4508	1792	chrome.exe	85
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86
PID 1792 wrote to memory of 4704	1792	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://filecr.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6f8cab58,0x7ffe6f8cab68,0x7ffe6f8cab78
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4320 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4800 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5628 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5568 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5756 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5996 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4292 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2696 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4420 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3212 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5680 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4692 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4696 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4660 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5428 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 --field-trial-handle=1840,i,6310488261670129482,11865536221297273807,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4868
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.0.1836700870\459564549" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08aac234-2f95-4c64-bf75-04b0fc1055d4} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 1880 1778b20e958 gpu
    3⤵
    PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.1.1616942614\1635749547" -parentBuildID 20230214051806 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf10925-10a7-4f57-a0da-71bc1e1c94d2} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2448 1778b66ae58 socket
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.2.186940679\1735250016" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {641913cf-7a94-4c1c-b157-ae1842ea5fca} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2984 1778e003258 tab
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.3.837668369\144880149" -childID 2 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4eb349-8c1b-40ce-a5df-d2a44b7a60ff} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 4052 1779027a858 tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.4.1351514733\19416770" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4f3b55-e87a-443c-b7a0-888bc9a223ed} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 4948 17791ffbb58 tab
    3⤵
    PID:5724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.5.387418461\2135882976" -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {233171c3-39e6-453a-8618-faf25d05fe95} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5076 17791ffc158 tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.6.1196318981\1991035089" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49155524-4662-4dd4-ad38-8ec32e6de086} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5264 17791ffc758 tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.7.1059345263\1627436854" -childID 6 -isForBrowser -prefsHandle 5840 -prefMapHandle 5836 -prefsLen 27773 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {160c8b16-0a23-42c2-bf8d-a16eb09f678c} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5852 17793cbca58 tab
    3⤵
    PID:5856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
27KB

MD5
85487bb9bbc8bdb2a54a7887685b8e5b

SHA1
5841e53151d82cc3e6b64222a569eb26ea46c168

SHA256
b8dc82aa11776abc77607d5011e9163679fe6ebac99c601cb8933c7ead47e8fe

SHA512
6d8c8179f0bc2a16dfacdea6ae3fc01d57668cc24d24440ed97ddcb351330be9c3a878de8bde3f5641831a2f80e9156f193375ec5a9c153964b01cd7d3e73cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3858cf1a3ec6f5ea7e1584c416fe1c74

SHA1
6c1fe0c61d5263407ba04681d52555cf65121ac9

SHA256
91cd44154bf7de6eaa66fb0742acc0faf08362173d1448780883c798ed63c27b

SHA512
e7cb109bb5645832253db9ef9e57974c9382179c027e2631bb8e63b95fbf943dc0c9cade6b970dbd5a957bd0400472736814a13b488950b5214e65eaf0bf20c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
fe08eca48c6274a161baa214be0f049e

SHA1
b49c21969931f3958b21e789629415b9578fd681

SHA256
1c3107c784210253693fa54746ebc52b7ae0420d5587d344dbd1d319c2a7b652

SHA512
420d8935a000ec6fabdd3c05aae00afc4755af0f8f5194016a9d67d581156aadcecf28b53edf8b9058bbcd1914efecb8fb0df90dfcd0e2d71753f7ce976cb067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c14c9e0aabf2ec97b6e37d4cde8a364a

SHA1
35c0827d0d9fa3b2ced28ca24aade95f591e3708

SHA256
90dab7efe975fe8fd3dc57d6459b17645dee68d134a1ee70e0252e1be87e84d4

SHA512
85752c0147a10e52ee443399292e2fd34e366df668be95657f9985c0167ee1c1d2e45213a34a70f297e6d473279819a3a8fc316ddf9b3736a6a515ef0b97b1ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cf03d21660fe7853e135e4c8a2c4b297

SHA1
b1c0e1c38651d7c19405dacc1cf87d0cdb051470

SHA256
fe9d6a3cf5832a6e3e58ff649744152aa74c0b9d15b90985ea1db1190db27e53

SHA512
7539820dac3067520b25b818c288ddd3cd992f465306e3f917d875a02c14db41fa46ccc9a0545bd98013bc2a9395280ff00125eff0b4ecd7c841fae034bc4479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
cb91a157577e8a6ad8e8a0adf6cb8943

SHA1
dfc5712354b426f0d5265aaad0d4299175dac08a

SHA256
cfb400622879f1258f8ef644848fa037f01111d6fb644f2a70b0f63316300914

SHA512
f79c7e65e7714f4dbc36f2a242650adf48d49d14b56f390ea5f3bbea64ae8e1131225536f0206f05ad41d6f2ccda97814188af4cbb13c65a962ab070cb29df91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
2025f7d4f85bda8a6029cb0be7e2444a

SHA1
88a70070dc011ef1234b069ec227459cb4f96b18

SHA256
3776ec49b9219f24aef887f39aecf01351241b53720ae26c751c802e640e943f

SHA512
379d6cd81cf7f1fa000b5153956829cc860069d43d9e9550cce698d3b148bc9b17b619fddf84213381e91afa816155c44ea6307b7a4d0a0e131698a98c7249ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
358e1f65bccbb04a9d3dc2a27f43af47

SHA1
431a8ec9d3c71427384ff74ece10c96b2bb7ec5f

SHA256
c135d31764da0ab690ac4c9382c82e1c5c26a5ad379fc683dd1c9a647bd30bae

SHA512
3ac8d57ee6393b9e5ad526b979ec38c2b5846da5cff01c0d047d3ebefb765135040aa96805365507801a24919005201a2e8f698469913d91b19b09a638b032bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
3645d3831fec75d6c449a1c8b164cf5c

SHA1
f392e2af0c849c3295825314d6090cf12ad3f51c

SHA256
f04f29382c99981b7c3bcb5397f6ab646612401f0aba093970534fbb7f70ff75

SHA512
7e162485c60ef0d616aaab20f2e66bac3539cf534966030bb03fe178cd9a90af0c94191bf5401d472d163e15607a7ab39bca3d2bb6b18dea336ffe515e1d65a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
a0a2c4aaa36e44bcbd8a2a1bd6139778

SHA1
0fc2e2a320fc70192ccec4010328c0120fd78f83

SHA256
fa5059ed968a343c181581eeaf1dc45644d979f77ca9e121998fb03d78c75e03

SHA512
b763567010ccb94a2e2ebe6337f022d0066e978a14b9a7c8a96f68706071c32ef1cde713d7a945f90ce643092ce1c99d81f9dc04e4b5d03fd502d87cb42b81b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b9056dba16b4984a2feef71bea6d4c44

SHA1
46d79f80a64cac94f5421647f4d37e57c0428f81

SHA256
5675dac2b4dc44dcc0eb1325b1b2443586ff93536508467c6eba11e7b6f3e638

SHA512
e56d146ffdda7f76bb008392bdd1e0592d28b64a0b17b695d04157349adc51dcf9a2ca7d1cc22f178ebce460351d09643224807e44b76506ff84c8577760e8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b85035dd29b5b242a8c5644bcb02f305

SHA1
dfbb1dc180f5aeda43257cc9e518912134375308

SHA256
d9a620feaaec2bc74e4f0f2b31544d5478802ae15944b583dae3a299e8e5d819

SHA512
d7e87c1973b128e02142fa729ba81ae673d87f428e64d58fe96b98d3099d546bb084ebe06112500ca94abd073916a2123bd1d13fec8c0c44c9fbab287781aaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
afea9becd0902585564d3b5b0b0f330d

SHA1
1eb137b0ac4036c5c619b3c6a370df9fadc46613

SHA256
2f751b85a2d17e6cba5a840befeeba612a81491c66bc250baec5ff7013de31e4

SHA512
51b6a3c7070cb5cb00936d2309101c4cde01ed902c658daa36a634384a1d802a89e572c5005ae9fd6542a653d2716321920a1ec38956a62bb694c0f18b9615f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7c7d215f56be1aafd299fa297b32441d

SHA1
bee7708931d2cbc99981a0d235b2f70974381f3e

SHA256
1f6fca4ae47f393f4b23cc68a81256def6dd2e8c951ca7e1f65c54cb93cb5f0e

SHA512
a1c5a433d551f9a2066a35f26e9ac43c03f82959338c6bcb91786cfe1685f244c45a40abcf0f1aa56904b683df8984224bbd306d413c0258c3ca0af19100a995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
200e7ddd97d86ffdae09a8847df72dd8

SHA1
8cea80cf8a76fb3c900a31087ef93aca7d7ba117

SHA256
ed60134bfccc94779d7bb121453b243aa6046a1148d3f4fe9d22cf77196b6bae

SHA512
2326474d13fc651a507bfb35bdd3670c5b0df9e6f2c3274388778e98db0f41ef8272b5ffc4a2430fc467ee8697a0b00a99516d9a2271d5c0cd587d465cb4fa9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cf2f1db31f5e91a8b38202b0fbb2abc

SHA1
19dbf44e47ed8df68e4d656ca5121ea90baddc09

SHA256
87f9f6fa0515f6d9935abd8fd56c73205ababb5239e857e314a4b81a3b3a5b5f

SHA512
1a12eef15f53f959056139d85dfa7379180759ae30dde7504a573c770f56049354d832ee6be098ba4c1204371c3fd88157a859e729804c29dc4be5cb6a652eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91ede7b283a1ca5983d7fef0f716de4c

SHA1
87b677902c2901c8f7f6a2b154d6b93ce35783fc

SHA256
157c522833555dfe415465e27da1b1ee61f1abec18d2221efdea050ad4a05fd9

SHA512
264b62140bbbcbab055a0727aa16d509e027ae3a782f7e813da2cf3aeb7aa1c8e94a8ba5f46c8f7620b00d1e05a09a9e213c6abb71a141973dfe4e81768dd435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
769e2d506a03b88fd5d5c312c402f09d

SHA1
bbc64877a84f363d02c0bc9a19c40f54046711b4

SHA256
e2edbe708c264bb897d0104c472fd128b624fcc7c1aadef33b5b544e0eab886b

SHA512
c6a4a5f0fa22f0e40f94941c2a8e122c775307b2a4b8541b12ad5f49c9411d21b4fbda480cc67009bff3f9dee270e88c78cb90c201eba94a18742dde6bddd78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2e12731128514dadd006c167a146d2bd

SHA1
3bd23dd260ac835956994565050bcb4ff913f9d4

SHA256
49e44ed53a88a6e0774ec22c95008471a61a28f14c86f08ee97b49337e2c0367

SHA512
e0ce2a90d18fbb6216dccac0ec767553622b46ef0c109414080192b6dd982150197d0fbb12561621d0cff8b62346ed6c48f146f24270ffef4abc0a11aca09d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d39ffef103852c3af90cc7efdce83498

SHA1
306e7e25c9440afce93266c4df6c601651ee63f3

SHA256
3aaa9011c77a617000bac399336188113b47f9be3316fa408d960eb258e3c6b1

SHA512
0acac493594a48aff648a24d3291c8861e56b4e6b21e1d12ad05f1046d5c2d63fa1224b529350f68020a5699037eb0f74bebcf80c190b09322205e572e80e4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1404799800845186ee0cb42f88d06b99

SHA1
1c6a5077b7405930948a122571f203d4172e0968

SHA256
dc7083a443c8e25511cb60e91fd29880f97cdbf10bd0903340fdfdd6994a852a

SHA512
96c2d706dcecaef06c9a123591112e77f097ed462b49f5351f550a4f4f24ec9c44a1769f6f7dddbc44865a82d7c3e1b4232c1603234f9bc8bc6b0a05d3c094cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
8debd69fe79ee6b5ed7c98896e327180

SHA1
5c1bba27798e7e4fa402142b87dcb7b54ccd7897

SHA256
5e94c9ca98d96a5028ca0363249ed8bc1c4c075014b55f5b7ca107005ff50777

SHA512
46ebf5967dcffc351d34077e81db9d7ea21970b536b6c3da5b4a7957bc0a896e0236ef2741e6af17fd03d8d5b7dacd671602356eb305bc27bf4b92395442c90e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
f44577fe31b539fcf6f3e0a6094be6c3

SHA1
04288486556b60ae71f772c102322cd784fe72cb

SHA256
688925179a8e7b02bbaa5dea55dd52ff9a09c3d0fc396d2a794195c6ece7711e

SHA512
67c200bf80cd77addffc756174f76496a4fe42cda51081d35c82c4be2b9f4bd347c9d39c49eaf9e2c2a2baef6724dbc4551f7390daf2cd3b19745f440e1e1495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
084e4121931df371e1847e81d11de177

SHA1
706cd23f2f71f980dc42966afc19c9d65f9aa1ae

SHA256
b24e28ed0ea25ba4af02488dc56c663ee4de05ab8577751d9734c84ea6707392

SHA512
514b2ab1d643869984826b5f91a1d42da2913ac623b0304de7cbc3b38058c9e5ef010633160cf5f5e22156264a321cbb3f62c46c34b1eec9070ec9faff1fc073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
f02a8ae37778babb0f9a6d8856e8a63b

SHA1
89b7fd6bb33ce147f5cc92ecad82232d242ee379

SHA256
7b68b9ed91072ce1a7726725053a88f9531d2506de68dc157994b35a441d3226

SHA512
6be20155ea0da029dbb95be41f4e8f92e542153ab9ff910738149609842577b50264dfffc188ca9977ad302ccd5ed885760fcbc5a8f3bc88ab9cd2addc0c75b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dff0.TMP

Filesize
88KB

MD5
7fb7186dd366eebb7bfa6727a4153192

SHA1
0bc07ec11c736564923b5705f637f47533754c73

SHA256
ef9f6c26f2519fc2c882d0f054271691184feafa861b04288e4d1743cda6e00c

SHA512
82d31afb6d10e35f41d692de255cc0cdb68d4004d62555ae9dfb22e60800d69d0708896b8e943d1d22b2d46f689099ca8e45148b983a3a7c45f93259e08e4f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dc79769b-bfc5-4086-88ae-0742db18dc72.tmp

Filesize
130KB

MD5
142c74344c11181013541eadbf4ea1ac

SHA1
c6176444b6482184dab157ccdf34f7fbaa72292c

SHA256
cf13f3497f7a5483d0825a8ed7cf479b2207d02bee609ab81355b8fa817f4dcd

SHA512
19559621192c2c8b0c6ef8a34c00f70bb8dce1412c965fa27676faa280daeeba1f29c891a18788a3065b1a1f78e24668fab7084a30a7e68b2676ec1638c66212

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
1436f2266a5f7ed5f46ad535c96ff474

SHA1
8320bc944b945072f0a85b81fcc7d6c6225e8e72

SHA256
3861a3511e30b9747956111e0a3075fb12686993876d11a793bfced787436f34

SHA512
941af3e280107c34bb088abc01335ed7df48b5b35788223026d1f81943a4833900176c23dac4e3db36034e02eb3e9cd701d3deff75ab8a883c658b9132fcf03a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
31f2aa211937e1bce33e8c6448ba50a1

SHA1
76e9e5817f8393f3964b0db4c045e8f2861c93fc

SHA256
bfbc14b166bf507c80a4d1f5263ba35ff8f87a5acbb18b3431303801521c288e

SHA512
3f4baa2a1aabfc0b13883840d7d391824b1238df057f6f3363a116e839e838b1fb2c59d04516cf2eb159b282cfdb5d6b552657390764d14fa3824a1d29c907cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\E2AD0A041A487B025F3A0326EAF3A3DBA44832C8

Filesize
33KB

MD5
c1ecd3923222ee755b8569bdbb505e5d

SHA1
5a5c2ac6b5c8dfe4551e086a128675aa18a7b63a

SHA256
5fc3159e92f169a798257c0031d8d74e9afd5825ebf974d2c18262b5d70702d8

SHA512
4c250a8f588082d9a664ad2753ebab8c8f412f11e6b69661c697c7a6c9c0e5a3741579755b225911a9cb535eac7d0b2da47f0e5d21c99536c06fc432cae044e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
7KB

MD5
9ef30cb0c2e265de966ee1faaf8a23fb

SHA1
6249e18872acd979919661a19af92e8925cf9ad0

SHA256
02b33939af8d647fd2e7963730c33db267f1dffd026e4231e6a5891ce0663eba

SHA512
44c1480b164293b50a049929b4094e9b71ac797a759fb5603419ebc8bfe7d38b34dd1b9aa5137c7b1c61cbb4553de455505bc58d6b11261c37e541ada5374cf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
7KB

MD5
d889a3a0982e5cebe0e69956bef96d5b

SHA1
f523d4969561aa2eae4f347d6a724aa98ddbd6a5

SHA256
e57460b791f0220df71d4d682aae65a99e12c4291ce6bc34b20056fea07a30b8

SHA512
a5b71152a70f05a26404e744cb170a67f1b398b6c770bcb393bd4b082c1f69129341c0501f5aef648c7076b75ee59c4a35130978a2b309cc2c7bf5c302560751

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
7KB

MD5
b1284938d83e4fc31f48257df791c6ce

SHA1
175e839a326f53a92bdbbdd09744d186209868db

SHA256
3ed2fb7f3134e6f7f6fd52ba6e2bbfafcb8ace3aac59e5d0f8eb05ab78209714

SHA512
01a90bb8fc0abe71863f53c82721f76438a364e683800eaafcd2ff9d6434812974aed8eebd4a01f771a348b6cdf16825d7e3536b9c49d2e10b373bd924eb2ec8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e681347fe610e895150d7de7f113a477

SHA1
3883b09714aa356460fb0c549fa359dcdff9d3b7

SHA256
12e4a32557166586887857f2e6bc1bc224808bb496f610a7b8a8fa7fc47832f6

SHA512
f646ab4ce1f3d88fa8b806f5431d2fea7265ae7d835c3633d4ad25e83f85bcff0d01896d318fc3cdbe522c2b582d4f88816ea1ded2b8e64df68055a03d59dc1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3d29886bc6fc1ca680ee0192dfbc84d1

SHA1
d22543a2a0fbfa8b6196a21791250b0089140b44

SHA256
1fdf858d7580d67977cb38120e26329e578aecabdf5b62b46ebfb12e04885984

SHA512
fda82925cc4505f0602764819cb761a97d2f88de5865578bf70ef2de668e4cb5ebc801826a2bf818c185c6a5e8cb8bcf8984dd1a995e28f969afe2eb3a2f80cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e5db71b54bf17dad59beff861721ad72

SHA1
9431382c0853a945b3b2bb3d91c8970d07efbdcc

SHA256
41f196e9f3753affdcc9254bfdb61759fc7dd8f706eb4f234373abc5f68cb400

SHA512
e02621d8ccc4e8d3d8275261f626b2a5287cb51c9377cd78c007b86a941cf629f6dad5b761818557350c12918d24dcf186df0b2137c1adceafe3244c3921565d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f06692ce28b6828e3478669490edc78b

SHA1
048e8ae846e6933955ed378d4edf491be329fa24

SHA256
817f9e9359f84790282383a5312f83120452edbc761ad9f067124579775fbfb6

SHA512
75522005294b7afec0c329c2fd27e063ec2e66a1094f23d910f4b8f18c35d9716b476d0eed3dba0549e062b76d00e240a12938103f5c318b1133786834da6cff

Download Submit
C:\Users\Admin\Downloads\Avast Premium Security 24.jwistZAB.2.6104 (build 24.2.8904.819) Multilingual [FileCR].zip.part

Filesize
15KB

MD5
2799b2cc8369553b1ce75a654a994455

SHA1
268270804e836959e2be8341364f7f9ffdc54572

SHA256
ea1ae678413a62fefc2be098939ce0656b45c0de372dc70b86982ecc47c7fd9a

SHA512
f0eb45050493ba0bdd7de15af75d4742c48cf3c1248bef8b3e61986e6d98686f76ba90cc2029393bcae9487d2ed28154f0c02a474bdf710926f1fbb792f3b18c

Download Submit