30043368051ccaad512558f0c08a3f3da57f15967f38a76208f64eff06ee8043

Resubmissions

28-04-2024 17:37

240428-v69p8sch78 7

28-04-2024 17:34

240428-v5rg9sch63 7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveTrial.exe
Size

72KB
MD5

f79384ea10cb3239563d3cfea5560210
SHA1

34ecb5b3409b2a2936984cd0c6371a6497cf4392
SHA256

30043368051ccaad512558f0c08a3f3da57f15967f38a76208f64eff06ee8043
SHA512

513d097b9edcd665dd38911a2c495df517fd0ad3116a1d3666284148cb4058002673c270b5997625054e25282d9ea2ca81cfae2adedd441fc734994ec629bc2e
SSDEEP

768:e0MY51JNdyjTm2fW3nrY8gV/SzpzlV3Cm0i5q1O+DGpNADd5D3Uf3Lp:HT5OjFfW3nrY8gIVphD0i5UOigf1

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 2 IoCs

Processes:

cmd.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	cmd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	cmd.exe

Drops file in Windows directory 1 IoCs

Processes:

cmd.exe

description ioc process

File opened for modification C:\Windows\WindowsShell.Manifest cmd.exe

description	ioc	process
File opened for modification	C:\Windows\WindowsShell.Manifest	cmd.exe

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587994836278717"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exe

pid	process
516	msedge.exe
516	msedge.exe
1880	msedge.exe
1880	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe
5408	chrome.exe
5408	chrome.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
660

pid
4
4
4
4
4
660

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exechrome.exe

pid	process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
5408	chrome.exe
5408	chrome.exe
5408	chrome.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeDebugPrivilege	1840	firefox.exe
Token: SeDebugPrivilege	1840	firefox.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe
Token: SeShutdownPrivilege	5408	chrome.exe
Token: SeCreatePagefilePrivilege	5408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exefirefox.exe

pid	process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exefirefox.exe

pid	process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

firefox.exe

pid	process
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1880 wrote to memory of 3736	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3736	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3216	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 516	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 516	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe
PID 1880 wrote to memory of 3372	1880	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\WaveTrial.exe
"C:\Users\Admin\AppData\Local\Temp\WaveTrial.exe"
1⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc950546f8,0x7ffc95054708,0x7ffc95054718
2⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:6228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
2⤵
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4728 /prefetch:8
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1424 /prefetch:1
2⤵
PID:7112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
2⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
2⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=1424 /prefetch:8
2⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
2⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12951816284098319957,18343972675552659213,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1892 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fab2228c-83ec-42c0-a290-ad17f3e1d4c2} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" gpu
3⤵
PID:4432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d4d588-7882-4a7b-9908-b237fc1144a6} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" socket
3⤵
- Checks processor information in registry
PID:4412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d4afbc5-bdbf-4df7-8aac-f886cfcd18eb} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:5300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4324 -childID 2 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 22739 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14fe3af2-7723-4d0e-ad7d-1660f416ca5b} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:4608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4352 -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4252 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffb37959-5f9e-490f-96b9-853b8e5a5b7e} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:5160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4960 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4952 -prefMapHandle 4816 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf47115b-0ca7-41a8-9b56-31a3026e5653} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" utility
3⤵
- Checks processor information in registry
PID:6844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1408 -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 5348 -prefsLen 27382 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b467a9ee-fd35-4263-9bf4-23fdf4c1e687} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:6216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 27382 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff47ddf7-a54b-4e73-a4c6-7bf4c690aa2e} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6056 -prefsLen 27382 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c632113b-564d-408f-b672-792b90f1b685} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:4272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 7 -isForBrowser -prefsHandle 2796 -prefMapHandle 5900 -prefsLen 27805 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {663e0a09-035b-46eb-9568-fd37819ffdb3} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" tab
3⤵
PID:1236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:2132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc907dcc40,0x7ffc907dcc4c,0x7ffc907dcc58
2⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1976 /prefetch:3
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2312 /prefetch:8
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:5944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4420 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,5450147010950280602,12421462812435868380,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4864 /prefetch:8
2⤵
PID:6832

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:6120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc950546f8,0x7ffc95054708,0x7ffc95054718
2⤵
PID:7104

C:\Program Files\Mozilla Firefox\private_browsing.exe
"C:\Program Files\Mozilla Firefox\private_browsing.exe"
1⤵
PID:3484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
2⤵
PID:6836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
3⤵
- Checks processor information in registry
PID:6892

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
2ec91d47c63f56a47960ccec2f52cbf6

SHA1
b34cb605996e19be723dd7179c346338c0065d86

SHA256
281c7babc001a65cef3a4ae73e5f197468768871ac7eebd07911e42a2f17cb3c

SHA512
0f0d647d7591f7968eaa253d65aa7f7cd5ee39064e73cd1062070530238e9d35e456586c2f76f4d7ed5557508d61f16e6cb88d72400c901064b372d12187660b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
e04cf4e97ba57b826b68d7f6c53bea1a

SHA1
a1364a358483b8c2adf246139312ec29455b0612

SHA256
843f0ce30e94eb3834858a2ead1aa52a9fa816667063fafe660b4faedc7d0508

SHA512
bb2e5abedf00e810305144535bba38cf9d15176c126ae65721fcf08d5b9a9e912edb8c6ea876e14853e9e337e6d080bfbbe5a8ca233eb76468f218c057c8a0d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
ebe36d3618f97e220286ea475ad1781d

SHA1
fe03ccbbe43ed6c82538b486112bea144c66079f

SHA256
066cd494ba24c9f19a7b53c100e7fcb011475c47fe8982511f6e4471b0dddf57

SHA512
7eb690ab5e50b6e2662e35fd25b40f4de27d66d8527b84db2ef44f3aa3a93bda8a790d3538c4ae587c735ba207a7391f479d91a01b8d07659f0524379dd36aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
b34320d3b1aa045d4ce76ef8e1dfb167

SHA1
9f08f71b56d1b2c02faf2f2a7f275d126f8537e0

SHA256
722dac62247bbd1064d1e9e1f4e313bee07fdf6baf6ea347d3d37a6413fb77fc

SHA512
deba2b4155b555d8e7e02b2da17f7ad41cc498a8f4563143ae9e6aaa191d464ea5ac8f72eca7de8d8068531c61a0470153ea702f077b838a23c66f55e273ba96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
2c7321d6b02dc1e7c5639ada1a707158

SHA1
742f1d6d678b842c0eac7b6cb8cdb9de3fc4dfc6

SHA256
2959b909fa5112fe524c52d1c212d066243dbe1a1ac769d5f76ad929dde3b7e4

SHA512
0a47d130f62bc635306f3fd18fdb1082b52fc0e95dd2193e3910080c28a6209447439616cd7677ec6ac4eca5786d0b5b9fe5d0ab81f8c27ead2c946cf3b984a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
320B

MD5
492e286c4e845159c4a1afe68fbcd309

SHA1
2347341787eef35de987f3098f2de183453ee126

SHA256
50a3f341a2eab228c51ebda7b116ce876a99d5074d6118f88a3c0e4a81b515bf

SHA512
945e6f38252d4753501808d4fe04d224ed31f462870f2893284bdfe047291e248b14978736af7e460ddbb96ed481994215241f6052c6ac2800fffb266669c7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
Filesize
330B

MD5
b6168590c5a91cd34be76778a41b2135

SHA1
f66344b649b587f9161b4aedef9d06ed79c5d3e1

SHA256
12ccdbce0f50fd7e4282caa5986bb1f6f255112dbde8eb29efd8344f4d4b0726

SHA512
ac4da785c0261f37a4f95dfce23aa880a4a4309a22579ef81c7255ebbe96410ff02edd9815c670a45725fe85a9ba71728487f610892be9cd3209f42d2a4e4d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
Filesize
44KB

MD5
3557c7b921eb1c989057b414ed269b26

SHA1
9efdd6e070e825dffbc0cbf548904676f978938f

SHA256
aa19fe4368ed77dc73cfb1271aa2f56193a87dd6ab0ffb056dd9430530c05bcc

SHA512
db7399aef391a8aad1ed9ee167b43372fdb230a1211db4c5858e89c5987514bd2a90c49ee9f69ccf726e2a736d1a3aae5d273a008d1c9be3c47a9a67bcf83873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
0844070c45cf1476030884b07c1f2cc4

SHA1
a314ea62d3f27f96dde8241436a979ff902a64da

SHA256
3b36f9f35cf055a7b0723f67046694b33e04c290ee0632e832962767b3367b3b

SHA512
23c712042e25e2cc4903b1602c604149deb047918e3545104bd4a08b9967b8923d6840230d378b7947b5d26fc3a47c419615264dfbed1fabbcae67b9a0ac8933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
Filesize
1.0MB

MD5
88ec80e56ce3054d8648361c5a7de09f

SHA1
9d6bdf1ed3996579c9178f1bf372c83301aa6579

SHA256
ea53fc92184d21eb3ca5d9a8faa1726a27ee1e7286c7822e60e18b4766dd1e26

SHA512
2066eb9c89b58e35d4d40bc8773cb5798fb79e025ec102d4fe02d2f45f42e4f8d660d1d1a8043e2175c02c53e073361a47eef8b3994f885c4754f14788522ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
Filesize
4.0MB

MD5
5b8d0e01b3fbcdbe67cb81ce3e586879

SHA1
29a40f7760507cef7c0639a876c826e399e69f58

SHA256
fb4592f010b7f438962b5165caa6f4f206264c9268d04f061e2d0e317acdd74b

SHA512
e56aec79565ae948d87a53a96db39f78e814f055fd091470b1c33e016db5803ff5d68b66d1605f023d81db08f7a1f23aa0520355666579e6adb11d64b0badc85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
160KB

MD5
aab54dee6758ab61d31cb40b07686968

SHA1
e7dd6d9ff5f3f3c569a3b8d043ae4c9a6c0119b4

SHA256
baec0a63b512e8fc212079ba9df810747859941fe226038e54293f5bfada909a

SHA512
ca1f130218ad918ec9d3d258a9890da055324663cdd907ae03d5250f1fdac54337b4e0c921263710e1f2c232e05bd8223a185eb4d5013e2685600c755983b7d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
332B

MD5
a17a2f90aa3425f21b8440ee9cdb03c7

SHA1
efe7d318d8faf840971f7c37676c35337efe9093

SHA256
802844e30263e97ca61985b224b762c1990a3ab120e17fa49782eb481af9392b

SHA512
69a3a53cd55b782ec52c73f92d817c3c0bcd38abd66fb468be8d92a4287678eb698c1900343d3448fc59a9775d3be7bd7356afe360f0b0c251f50cb25e7af098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
cdc3b2849cf03d1db9546147ae0668aa

SHA1
09f4af02e42046ee04612f4cb9fb998468460b40

SHA256
e3db10a25a12ffd83687990fca36775d150aaa4ea2cc0f93a35854d0c1974dc5

SHA512
c49bee7587f85095027dbab38caf47273e4f311170f517de4ce4a6e74560d28225b3624a6d5fdef29ae1bc5f9a0308fdfd8cdb894281ff3e71bceb25163549c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
Filesize
334B

MD5
17fbf929afc935ba9061bf1ad37b8ada

SHA1
847d47ec40e7ceac367565a239746e0bb383acb7

SHA256
44314d00612016a8a4959496bf10e559c96c88f6fe959e0b564c9377e641bf5a

SHA512
0a2dab6c75f97196eb7ac6e6126caf273d588df3009b05a42075f6197069fc12551606d1b69209aab743c608f3b6b7d5d879efdcc1020108286a20ae6c412b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
0d102e2f75ae75f3f6a4b91cfdf526e0

SHA1
96a34761781c635bd51a916269d3c25dbf817f7d

SHA256
db46e3898aca18083ad006b3e95b46dbcd57f82af37d5a8bba8473fdc7b80fea

SHA512
504963b269a7f689fd5d9ce1a679bbbfe231c933698a01c44e71a49f926eb9e5d93fb498aab35967c20f512b0c51f06fb2c78fb786c88e523de898736552e47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dc2816e0c445d1b16e29f54ef2a63aab

SHA1
0d18031097ed0b546a1d29f153afee5f7a7de49f

SHA256
70dc7f08c9d8dab25044983c696fc952121fb4802bd20e9fe288b81381b281cd

SHA512
fb83398dcd56f9865a5a9cc5fdf92a41066f31e097d5e514c069d3e902a9eb1a99139db05cf445476858e22bc552a2e095af819ea2c5d5b5396fba2334d90d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
29c5252c96c8fa3e5ce6728a30562597

SHA1
7d78d7a4eafa2de85e4888dcbd92ae742e07be9d

SHA256
df9bc9d4e77e1aa367e54e944e6e29affe946174f55834ccf8116be4fe38148d

SHA512
3bf464c1814dc28e43b7ff659f19172dc8793756439b79b1c2e23cc42c9777aaae9b91abdcc7e6293c85c34999c6896af7c64559d843ccc01c581a02b51a7aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
461d32f786d30036029bd78ef030880d

SHA1
e7cd6ba8e853ee306d946e0e6039b26f09ef3082

SHA256
acabd9174c563970f3476006b2cdca7fafe45ac4bb0da1cc5f032c2105a9502f

SHA512
194d880a351ba664d67ab393c8d3c0e8b640816ff1d2b37403bffc892547382932be2553edf44174da8de9f5913da64720134da0815a345685cf6c6ca607c5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
afdf394e5a950b373fe9d92865bd8213

SHA1
11c170218256d1c477c1f595f267d136d0f0cedd

SHA256
8ea5927a84dabab3070ed6e29e063ae7679ad4f86e5e40860056e85758331665

SHA512
9bd146cfab99c02dcb682fe5e2473e1ce2c66ff15cb2d0a0a35ef5de53652105e823c818ac46cd09ccd6909c558c769fa89ebe6ee369a67da3aa541cd54606d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
Filesize
336B

MD5
79c60248244203ff13db54aed27f08ce

SHA1
b2e215c91bd419dbdeb2a510b3be07527c069c59

SHA256
13256d040427feaf4b2a20f6c21c10a9b7c7312e7e1365119fe5c50f9d4b3b46

SHA512
633dc2f45b17d9f7b3eecf67da904f19cc160b7644b1c5fdb13529e15e67d89b6ac3d8468bbea2f6c6146e4fd837647aa9e6e50bd9838d4359d00124318c3101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
Filesize
289B

MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
Filesize
320B

MD5
1a38b177ca627141c68e32bd8cce1487

SHA1
054e153b71abda1206315ec49a3b21be9bc9f6cc

SHA256
ec3f73581814d2ff642c95f51de7bb7419b1a662b8bb3c7790c3dada800a1118

SHA512
54c812bc97116a8d610b419779f390d0786b9fba3090ddecb70952f58bed01f4f35b40098d93d6b5245053ea86437f0a04b80b8dc883889685d69ff7f55cf93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358799481969823
Filesize
2KB

MD5
7158b724e4abb3385976e8b261e34896

SHA1
27c38b97ba62c7fac70886b7dc4351703b9d1ad3

SHA256
fa516a37d23d3badc59c397e19cf1565409da71f7be149000828f7e74cd3e4bd

SHA512
388d3dd567f6b99bc271bd4f8eaa16a9fd6e9bcd45b37b0543fb2fb2a2afc98cdb1680917c565c3986777a2a7a5aedd0ab9b59a88ea619f7701407297ad604d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
Filesize
15KB

MD5
17034778b89a05a6bb4296a7e43b7712

SHA1
e1e762af506159bc28e51a4bbd91ce02f0d9f560

SHA256
960f2da90e367ba6dd7e6b47cbd82fb3363ce68f7996c710b9fc3be1c63372f0

SHA512
5e7824ada9e146bcc1ae78d066de1e24b2bcd3123a787eb7bb481a30cede8ebf384b7d34673a4ea621a2bc0c861f13586f4d04b1627eb56089a277572c1698fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
654d8dfb8ba6827d91c25f198a8891de

SHA1
6b13c722d08a62c68b2f24d54da8f35546be4edd

SHA256
23afee550222b71d44b58250ee3dd87bb41150bcc7c545c29b92e84ecd93f423

SHA512
58bd12a847f1926ceb2acb8a970a0d7adcf9b0f3d2bfacf9512d2590c82be03ed9d47f32ca45e872637dcd78493cd9c1abaac4ecd432eb6223fc672b4dba8874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
22777e2c74ca9c74fc4621cd88650b52

SHA1
5daae6e0e449c3931cea89e0b33747ba84cb86a7

SHA256
79b584ad1aa2f9c25df649fac2e2c45750d31408096fbf52a4ba3a4a5a5dd84f

SHA512
958506f938bc9ebec01eeec0747dbb3f5893d57cc4a5f237ca6694172a4298fb3573631d217e24e4bd50f74987c9b4c79109113a31163f75883722788a57d184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
3e71e365f732aada45ada4dbe3e485a4

SHA1
1cdf95572e66af6e723a8e98c269294af75598bd

SHA256
7bc47113d7b9679aee475f4090711e549cae6b85571024cc7a186d600cb2aa77

SHA512
9cba81a986515f13fd37f8f1c2156b80f803d52ae26745faacd81a8cf6f711c82c022bdc833ed72b5688f6ec141da2bca911e88553f718228b3383335c44aa8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
d2be0dedd85aa9290bf64025be72a041

SHA1
a8f41cf959f74c7817f160d251ef1d2325d02f71

SHA256
6027918b02c6ddcf640aa0710233df7d5ad47613e8d9fd643518a97f794767c4

SHA512
8916b64eaf13a48a8d494d20842ae24e223a5c6a5adad128adf390816990c773e1bb095007ddc1f7be82f60fc8db38ae98e5e961bfc9a6d3b676c4d5139f3029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db
Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e48bd6fc087950636a2599c71bc9e821

SHA1
9c2cb36f3458b6cea9e1a3cbace958a34271e261

SHA256
a5550e3e777f5d7e91879288045b797b0a7894ef3af973b01a342d8f00d31085

SHA512
34bf68da9788c986ca14d07f31915dacef49aee369bb8e9e33666b5d55cba070ae49f30606539422c8b4d4c9796e93d7ac302cdada56b0c81b445ab4bf616d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aaf99cf7e485e8d2ecd2f73395cb50de

SHA1
9939268b6cec3b0e0a81790c94310722d4bceb53

SHA256
a25e45d13323425a5c997e78a4a40004039fc610eb68b59e4d1288a2de4b6ec2

SHA512
19c6605657bacdc6b9c2f5750afc8df0b46092fe4eadaa74b2fa7e6991d8248fc033bd1ecc8520c8b5c1c9128219e0dcf19150dff2ebbf1e83da71f1926220ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e211e1c6708b8a2b0f211327ed73e3e7

SHA1
5bd2455b7d1e6a2dfc0612f6bf18fea9b753c8a0

SHA256
b65c48022977752eb939de3f7bda7dde5edea41c1bdc3850833639569de71606

SHA512
7ff7bdb6d3cb1c02f4e0143671b86f5af3f1b3bf126d770877d1f2d57bae449294217d2b1969aa010dd77704602b612b6ef922fee304d1a3979b8193b529c2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
68d0f4240d7e27e2bddfadca0a1ffb9e

SHA1
4a3eec0a163c9208cb15a7a154198a1d22db885f

SHA256
673ec23e804a373cdc12e7347adddf2805ac0062479f1ee98f0f466a353aaf0b

SHA512
0c9b6d3e8583e7b4797cde3643d3bdcacbd4d40b93dc56bf042fdf210c8edb9e9a29bad045c5209fb002bcc8885f1d112f342669654c626b5135b2fa95d9362f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
21bb88746c698d949a6750bbff9ccd26

SHA1
21ef3dea5310f52460137b518bdd3efd0439284a

SHA256
0a97331173596260284ff2fb832eefe651748467df03432615a0ec28d6a9615b

SHA512
8e12cb4a23c68c00f8e5a6924390a490a651580617811d20a859e7c3fe25d5b124b533fe4e80bc70a4764648563e54314d711b64776fb65305842b8197178fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
65713c43497ab490245d9b3de1788138

SHA1
0d3e4545f9f8b0fe2ba9cfde4d77b54504020415

SHA256
89b28553cf041c852bf0473cf9bd65bbd74fd0e5cb91972aeef293ba1f99161e

SHA512
2c4db0469cc81139ac12bdc805a8f65fd3fe7d1032c9b5b32e6c832cdedaeda7f763f154f8e37b0e2c9da7fa13b14a2adacc3240a1518bedf6fa02de8c09d08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
ca14a110a04a0ed413de278d7f049fe5

SHA1
ff7f63c22ef765cc6fd0d02df4b6b22227681002

SHA256
d072aaef64a09f0212fd5cd89869b062d8076cc0a29d593ad1078407e6f5fa60

SHA512
fa2fd2e87d792792508f282d6e4bc96cdd2047812585e7d0cbfdeb1733f2149f1e8b13d821d47f8a5bef65b243daa2d83dba8fa7e276ed7358bd67346534b770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
871345e5fba7ca4ab24311a59f294307

SHA1
67e20b8118efd0eae96d507278db9904c958b66e

SHA256
1845963400ed0601adb3ec8b5a045132b65e81a9529e6c8d9d927c4a4e5f57fe

SHA512
b780b9524d72c0940ede8ddcd7c3801a02a0749c87f94cd88c090438825cb7b600f45ccb3c60ee639bdf5829040344f06848942b8d3779cd50aa7d1cb57117a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
7840c6b1e6a9fdf7a39ac591f90f9005

SHA1
bb7116becbf87615fcfa46bdb5c66c58c3db4e91

SHA256
877dc938ef6b24213bbaa34ad28186dde25906c7d99c23aa9eded0877e51ec63

SHA512
46e6b83b825e86d6d36ffe0c62d29b8f5f524ff698ac871168138526525cd9d9a0046ffff240df456033192156b2a59458e0a57ad9ec709b0ca2b5e62e7846a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
bbc49294da48f0a4d0eac2451ebd0d23

SHA1
972cf0d8a7c966559e74c7cac58e1b671429b8da

SHA256
585ec44a1b7ab7633eea562dae59b7c786b70d017944371584d575c0ab7ea4bd

SHA512
f51031e1249412a0f6f647ff26b15c94d4864a04e2f12ebcb65258c0e88e1e6c4a8e1c2bc4fb60d53e442ceb989cba415333d63a11c9b6a66038bd6924e2ab9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
1a12681ffbce8c0a763314868be937a9

SHA1
965353e0ab25d126bf08f1a488258aa29126c47d

SHA256
3033ed7be590ea2b06f4ef753e5675c7b840515dfe454d85177c5d7297fbd2ca

SHA512
bf3afa878240de78748ff781058be54a9b59f3e028c756a38213dcae46d53f4d630a267c1c5414fbaa974b8a7366d6b44f296a67b2bee23fcac513176fd0c106

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k6zex9vv.default-release\activity-stream.discovery_stream.json.tmp
Filesize
21KB

MD5
bfd119f5cdaec124bb26fc690e5ba5f8

SHA1
7b2014b8185af8e8e2224d38280dd551c036cd18

SHA256
ad3b482e9b0af8c76f0badc7ca00773a0538a66f0e7d910db7674dc053b29e06

SHA512
18e7130fa555f39d290ef193433634a380246c2e5c77cb915e15ca12b45362f3f96b859e1ad6455d18846dc509f7667ac4d4ba9177a8c862d2b5d24118048312

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
abdb4af34d80fb5275587143e9631014

SHA1
2dc3869aa7e24bab731b1d4b774763b552986a4d

SHA256
b818864adc8ba0a946ec5aeafc42ec09e03a3c5b925cf8c3258a7ab64cbdf1b9

SHA512
0621db56b5f0c32d808afbb6552830b3bd106b6b31d11f5f768548c88f323f5a88097a37727d9e531ecde5c46b9e44e7b0b0f8dc25f92424aa76c6c8f94fc1f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
1f131221d4046bd65df203ec62ccf8af

SHA1
57ff2ab3b735a70ba94997a6ce223f1b894627ad

SHA256
2f1c67b721a76fa558b153e66aba289be82be6adff51c0832e75fd215b138bb3

SHA512
331725945782c1aa0d1579dba77c663c2ad5da041818cd70fa21fe09607702dc9b3a3aa46c21498eb53e6a0acccf170cff7f2385a66b5989bdcb04cb5e7ea158

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
Filesize
18KB

MD5
ddfef82d8a0a0c677cf45b6ef22c1498

SHA1
6e24860f9d144ebc45f351fc1ae31bfc3d9e1427

SHA256
b1d3295c827558f32ec4be5e0961dee55306bcb538035b63a9f4b7fb3794f4d8

SHA512
98852b384f7286487be28b5a863974dc763c1a089b97b18bd8ff14ac2f15e152ab772bec819f42545139d9ea136cb32680673f77cb4c2d78cb21a393faee04af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
b4098aa4fa5021a2a3fa97a358348753

SHA1
7bcb0b8bc15072e29d7b56d64c0fa2c787ad9dd5

SHA256
8aff092f698ed4ed5ae6d5dca198fa2351e07052521109b68d3d9f7f053a025c

SHA512
c606b6552add1240dadc66886f26c62c8d5a8677505b16f64888beebfc0d06cf7a3bf74921f39d698d6b61a8f26302acae9ed908ecdfacbaf8d7480d5659106e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
6781697af99150c98ab8b786acbc50d6

SHA1
bd3f06701d2286e3693416452e11b8fd77935508

SHA256
f79bfde792ba4fe0fa026514e09bd0c312efbb3e0576c01e84d11661037882f3

SHA512
b10222b76f13a5a4b3641adb844ab41df63a48b74eae6d376039dc5e2061182668c0c91c6bbd95fb0e8d65ac46b00899f8d85be3deb8b3688ebc3976155bba03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\590a4e7c-8e4d-427f-967e-869d33266056
Filesize
982B

MD5
d3c1dc45e11d2708b3e23f145c5a7f00

SHA1
1f60a1a0702b13478bcf496ff8e979c2a8bc6a1f

SHA256
21492e457f5aa50d2e5ebf0791e24b5d7ecf106ba0ff07233c7718cfdf003869

SHA512
42ecf10816f3256f45ec36da3f5a47c71073d65c465246485f52304911ce67d67e9392ecc38a0451d642da7889a0f5317f20c2f91a222c3f6c2a98b5000f85ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\5c83d955-0c83-4914-b880-754e18c4919e
Filesize
25KB

MD5
08e713feaada69667f97634908e652f2

SHA1
2cc8fedbda526c9d1adc8f89808a8dc5ed1f7cbb

SHA256
aa36a0c86340793fd8381864d1277f469d6e18fc48aebf3f251e2684e1f96430

SHA512
e2ea22935a2da8782448d8339e3d197626c552da2c486c061cde85414c879b89a47faaa3bb84a8efa3b6d57985eda4a28be7217f6d5ad23caf56d19c4ea72f77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\62b8bafa-5007-4b5f-8419-5ab94ef1c2d3
Filesize
671B

MD5
94822e35235a3724f614584fc7f9d139

SHA1
549524fcc6179c282b971e24592da9ec64092d7d

SHA256
bd7f86fe1883377a16858004bfa047dcd3deb461301425d3de4d3603210fd224

SHA512
9807b3b32f613d5d9b073d4ac0fa8bac35eb9f04f73d83baed4ac6f035bf2e942b02b27f9755c1d1a810789afe0fd6990ac464330d8aaef98c8c4b5c682c1e35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\extensions.json
Filesize
37KB

MD5
04dc532f2271ebf8808bd014f99fabaf

SHA1
d125508f7e87e922e05405868063b13ff6487389

SHA256
65948ab58f96a3f27e454c6ba63ea470781dc6b53245e13ae56d42110eca1fbf

SHA512
13db6c43527f06a8e1f2e561327fb56632f678ef225ac07ea8ef11a0fa754cf5caff0c171e85c01e9e9595b6210220f9429bce7b6f30ec33520fbba2495b5118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
Filesize
8KB

MD5
e13ef1d2dd7327bd3aad7b39b7896ff8

SHA1
a5d2a741cc9bbf566974dffeb3bb6f17aa705125

SHA256
b16f414d6415aa4f888608ebe20cd4fa7adce0ab5c34b1c7a25e850e54847e70

SHA512
f5f7b3017d0e94a9605d954480efec305f0f8b1670a528cf677a2a816db67f188ef4d66ac62a9d0623e78d64b8b4a3a83cda760150aed512e2e5e78d6d3d599c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
Filesize
8KB

MD5
0ecc42bae2500c8103f9f3a5575db542

SHA1
571c82866b5743101cce0329e553614351615d2b

SHA256
705fb7e0489834477e55cc7de85d985cebd31b46b88ff6de7971f7c8b29873a8

SHA512
b546dd73e7487d7c92edac5694174648a44e272a3bbce52b9d65dd78127a7bfa79e68e2f869e5f216f14eeab42249a0702c57b209b01bd840aab20e11174c68a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
Filesize
9KB

MD5
4fd40ffc87223afa06e45a837ddeb4a0

SHA1
cddd51e63c4f6c9a2b814b7f2bb84895d8ccfda2

SHA256
5efbf5e1eeef34e39b3e888c7576342c61d7f2ab4d6c64718ac350c64e4ba073

SHA512
165ce43a0f710cc0b74ff22719a669a3ef8defe24634699f83ec01cce72054007a88dbaa3668ba0c3de3cd94cea221850393a0e56141688e9565fc140bfecdfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
Filesize
8KB

MD5
771a87651887388bbe1cbbc478a4c92b

SHA1
9c584f9f9ed78db1122e6745c1a174a8058e6962

SHA256
dc377b9740471cea3bba68b9534983235bfd886dd9e2f93931130bb02c878e11

SHA512
5336cd022c6565a63a41a3af0eb2d1744d56b17230a25d536c1b592ae7f2cf6c75408a98d74618fdd703f50c57ff7e4887cd340bad6a28dfe2f080d8c9b480c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs.js
Filesize
8KB

MD5
a9ab387efde4d6737b63fb4a3eb2f788

SHA1
64e3ae6d9ecbe8b7890988f1aa1420a8e9067310

SHA256
1010d19bf56d3686c890171e8271d75ead97358c7d29b3c44c78ca24019f777a

SHA512
5c4c6051fe81b5a0c9c2013968185a66d52b730970458103e20dfdec36a8e8ed1b109310940a81837be765a6702462554fd6b3fc2a92d57108c94374f5b0ae23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
Filesize
1KB

MD5
b9543d8f912160ae0649fa91b24acefb

SHA1
cc22e4604273ce308a25aa1aae840338e3fc5ba5

SHA256
a8f39b2163065140f1abb9a21ca862eb0f7c148f0382a698c963a049e43f256f

SHA512
d02c56341acff48bd4e64d7ea865f26b86e0f285c5ca96fe7480a948a94f58817de0cd0200cd2a6140c2e757c69dc8c8a3872ac3389c4622eb4b747aa05412f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
Filesize
3KB

MD5
b2501c51ec0822395348cc7053fc6e58

SHA1
4ea3aa7566503df6a03188989defec69f702deac

SHA256
d795f72ba887452f9f38007b0f4b3aa4f049db2e794a84ce40a13aa73f550f31

SHA512
2ba9e2fff0250b52a0aeec157b355bfdd3fe2d3fd1820528c958fe0a2f7935cb8bcc6797999696f70435582c44dc5300ed12992deceea0f3afc12d879490e18f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
Filesize
1KB

MD5
3878a96211c0b1f1403af6ab625dfe30

SHA1
ac6cac113ce71a1b0e87a638b603e1444c50d636

SHA256
19fff529e55069b35c6124580b367ce78904eff1d2c63856600bad09eb39297f

SHA512
3d37c70632cfd34d6f77affb1aba04bc6a882892f3693bd9f32237a1e16c26f33ca2e4601e99e1465e9050ce399488363ce7c1283a44eca1f8e1069b46d209be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
Filesize
4KB

MD5
2bfc61e36d24b881584e91861ec1606c

SHA1
c755cf2d69f402423929385121da694327a7a3f4

SHA256
81c6d2a5fe967161696b81cdf59e511e00b3f43e0bd0cdac8b75589f3a44391f

SHA512
f196b0d6cc356c25d39fde3b42ab4f766e01f26c3ca2a563bc3c81c762cd9efba1e811be17db0f797bc87a106beed1f4ab8b6a068c497893b6c8825c561308d9

Download Submit
\??\pipe\LOCAL\crashpad_1880_APTUQVNCLSWMYHPN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit