b161b4b9fa757a9cb3231514555bf232c80b0e2fb2350d41988bd8b4571eed12

Analysis

max time kernel
142s
max time network
155s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/05/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

20KB
MD5

45026069bfb38c8184887918860f2b75
SHA1

eab0642fc8480082b32335c5672444d989a7479b
SHA256

b161b4b9fa757a9cb3231514555bf232c80b0e2fb2350d41988bd8b4571eed12
SHA512

7fc76f20310a9259c5753f356a6e721de38509913dd8ce542c9481d725371d7921a3fb41e0d4009aa24ce308288e08978097388613433c2ab1e90a39cb15d42a
SSDEEP

384:raGt56DpmReVoOs4ai9ylKeGMwUGHhhbkde7Pvo2paWhOwob0Jn+pIJCgMmVn:raC6BVoOs4amyI1M4Bhb8wPuWhOwob05

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
160	discord.com
162	discord.com
164	discord.com
165	discord.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600354906330488"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 4352	2332	chrome.exe	72
PID 2332 wrote to memory of 4352	2332	chrome.exe	72
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4780	2332	chrome.exe	74
PID 2332 wrote to memory of 4768	2332	chrome.exe	75
PID 2332 wrote to memory of 4768	2332	chrome.exe	75
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76
PID 2332 wrote to memory of 4396	2332	chrome.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4520 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4368 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3132 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5208 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2996 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3016 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5500 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5252 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5312 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 --field-trial-handle=1840,i,10163648194078641169,15070139841624864299,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1884
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.0.181695280\1007600137" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd097e30-a76e-4888-8ad8-741d32cd5249} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1776 1f737ef6158 gpu
    3⤵
    PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.1.1560664860\1774254373" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d093eb08-de21-4dcf-a6ca-096663ff940e} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2132 1f725b72b58 socket
    3⤵
    PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.2.564989627\392573032" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc1269df-85ce-4b62-b593-fdaadce6a7c5} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2872 1f737e6b058 tab
    3⤵
    PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.3.1028060912\1781939255" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88f27e4-10eb-4c18-9647-197f7ab5269c} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3424 1f725b61058 tab
    3⤵
    PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.4.1645806649\923960090" -childID 3 -isForBrowser -prefsHandle 3860 -prefMapHandle 4064 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed33dbd-767a-456b-b441-208e15eb0558} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3540 1f73e237258 tab
    3⤵
    PID:1812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.5.631039448\1400597640" -childID 4 -isForBrowser -prefsHandle 4552 -prefMapHandle 4636 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24638352-a731-460c-9422-a467067dd768} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4680 1f73e68a258 tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.6.1505098789\538325364" -childID 5 -isForBrowser -prefsHandle 4848 -prefMapHandle 4852 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e98238fb-8a0b-4dc1-bf2f-fd63e4527d3f} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4840 1f73e8cd458 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.7.853791034\1698752993" -childID 6 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33bfcae9-5eef-4d69-b179-2cc9c9dc87b5} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5032 1f73e8cfb58 tab
    3⤵
    PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.8.1995809000\96342222" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4404 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71c2a0b-566d-4e02-bfbe-0967be99a2af} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4456 1f73a7b1558 tab
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.9.1010393269\570835573" -childID 8 -isForBrowser -prefsHandle 2728 -prefMapHandle 3144 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5874212b-ea7e-4e78-9005-769a4d00fcbc} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3120 1f74016aa58 tab
    3⤵
    PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
188496839a8ec880e8955e85b5d98e48

SHA1
63c0f3876ad72a170ba618ad765132048acb970e

SHA256
875394931d73230a8688b89796970d4513c45bffad839b5e448ad48c9a3285e3

SHA512
8288040c3a97cca7528ae5ecbd6fc73ec389a492ecdb7443979297f50e324e86220b8beeb2ada80cd836cdf32046d2199afb4d81d3a62078559335cc0b1be162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
93dc47900ab8d08e9f51899c8267e9ab

SHA1
24fd3f54b10cca1f46361ebbee0f6f76ed515d75

SHA256
4f1f5714830b4f16e36e30607a79996502ae73e1293572a19b3ba8f11f7a42cb

SHA512
1c1ca7303b6d774bea2941df5e7dc60bd324de9df20da74465718aaf79dc66fa4ba703ebd252619248fc05845c3d09c909dc1b21ee943e7440bdcf11ebe311ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
ba8e52d175250fd716b82732b4704e49

SHA1
74005527b74ac9ce08d3629c901185c2a71ba597

SHA256
58a86216f527a8494b90f557818af02b4752fda931d15f5a4c76554b9a29e399

SHA512
203d63dce306b797642879a9143a64f65acee27330d0a82ca115b918d93b891dc936069b56c25043bb552ec1e491f53eaff30dac34e8feeed315f6e5162d31f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
46KB

MD5
ea072718e836f4c3f61d2e2527821cf9

SHA1
ee08effa7ef756a418e3df4b89fe2818cb51c0cb

SHA256
30148f9557cc78dea602e23ecb995f863473b7fa148ffc918c4b37b4eed8f6f2

SHA512
c016739e5857881b70e88ecd9fe59ca6e530e656336f7937a85009ad455edfa07ee23462ea598f3df4eea48d780f60dfb62791010d8cabdd0058b43659d53809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4f6dff32-f4fc-407c-a368-c25927f458ab.tmp

Filesize
2KB

MD5
bdcb8266c70166b2a921cf717d062eb8

SHA1
0613757a46d1dbd98e131651707d79ae7166dd95

SHA256
593e4e617122c98c34a13fe9094c134cc15fb4a9263df14d777efcd79c375d35

SHA512
017833263b0a8e67412b99c9528d371377e778f4423c2909aca3fd760def7706b7ffe74248c44881d28ab701552c7c6d0b864288fc144f95025bd0001d722644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8700da8a85d89d240a487e83f1999d4a

SHA1
9ab03afd067de7f4c30e6a10412079c4730ad07d

SHA256
4c04a463aa73ca8a8f2455856cebe899573c411a291bd27a109f332d097736e9

SHA512
2ca1cc7f6d416c6a278faf4784e002f397a158bdf2c535fd17585c580b9edcebf0305327c9bc4854c9ec1869898b98803871b12171ed886cd5d972a5be517795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fbf3616500b5ea5eaa93f724ad131c93

SHA1
e246912d1741a6c1a71ad2359137a5396fe0516c

SHA256
de6a27f20cc97f7d068d4e01079932445500a650288aac6531e468fdc50b4a41

SHA512
b66f3e81b06ebb04ae6893fe726218dc3236d002eb06026027ccf83f673e33cb87bdcdd61c78c95e323c187efb46360859358c4c1da48c82b9fe7859df440c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
15a07a1bd597297ad43e874b6a62ace2

SHA1
ff1367fa96671456df9ca330c314469a101c22d6

SHA256
2b324d8ea2bd0a84368ce357766f9908003917169abed0cb75a12b055f1364b1

SHA512
66afef622490d0f56f96ae4f4326724f02b78f5d84f40fca64b5a7ac7704a726acb4afceec4c41d6e03d2eb5299669f04eff316d7d98b624fdaf9f5b95967d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd08547143bd4b0f40b054cdc86f6733

SHA1
e5a1bad5440bcdcd1cef6b271c63db960db46c8f

SHA256
2fb58e45e342344f8a3ccae89c07ee7d049d2ae7456eddfe4d36d04d45c1ab32

SHA512
3163fe4afe4e520eaa3f1fcf9f6de382bae3cb56845e7a9e2e4b7d8e948df23fab002e3269918f1f1d6cffd7174d10b6ea3926369b44f21db1bc5f77fcf419c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c5ac2a8b105eb72debb76223f246b4cc

SHA1
f0bc6b537a829d7143e601592ba644acf95b7543

SHA256
b1d99a67914505bbd8c04766547e59abfe98cddec44ea1bbac871900f6e538d8

SHA512
ca850a06025cf839c38e53409e4e4c372506c17563ee6c27c737bf37eaec9b66457f6dd03d6a34ff6e7b651e907eab7a02234e31a3e2efd955ffa02716610610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1aa34d6915ca2d64846f914919953eaa

SHA1
c4267fde790defee190ca0e1a8cf551d6e31e887

SHA256
0a78a8b84edbb13bf48c26522c8a43d1f6463696faf5d3f160bd0aab903aacce

SHA512
e3742faa666a721ee57b68a5de62ad74166a7068020d306a943ac0444f1ee3f0e05e782f1cca678b7e2491e5994a0443837fba55536f06aaef99201618f47440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7bba5ec2efda201539c74f5d07589cac

SHA1
ea0dc58fbc3216fc40e257170007a4d621a0d8c1

SHA256
2f6caa6e3305f61cdacb824405c7e541435a84205107a3ed7524d391f832b89c

SHA512
a1b9515ed03cc99a8f927ee011cfdb034268fc8af54b4d796c29438f2693e9d664c545bbc7f85e44ccb4bb68edad6e0e74a5d5dff8dacff2648ac20474fb52ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
76f5693dc5dd33f996948b4ae628fda3

SHA1
548a7e00a1df458b7b61a95febcb351cdd462326

SHA256
0e06f280b8369265aef8eae6df8dfa76a258f6f40d3ddc26bace855172a0d329

SHA512
f9965f24f71872d71fe9af704f467f8a043c47f01c476d94c59cc0841e9b53b20a30a3e81e9b59180ff16c42c045cd3a2abed70f811cf7a9c7755fcb3d466e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6fdc52eed0eaa5de5db7f4b7f17c43c2

SHA1
6ff80270367746563ce0b77c8268ce07f98ae34d

SHA256
33aace0023a47911659202ee9ec8e0b183354d2f90387069678d0947bdd9a901

SHA512
d65e3e8fd73c09f919394271baaaf91756aeff81b146fb0f11e0631b1056c8ab598008f1aca120864a346ffd47e09516c504df8262e18cbe11ab26342b9acced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ebf20da99f6754fc9509093e33cdf4df

SHA1
32acce385c3d4fdade0738da4835f67c53e7d70d

SHA256
00cf417dcfe9fe6ca4cb334babb46ab611b7d113ee15a1ca9fb2c8af7cdcd96d

SHA512
f744873f0a6163d668b871c5d17390d67271597aef09e27766dc92b0e19976b80b74d58e344176c2aa8581a5365f35a186eedacae66c2443c1284f2c92199a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6d513e39f9fb429085684009fa433bd4

SHA1
ee4092782c042391dad03d0e3769921972f6ef07

SHA256
4d4d67717fb1c59e0170dc9c2cfc96aee201628e972c86df371313ed5cbf1321

SHA512
45c0c87fc2cac06b21c6ba314af95d4502f2d1f2410e0e252e530dfcca0a9da8c8ab8f1409c3772e94cbb854f13ea5ea9ee5f8441032f1440fcf4d42154ab028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2757222cd792e4ba0fe1a0828239c558

SHA1
1a98aca452a3654d2b7930a631dc58d17db8eeec

SHA256
b64b302ae3e9611f245ad17df0b36310ff294e4b68530c0383d75840bf4995ca

SHA512
9a4b3b91317c82d1bcd907bcfed66be508733f99edaf7fd4290b768e4be5e384d3aa12f852e3ac630ab3ba8459fc689e54f6d5c8e6c178b0cb7260618c50b162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bac0c6be200552aa007c189d451c5cb4

SHA1
5e63712a5ad815e45f43e064930393295500d9e1

SHA256
46de0ac469e8153555c1f14e1ae345b3c6c9af9ab65e124c9afc5806520ed134

SHA512
a8e963836a78981e47e69233f6a677f348898289f1a9057ce3950a4fb13ef7b4f7625292c7c2caef87b8d1b26316e86b7b4b8dcc953f91acb100036f574f8d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eb43710a6068a326d4de2940538ed6f0

SHA1
6abbb4f04781227922100921283ffe81145dbd9e

SHA256
5dd54b5bc23657dd7556e879f8e58e95fb40e3d7ce849e2f360b9840b21dc7f1

SHA512
b036cf8d3f3ec28b6d5e09b3af69ee14df4244aeeacc3ad201e1642b42046feb4c40beba00fed7436c1e414fb02282955c5d9a8599d757f19867bc1322e5ca45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4f800a7d0fb222b3e0f6833840accaf

SHA1
37a1f4e9507b0eca0e07405278a55ab7cd776579

SHA256
863d193a91571f9c887b483b78cc104b5e148ff6fe36bc19ccb4a1369f1ea2c2

SHA512
1fbf7ba852bc5ca417c08dbd5c651b43016c758c379e1138f0786209fb58e37b952714432d5d8e547d37d5e9115e702fe9ac53e9bfba3fd05406eaf9eacb4f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e941794889889cb7735eb9f844628f0

SHA1
d8922c5b5f8802714b3ba557b708eb64d9f167b9

SHA256
cdae96e418005b5837cadd53ffbbbcacb91b270fcbce8bd8c801423efab288d5

SHA512
6a879d2795bbaa4c28dbfd3c0a9417c3c4bf71ade335c7ccec665f4bab1d9da09d73a4e388a6c7e578cfb14c64c0cdf4d6fc02a8eaf9b840a9b3f5ea16ccecef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c334bd849473bc8c5ff5efb67efa4ad

SHA1
276ef3b72fdb1ded04b81ca64faf90c61a4f5535

SHA256
9a7c50a173ea71354f08728cff45369ab4c58b89164846f7ba7a41929089177b

SHA512
718ee9b53740e4b542e87f16384f2745ce1b839bff614467098abb25f3e241c28c726146b01ac07cd8a4cebe8b366f69809472c4146136fcf7f123458c49045a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
620ddffb2fbe8324b35fa28ca89a9d4a

SHA1
cabebdfff41f93d3c9b23dd55f0ac9e1ec1dc353

SHA256
369da372f6a9479da4f2f237bacb9416f8a3e697c9a9e2c25db0bab05495d99e

SHA512
f2cae759d1a3198f74a4c6b2ffb3528850dafc59fdfc50a548ff0b585682494c6502911243707de1966a5279f6dc4b68648e9cf8e1f20a10128ff15d3aafd838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c68abb3465f288a58608e3f37296161e

SHA1
0cad552764321bf057fb71ec970a405d2c95a972

SHA256
720d62447f70a36658c64ae79f7284d17d28c827f1ede041daf8653b49b60799

SHA512
eb0b5f0a773ac0223d39ee3f203baa150d80092bbd54a777b0c3db41869aed4b7b62a330e5f0cf991a463c707e3fde124927edc539b1f920c2475d1361df78f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
15d9caaa1ae07b10bdc327aa1774f866

SHA1
e9eaf360d7bcb24febb36b0247b93f399a5f33fe

SHA256
64743bd604198b8b959f19d50261aa9e72c9a499ad07e59cb47e1426e2ef405c

SHA512
ebdf04a78f41197cf4a0c5e9ff122107e9eec271e6ba4c44eeac1174b00edde2c873ab1d3e8ab005c43f099a966e53608bd98e20832df17a98fef114d0095951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
461517f82fafb5853da582995b893634

SHA1
8bbec9fd0c7e8edbfbe5b60a359c11f3dfd88c3e

SHA256
1c4b727dd93c5b1bd9fc71a65c6bc7d2b8fead1aae3d29f4c4822c3ffd57c27a

SHA512
f96a3709b811618594a1e61a8f0a3b1915d03fb1103c842b9aa0c6106ce29662e6715ca5d12b3224ce347e0397fa526adf30188d67e547ae8d5f4f76f84488a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
a502d719d3878b2df5b9aea3207894d4

SHA1
210f76f2372d50be4378b697493679e42c383409

SHA256
4505315076ce908f249a930955705c7c19657e9f352cd3930c90b913264c0636

SHA512
da1cb2e41f51d19426f3ed8e5448508c591b7afe3eae11e29f42e78aa11056ef33a6c5f7b18b39eec579d56016833ad1f91ff589625d8e98bafcc7336de94a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587c4f.TMP

Filesize
93KB

MD5
3496d019af480d00507adccaeb593609

SHA1
add39cf878a55c0fe8860398f960d8378ec4a612

SHA256
2b10e0832f2a68b29f38d2b4d491ff0983dd5953c045cdfcee8cecd41fecaf9d

SHA512
6b3bd247c12a8702b0c03fa66dc5662bfc5af2bb73c1994507b60b6184742c280f112443d9b3d86c4a0769e1b1e464702470a4d4fed293d83087695fca95e71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3

Filesize
16KB

MD5
fe27dc9854e700b47a2a09b624dc1a47

SHA1
23747103f25471ffdc8f1af72abe6b7b9aa9b7b3

SHA256
837d9e1456fad10e0a9f5046d2358458ff9ed1eca86f93d1bf9d62aca7665d0e

SHA512
9588e938d9dbdc74a2aee0b5cfa9ef1684c8f41fb52a3e3ed1b984e3960878aab5882d149557933e22b11e74f7a54f17f405fbd9c4f736391b204af8839bef0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E7393C2F65AA51A65F3A69D27D2BB30118EC1A89

Filesize
33KB

MD5
3327f90709f26108241858bafa170e68

SHA1
06aac123d36fbc914cb39277d8d4c0d7568689f4

SHA256
c5d934009099f41dfe37e305d47e5882af92b2ff2c2d2c923e046e7b83425aab

SHA512
ac34e95e9a6d1e1f1c9ba8acddf643459a707eb2b77989c3d5833bcf89bc606c36b148dd4e63a98a02e40f2f04175cefacf4f200ea60dcbe75263a8a09732760

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
da117444f4c764ebf0deb5e35f2c39b9

SHA1
997ec745fb4839d9aa6add7fbe74d304c9c03cc5

SHA256
d573ea02dce9f6fa4e2be64850b910c6a05ac982eaeaf640b0505ce6b8a58e85

SHA512
cbb9deb99ce1ff0d9b76728fb8f19763f433fe8603600d99a0eb226a9c10a359233207c56104f21e47bd0264db95c74b76e96aae8c86444e6d053e159f3114b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
381206123148a5a279dfce20f9e168a9

SHA1
3ee915187666926dab5dd871bfaa29b181525475

SHA256
f0bc20aca2165fc85fc11ffd38222fd2746f3945e0dd05191c921e399e069e9a

SHA512
b4ba1621ee4c78847b0601509a1ba97064c269e0e74c810d700b54191ec93ec2cba6c39536ff10c0c0e651502f413fdc55cb2b31e57abd7768f4c1efe7fcc511

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IQUVN8S4BPQ4S6UQWDL8.temp

Filesize
12KB

MD5
4e666a747e2364f53d64ced1172ab8da

SHA1
2f434e3a71b86493936770f07b7a78a3760e7866

SHA256
d0eed9794d991a4dd2f41bbd78592f0ab79ff5dea4b092e97f3d39f0d1b5b3e7

SHA512
aef98c77ea096b46e67ff8ce5d6f3c3960c027de1bdcc5da9db47ca89759fbfdb8f324bd8c46c7812d97ab7a68925cf2da3180185eae0b9d6e333b784f0779e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
03e5680f405622c34e548653d8652153

SHA1
580116286347e6fb7ecbef20e9437118c98b0074

SHA256
6d0bde05bc138d2fa68294c38c1b068bfec2a662a34f0d40e682825fd8b77ae4

SHA512
176f347156b08dcc2a284e73b459185842b7b76bdc1a93290218ae609f4021358d05b26796a63d8d3a935be7016e463b5f9d8733d8fa29fc04c935256fa0b548

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\d89f30cf-239d-484e-bf2a-24e42468bd61

Filesize
734B

MD5
f90bf1659107edae14233cafc1da123e

SHA1
e91114929999cd866b856a5728e8744648be0dee

SHA256
c8c36e3683cc8eaada3e42a839d5fe78fafb09bb9185e79440d7958c9dd64037

SHA512
5c91fa74ae8eb4d533d9786cb3c11041396e8b2743be39c733ddf5c6f31f88f34642a3393f78dd411d2182a764a9122e8091d8c92575cf785cb5a684155e97f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
ed27a7e9bd05a566806e2a429f0d1138

SHA1
c4c1bdc32545c51e47bdab47ddbe19d833cb4e42

SHA256
13914ec5ae405fe5f8cfd2461e7bd11efc9a9ac5ab16d59d0983288b2094345a

SHA512
97615488728e7967c7d8ec3075c422cd121680ba0744c05885d0cba42bcd8db6d6d7090c6df1f1f2323aa3900d538bf94ea6517e9ff390e95d11850da1c78f26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
6KB

MD5
d621fafc1e864719af7cf734f120f2df

SHA1
e262a36acf6eab56097d944909bbe6db499e106a

SHA256
dc8e8593f8e97a6fbc52bf01175bb840395ea8a35564850595c287566f02d58c

SHA512
a9f8deb6577bd0d4f821fd74a22bf68ea2108b76b2a11cf0b951f34078045dee5ff2e50a8eaad9330ce628407ecf9490b621c69c89ee9aa4ba74eb099befdc5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b4f3813923fbe059f173300d8b3b1ac3

SHA1
c30b069fc1142ed2bc48f8715968fc951b83436e

SHA256
7ae2cc238576e966bee570907b2a8cec7d9213cca90269e5c529ad0a302e84a5

SHA512
fc3b4784f62c053c762f5e6fe94a7c45c59ca45fc831bc123dc795572f34dd9b82d7e9a8aa7c4a4127467d8829d02eaea09fc22d070dd6a76411c3aedfacf342

Download Submit