f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Analysis

max time kernel
148s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-05-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	nemu-downloader.exe

Executes dropped EXE 6 IoCs

pid	Process
4656	nemu-downloader.exe
220	ColaBoxChecker.exe
2080	HyperVChecker.exe
832	HyperVChecker.exe
3544	HyperVChecker.exe
708	7z.exe

Loads dropped DLL 1 IoCs

pid	Process
708	7z.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601767289928239"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4656	nemu-downloader.exe
4656	nemu-downloader.exe
4656	nemu-downloader.exe
4656	nemu-downloader.exe
3620	chrome.exe
3620	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
628	Process not Found
628	Process not Found
628	Process not Found
628	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	708	7z.exe
Token: 35	708	7z.exe
Token: SeSecurityPrivilege	708	7z.exe
Token: SeSecurityPrivilege	708	7z.exe
Token: SeDebugPrivilege	2380	firefox.exe
Token: SeDebugPrivilege	2380	firefox.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2380	firefox.exe
2380	firefox.exe
2380	firefox.exe
2380	firefox.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2380	firefox.exe
2380	firefox.exe
2380	firefox.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2380	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4656	4512	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	73
PID 4512 wrote to memory of 4656	4512	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	73
PID 4512 wrote to memory of 4656	4512	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	73
PID 4656 wrote to memory of 220	4656	nemu-downloader.exe	74
PID 4656 wrote to memory of 220	4656	nemu-downloader.exe	74
PID 4656 wrote to memory of 220	4656	nemu-downloader.exe	74
PID 4656 wrote to memory of 2080	4656	nemu-downloader.exe	78
PID 4656 wrote to memory of 2080	4656	nemu-downloader.exe	78
PID 4656 wrote to memory of 832	4656	nemu-downloader.exe	80
PID 4656 wrote to memory of 832	4656	nemu-downloader.exe	80
PID 4656 wrote to memory of 3544	4656	nemu-downloader.exe	82
PID 4656 wrote to memory of 3544	4656	nemu-downloader.exe	82
PID 4656 wrote to memory of 708	4656	nemu-downloader.exe	84
PID 4656 wrote to memory of 708	4656	nemu-downloader.exe	84
PID 4656 wrote to memory of 708	4656	nemu-downloader.exe	84
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 4208 wrote to memory of 2380	4208	firefox.exe	90
PID 2380 wrote to memory of 1292	2380	firefox.exe	91
PID 2380 wrote to memory of 1292	2380	firefox.exe	91
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92
PID 2380 wrote to memory of 3068	2380	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Users\Admin\AppData\Local\Temp\7z76A961A0\nemu-downloader.exe
  C:\Users\Admin\AppData\Local\Temp\7z76A961A0\nemu-downloader.exe
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4656
- - C:\Users\Admin\AppData\Local\Temp\7z76A961A0\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z76A961A0\ColaBoxChecker.exe" checker /baseboard
    3⤵
    - Executes dropped EXE
    PID:220
- - C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:832
- - C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\7z76A961A0\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\7z76A961A0\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.0.405965105\614630685" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7908f9d-e3c5-4493-87b6-74a71bc28ec8} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 1768 24db97f1258 gpu
    3⤵
    PID:1292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.1.28590396\159488118" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e44b47db-60ee-42da-9087-1a1bae7fba90} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 2120 24db933eb58 socket
    3⤵
    - Checks processor information in registry
    PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.2.1465447832\2064927084" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f10777a-1b44-45cd-93c0-b559036595c2} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 2768 24dbd9b5358 tab
    3⤵
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.3.175535295\60545547" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8a5c710-0e12-4c8d-9e14-74558f9ea02b} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 3492 24dae762258 tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.4.1670836759\1647034562" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce617def-d6d3-47b3-bbb9-ca013e091d41} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 3804 24dbedfb458 tab
    3⤵
    PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.5.1524374308\1889758471" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4500 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a26b7056-e39f-4d61-977b-529e0d109540} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 4816 24dbfd03858 tab
    3⤵
    PID:604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.6.27539594\779617442" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b7158a-f7e5-489e-8f63-6de6ca2bd1d7} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 4944 24dbfde2f58 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.7.1159321485\389202661" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d0f13cb-a10d-4fe3-941f-a8bb57bc7785} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 4936 24dbfde3258 tab
    3⤵
    PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.8.778820130\1730405566" -childID 7 -isForBrowser -prefsHandle 2704 -prefMapHandle 5532 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c48470d3-45e9-4bf0-b271-c5a2da4767e3} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 2680 24dbc016258 tab
    3⤵
    PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ca389758,0x7ff9ca389768,0x7ff9ca389778
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4820 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5248 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3152 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=2252,i,17266957904984379623,2769035386572415378,131072 /prefetch:8
  2⤵
  PID:4224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4
1⤵
PID:596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
220KB

MD5
2df4041f704b2a1885a682dc818962da

SHA1
b90827f650631ec3ab683dcc0cb174eb21afb9a0

SHA256
9e9d273bc0625d7b4a3d005ef2861f2aa4e02c2540bbc229be8abfec318b2193

SHA512
83eedace2bb586778f620b418e9ec03e386fdb47a41c1f44e14d0ca73b67f6801e90b118a00f28d36ad7a5a307f6dede482d7a4b0a48954dcc1b143d1c5dc694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
19KB

MD5
99914fee9faaf0da23228235e0e18605

SHA1
13d588c78b8a25c19b1e3618a2377329561bfcdb

SHA256
20d2d61e4f8fb6115e1568e5d5ec890f946b99f7c705cce27c8055c47449258d

SHA512
e6d03528fa50a6745f2f283f8ac49eb1d2bb6dc413e9b561527b9510b9511c83b2c1edf145ca4ca9fb8adf4307e5b22f32aec4a41e951ff08597a5a216164028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
4e3b9d7e3f9db2a225302787140de986

SHA1
8eabc411aa8b2a3296abccaaf9c0eb584a84852c

SHA256
d2eba454dc64a4911aa56877156764f84b85acc6fcd3ab4203198f9089f7af51

SHA512
0e1037e1c85049087daa9a15009e73a16cb4c225053b6d51ef1cb9edbb4cfbb2e8ac04eb70cf38847f0c4275c44ff0bd0e260cc4eddd6fc78e0b1c135e242ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91db30823f1af112c89de272430bd450

SHA1
b316e111e5246186f8202e2fe54e19167921c52e

SHA256
ed21fb646074da076d5b64a169653a39a03ed8ba2def7bd582e37e3b547d55b8

SHA512
8246a2f015015c577e7574228d2a19774dfd82b10f0bfa6443f063e0cb315d431a07769f80ba56d42fce77da3854c4633707f8dc6a5257bbdffb97249a20217d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f3a84d12aa90db52eafc0f5394506a92

SHA1
686563377009c9028616dbd3ee4f7d917c902e18

SHA256
de03a7857b64e9f50c47cc9737f1bc73c0f8583b5ba5c4408566bfda3ee5eb76

SHA512
fc4906ab621496e9fa1fc42bd8111a898847aec7048d408ccce9e7ac26ac7c26624e4ae648cb98a8b7cf738ab72ec18cfc685c8fe2441d8cc0f27e26c8fcd955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8fbde9d5d4ae560ebc07eee0214ba77e

SHA1
c6935df5fe121cfbec9c2ad8d5400905683f064f

SHA256
f5e0be57b6a16e674c6b628b25bc451ed3407ce3650aeff520d2ac7f1e70835d

SHA512
b15d6bad98dd874a2c8dd57fa089bbd23f78952f33187ffe6f41f211583c4c824c2a3fc8a1f24960e27b657b93a645796be4742010775424a6b8c3b7ba645588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a97e3747d156b95e623cfffdeb325559

SHA1
673e760b65f4f87e6aed14ddf3ddb3413161551c

SHA256
4fb226a9e220077888590e8d50c0f116373afa9358a780a2346e09bca43bbee6

SHA512
2e46b90c75f58d2597f4e4619e66d346d1f85200155f5ecb0839d6073e515ea514fbd445522c292627dcad97dbc2db17c72454aec1f036df703365346469e2fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
228c8d411e17944fc87cae722667da35

SHA1
f4bf5501c644d8bda54f28b521d119615579822b

SHA256
c2bb2f279f7ffe41c33d15925e88572f9e1ce2f5312486b188f7a5bb87e3df7e

SHA512
0b73a181c7569c0956b9959cc2a2522108a970efeb61dbe69cd77b6b6cdb060293e95410bab10b14173c9f07f887c101da5f1bc4ef3fe161ea2b0962469cd7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ecffc5b8c9b43032d35a19dc8e476ee

SHA1
5af2d99c4c4893522efa4fba1f474b308edfdc22

SHA256
34597ea1059f1fc8554fba276498da33c3ac61236ffc474ad07e724c957d2748

SHA512
7d34d6164128de5ea6863adf562afb0f3d6d184d62fa4d8e9714058e8f050f87af5ee5a4793fcc340bbe2493f2d753b99c7dec5349e5447a1b9e9cd40ce2c5c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4be17bb6-a20e-4b74-8633-0bd77c8959c2\index-dir\the-real-index

Filesize
2KB

MD5
bab75423a5f58bdcae6c7396b4f07641

SHA1
4519aa1a2710a16875595fbcd03475127cb4f2ae

SHA256
3d0378740cbef63ac9a19050eb0f047e874ca78273e1b5fd92f1679681daa1b9

SHA512
d806dd0105d5d813b18d27a89e28615f5444425fc9a483f9ca4eeb28b24578723c9a6cc76b79691f72be6fb6e33a5a66b08aed98de3b47a9327202686d67df05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4be17bb6-a20e-4b74-8633-0bd77c8959c2\index-dir\the-real-index~RFe599bc9.TMP

Filesize
48B

MD5
669cbc058b860e7502c8aac20a9536e4

SHA1
83c88967d4714fc4b08a69b0ff66fe3c2b34af33

SHA256
3483b4f6616873eff0c6e8adb1d890b8505ca8fbb36a379b53af0c773fe7d4e6

SHA512
98ef31d963c84386cc35c537ebf6344a3cf8c395a59d825ef54b0fbb66b1437b5338e8e9db270681b3611765afa0695ed53e57a4ad1a909388be7527db11f48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8aea41df-52a7-4577-b5e1-cb5666bc3713\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
70d625945ea4d245add96c4dc1ed5d66

SHA1
9b427a5ddf5d0dd0e2cc72930ca9ddaecbdc1cbc

SHA256
01d8e2fc26f503b0e9cee5950fee1d390f16ca6987063ae6034f27cbc1c7959a

SHA512
5c4c9cfad1790408261ce8e46f3ac637cee2f28280749df97bff721b6e34fb353ae15c4365057741beec42b57478133b47a3515c936094909ad6bd60caed7e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
47d4e87ac149027ee7de4ac2a0b30aee

SHA1
f44403ee5d0f28ab550fadaa7ab8b1538a600302

SHA256
f092621df3c740954edf4bef999bbd6e4d80d371817e6f921161572f6acf4920

SHA512
aacabec596995581802dd41f76976f3bd04b2609298f5753625f3c4a35e209a8541670f9bceb2fdb31cab1ed3e28d772ca403fafd042f1de18049aa424fce8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
81b2aff2f816bd3b5214cb343468b4c1

SHA1
503461055360c23d5e32b3e0cb74ea752011d141

SHA256
dcee4cdf0e107f37f97f4f85475d42dbca45d8f3201d6a1db63798478e578fdd

SHA512
b187c4d264e2df46f72ccf601653f1217e6d2bc2eadc3ca16dac2942b2f3d376c7481e46e54f401b6cf1910791e6f6969c957901c37ec7ac8eec98f331b873a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
71b402dc7020632f95495e09cdd8a5bc

SHA1
9d434928f8ef6da39531f77b661c56cca2363a14

SHA256
426ef4d4c1e15a7d9ec1f827fd6007234b5ddb8b802d94ed85067ec5a88922ed

SHA512
94727ae6964112a70ee56c3f8209e8c64347f4f7a090981bff89feb134b10edac7933914786b564dbc09155c6e7d881225cb47be024f11f231e6d5c79744c1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
02491a915b28539fbdf6a5bd9556973a

SHA1
f7bdc63cdd08aab2171248d0fdc2c27ee4d265e0

SHA256
9ce140e557385990094b6f52501c6faac2ff7a9bafb22ba07f9c47750e77ee62

SHA512
e212bd363ffbfd005273c4506655873b13cc2834580013f8db6b54fb69ae9c579c56e388a4e9a77a1cdfdf17ed7a894911fd4bcfa04b4bb2d28e2e055dcfa5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe594feb.TMP

Filesize
119B

MD5
13bba78bda003cc7917aef93487392eb

SHA1
cb23d2b95510e4c3b85f7380b617ead869fb0832

SHA256
912a43b60e2d47c2a507e9e059a5b9bed8d77524760bd8a8232983aac3a0ee26

SHA512
6a1ff47b4980f04714ea2913bd05590b166584ee8d068f4e572f78c5346590cff32e203f0e96b02dc1059a34ce25e5892d312bcb9ed7354dcd247540361b0a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3620_1344041417\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
6814fe9296f37e209b1ddcf35510c18a

SHA1
6a40ed538906a29e88943ef26773f6346b8095d9

SHA256
362a5974031ada8d2ed44333f675e041c84ea9d2745df4529ef611b730f5f8eb

SHA512
3ef44b3d39ac85c5683fdf5f59655d8d5eb3d51a34eb3243be640f2ed5120f749c9c9e84e8212f7eec39073fa1d5407214685eaf81423f5b62494d494fe3dd40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
2a038228008208553c371cae164c1df0

SHA1
6d11ff5564f490b0ff616a3e70cbdf1e5828f5f6

SHA256
bbd88e8119d44c9f8f1dd9fa7d10a7fa71b031c82c95e663d478a72f942445f2

SHA512
3f008f9f7427708f4388ee2d757b2d1c99d40e71937358fe3c6811de27c44193a7652045210174deb34a4ff53a36ae733fa0d10b6f7624684002b78b9b2de024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
6fb8039021bdacf09f09d008a90f803c

SHA1
8bab0239522376cd4bca8c7752824c4a13a4d48f

SHA256
7afddfb2aa3f39f67ade37418834de71d1184cb19f63d387bdb9c6543e9fa9bb

SHA512
8a6ea5ec45dadb34a3e743da2073e6f0107d3cbd930cb363b63e6ec9b406574c2ae9bd820b475cfaa6aa542d9a26cb2391c62c85f5c05123f32dac9655c1f265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597768.TMP

Filesize
93KB

MD5
16831b7fe3fd8f88c82ccd5475309aa1

SHA1
10653a1dd9ff2c387712e14ff114caf83fa2e2f5

SHA256
a1180c9a86a85d4a8858ed720be969afb0fde1882cc633cd7492a124cfa891f6

SHA512
98b27c63690b62d6bc101707f058050161555a7c780d64a2cc3fa8aa80aa2a79d927f32c85e8cf02b98ad09c6f03e525382084b56dc69ea2470425b9282a3898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\7z.dll

Filesize
1.1MB

MD5
0ffa2bff9e56e6122aec80d3c1119d83

SHA1
09b7eb124b8c83469ae7de6447d1b8a7f5c98c61

SHA256
609cba3a8704aa6f5e2623858402bc048de7198a3567a53183bf97de091a3e48

SHA512
42522bf850156577de397e527b8515b1bf0bdeceb170efae71d87c39a25c72c155a2fec6a88b5c3ae443752046f8840cd8afac9c42ed7bcf67aeb9e78aeb5f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\7z.exe

Filesize
292KB

MD5
97b382235264f18a53eff8e891997920

SHA1
cc0f3ad9411f54f70a2b1a1705e24048b06ea65c

SHA256
bf42783c293279c65b00e4f8b72be39e1cb0fcbe14d6679151b0d5e27fd8572d

SHA512
1e780698dbc0963ccbd73976da6898b3c0dc4b4e655a80563585518abd37a1a5561a980d035123011213a83c76320de6c08541caa71bfd6582eb93ff57672a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\HyperVChecker.exe

Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\baseboard

Filesize
114B

MD5
cb557ab8e8509165dc28b903648853d2

SHA1
f52bbdab98eef5c86c682676bc9973cff9f97f8b

SHA256
5daea844e8e6d449e130f210f562653247f3463680d619b2cdfa09446fa9931e

SHA512
d997a8e6829d162d9c6d037b5ad03088aa43caadcbdea87b88a9bdc87ed7bd059539092551fd3d9e5cf94cd42c72ab13f54495bf267a8ba9ea2f4482282edfde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\config.ini

Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\nemu-downloader.exe

Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\run-checker-log\baseboard-139349958354833440.log.log

Filesize
4KB

MD5
62019f103bc7f42f105399043f28ae39

SHA1
7029628d6b8cd831c07210176dd15ae2b431e868

SHA256
3647beb202f6c985db7a15920ccacc89a42a791f2bb5ddb28674a0182493c3e5

SHA512
c917f73382807a549734d641cc3ca8d3369b0afd7017d20ba44c780bb87e3db86856d5b6ecfac3d0e0aa7ee8213f9048c09ab90792eeb139933c43bd73585786

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z76A961A0\skin.zip

Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
bdd9d265a0527501ea0fa2009d42f13c

SHA1
1cbd7b6e3fbdc69063a9f4e6df14a71b551f1768

SHA256
577735ebb96f24aa62a08d73d62c4069e86ddb4b0283866b767821235d10ed4a

SHA512
18d6da74eca868df48abc1f34e56582f87497fadb4878f0443c8f50c6cd93294217051d564340ed2c3896b09159693e5f5bda4055f9f89115851110118644917

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\1425d658-5c08-4a74-8577-172701718792

Filesize
746B

MD5
9638fb0e489dfff5b1ad94ae83e876d9

SHA1
012be1b52eb9f62f55cf6185b0754eb9bf7c4772

SHA256
a8fe6f346c269ae7babe50b20ba2e31f0e420d331b64b5ebc2f2ebaf4620376e

SHA512
8651d005181a0cfe611764f5dac9165de2d3b668e8fc43dbf4631a972f62416a710fd9fe7172912f573298df423a54ea0f05fa0675e7242ac2de308011f589f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\7cee4ae9-aa22-4382-b526-f72a5e92685c

Filesize
10KB

MD5
2f0fe0ce79f1f6a604ad46bfe73533e6

SHA1
e944e6b0cfbc33f5ef2f6e542defb39926c3ea7b

SHA256
03217f75777ec72137fde0c5626349691e800fdb6fcf9eab969b50888c9cb0d8

SHA512
e3f5845d9ae33a99e27085dd1d2268f722a4ab773249b1051e3bc69fd132c8815efd24e7960a48876c76fd0c86ac41a33a8e5f2d8433257447dbc87603819126

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
00629b7786d6b748d81664d559d8fabb

SHA1
7b849c3d71ea9a473415616f3379bc5d24e5d9d5

SHA256
764cbcf4ce6a5fd01f296238949cf51ea5ae2b0e2f892a4032a947bb0c0b5a1b

SHA512
3ff41cacf4f06c341fe215bff19b3aae1302afb7e315fb2a7d1e39ecd34c86c352e16b5754318eeb78212ac920e2d123b9a929bf23208594448de9e98ac74dbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
9dd0fee711657dad38cc1d8d7f9bf5d3

SHA1
e167212c2c50a6209d174f48cb1698b9bae66858

SHA256
113ace4597504d24ae1175f2e802b5f99d2dbb4025908f4ad587a794dd653abf

SHA512
41e53945f647f7041247885b9fd145e52fd198f89ed060b3ccc088e76b4dce24136eadefc3c3ef79e522fc3578e82f16083a6205dbf09e1302b7d432b999e1c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
99b76f6ed1ea0da8f9322b6c4a64dce1

SHA1
bf56b9cb707ad50491ad500de6fc1bfc04e1c831

SHA256
c1aa7c88b1409113209120894ec071a7fadfe409692bd02c76d329a2a46ad673

SHA512
071896335c39fa51f1d28d23049d7e51c670cc126e8373a0d9c2d2f488a3995d44de5394d30ebca101badc7831d6ef3ebe1bf8fbce544c620ce673531ebab77c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6441f91c4bdefe564c00a1486bd7c6f0

SHA1
d96b626caae6a005d6142f36edd22b50f5cb8528

SHA256
c04335552d1f7202eb81a72036a5c8b75fca6750437bca2d0af68b2e26db079e

SHA512
eb5124ec8ef2b26e930f83d224846237f8db2dfee23624988316bcc14cf63a6583327ad99bdce53ffc9ff6d344ac750c444f19ef07f028ec787abb3053ed80dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
960c3a5796aea79b891b3ebf74f897a2

SHA1
ece883d1db7e06050e65f0db46ff8663ff076a10

SHA256
062bda0ad11f3fb642f1cc5ed487b9c1ebf0c7af758f3b36c72845ef84647aea

SHA512
d2e79516aa1b4e4fb463eb9c3dfaaaffe43bf7f8ea28e20c92ca65272e8716750a7dbd795906eaf4652e4d9836e21a576f31ad4d456860ba4a30c95d124b919d

Download Submit