d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

Analysis

max time kernel
258s
max time network
258s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-06-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

360TS_Setup_Mini.exe
Size

1.4MB
MD5

31fee2c73b8d2a8ec979775cd5f5ced7
SHA1

39182a68bc0c1c07d3ddc47cd69fe3692dbac834
SHA256

d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe
SHA512

db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650
SSDEEP

24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 1 IoCs

pid	Process
4684	360TS_Setup_Mini.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	360TS_Setup_Mini.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629633394472024"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4684	360TS_Setup_Mini.exe
Token: SeDebugPrivilege	3924	firefox.exe
Token: SeDebugPrivilege	3924	firefox.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: 33	368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	368	AUDIODG.EXE
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
4684	360TS_Setup_Mini.exe
4684	360TS_Setup_Mini.exe
4684	360TS_Setup_Mini.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4684	360TS_Setup_Mini.exe
4684	360TS_Setup_Mini.exe
4684	360TS_Setup_Mini.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3924	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3972 wrote to memory of 3924	3972	firefox.exe	75
PID 3924 wrote to memory of 4208	3924	firefox.exe	76
PID 3924 wrote to memory of 4208	3924	firefox.exe	76
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3136	3924	firefox.exe	77
PID 3924 wrote to memory of 3464	3924	firefox.exe	78
PID 3924 wrote to memory of 3464	3924	firefox.exe	78
PID 3924 wrote to memory of 3464	3924	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe
"C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.0.1226807456\1346059300" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f07d706-688e-4282-92c2-4c508f3383a5} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 1780 1e1e2ed5558 gpu
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.1.693161636\414944967" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b788e50-d6f2-4aec-bafc-444dd736fd8c} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2140 1e1e2d31158 socket
    3⤵
    - Checks processor information in registry
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.2.1259634669\1252413928" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2920 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4d1f54b-a967-48e1-b98a-467ef5c28c90} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2796 1e1e7490b58 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.3.1430451504\982542095" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c888ee3d-79de-474c-9097-3272708f0b8c} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3464 1e1e757a458 tab
    3⤵
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.4.1317192149\427125088" -childID 3 -isForBrowser -prefsHandle 3144 -prefMapHandle 4396 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92402a9-b812-42dd-9a6f-d68324461c10} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4416 1e1e9661558 tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.5.536656153\717906253" -childID 4 -isForBrowser -prefsHandle 4784 -prefMapHandle 4776 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c66a5a-8130-4ead-93c4-de5db2b2d45a} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2608 1e1e9660c58 tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.6.51918888\1633773851" -childID 5 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f75674a-2c54-468b-9eba-639e46f290c2} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4984 1e1e992b558 tab
    3⤵
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.7.2105082393\568353133" -childID 6 -isForBrowser -prefsHandle 5004 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd630573-6017-429c-98c0-fa90a408acde} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5108 1e1e9f7eb58 tab
    3⤵
    PID:3972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.8.160790280\495704823" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5632 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ef9e5cc-c970-489e-b97a-06945a07d226} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5672 1e1eb3b4558 tab
    3⤵
    PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa64db9758,0x7ffa64db9768,0x7ffa64db9778
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5020 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2924 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=480,i,7859379245889964113,18226078101625455518,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
efbafc0a025e622e550e41b153960ca4

SHA1
c877928f8e57577b747e1158871af87cc2d89247

SHA256
f4d72bbc8e85aa77bf2a9b370b5cc1d6b96416b399171affd115d7d905457649

SHA512
6ff033d89a9940e5e7816b0f29ea8dc11f30a03b2902feadd079d9fe8e9cf198b7b2387ed9455dcd93599abf591defc2f7c381673393f9178318b863f7eed8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c740d1ab81c640857bfdb6cb3a3a2627

SHA1
fefa4b2e50dbd541146bc53b195e07e268bc3005

SHA256
89a8199da3f64ebe9681fcdeaddb633c9f5bea0bca0514f60e1991df3ed27e0e

SHA512
e1ca10a07fe0126035be0ed316c3665a95b09e3fedd73e87b4f66a34fc5e8de77b7fb2e13edeb736064c56a0b87b366c6d870b0c15345d8e419766450ac56cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
279c12af9f438183373bd177f51b074b

SHA1
46c03c0c5e1a9393290de0e898a3cdad8a9a1691

SHA256
c9fe39224a11e6665e70018cdb4e7ffcda05f443f7bc767f42fe7464bb784a54

SHA512
46465a4341ff2486a9b7fd04e400cd33bab61ff0b25874be0ca93d4c1a3a096b422aa6a413ab44b171b809e1a0e4fe1ed31fb2fea5cf36917d5c8f3703a61b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b0d95310d1e9ff906788ab0c1a652e4d

SHA1
76f61fa9370db7b014989f7e8689e86d48131176

SHA256
b49e3d014ab1f2fd9b3d1db653a4d48b28ee078a21007f73d5b27121b34d4a01

SHA512
07aad995429a97fb42f2a1a13c8a5d97e22085919a2c7b41b10a8ed37e6d29f5665ab151ae27fbff5c8cb1cab16dca8b883c5fe59d373ef1bd4f34c3e1e698b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f7b9e9932a7fab67655caa7be2dfe118

SHA1
f6eced25addeb6c99cedb1a58a9867349059ecad

SHA256
9937b0ee4c26ea373a37b401a83d1456b8dc985d545dbf8959dcfde5102f394a

SHA512
f70db50a0790dae07ec49e3d7ae7ed45d66625e9ec966740c64858311272d7974bf6a8f56a6436fac65e09254e16e9519494e57876797fa930a144e559511c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42ffe3480f624608407208d68de1810f

SHA1
9b8ae09d6293951bb18feb50390ece2e866640d2

SHA256
4cd7915ef5890e2402d430a1ce330e8d73eb41cbc2777eb36827333a008c295e

SHA512
d369b1e35f9b683b5a6991ad45bb8b9f5cecf551c329824f2acf52aae9ea105f56ebcae1f8a33dea38d18bd47819dc824b9510bd1c8cd4cf16f1704cab5bca69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8358cb0963eb4e395f3a3de41038ce53

SHA1
e99e4a5b3444019ca41b3ea3d6fe384d2c58496b

SHA256
232c70523dab6127efa0d4c4162d63367b5e4f29116b0cb0ec2a9cec013f20d5

SHA512
4f3396dde98c667cad558c3f917d6db1963253c53fa482d21d7efcb9ee264f590dab59b9f9d2093b689bac5885e8472bacf2b49dfe8ea2c4b11dfb65a85f6fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d88b076a90d62bb50c53909e38ff7c19

SHA1
28e0c27d6098b6e66ac5ca3e00e3540f0ac36697

SHA256
57b38ebecf32491186c7f7c03ee4028beaacb90e094a9060d7ec272e38b11ea5

SHA512
5e0ebe308e7c1c0285d26151af776960c3c1a7f49d9847490a91d6b91ac4cd1889913bbd12826352289d457436bd2b41845ee5ba02004b2c09e7b3cebcedc03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\901b1e76-2a03-4e44-a5fd-2a2967813c5c\index-dir\the-real-index

Filesize
624B

MD5
763571e994ab910bd9267adf27e67c49

SHA1
2490537736f21e92f22fdfe6a7b7243a8a299de4

SHA256
cef26a80469bf7086e581008b003fa09ad58e9d130df497722beb5cc06d8b420

SHA512
d4e0ee95e75948541e81e838cef7a3b8bb7693965d600957f3c49a80be07bcdb04c8a73c2c3672111152c4dd7a4bd4bcfcdeab786eee5742e83f576f59e0663d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\901b1e76-2a03-4e44-a5fd-2a2967813c5c\index-dir\the-real-index~RFe5a1c44.TMP

Filesize
48B

MD5
380d8789ddf7346d2c4ae9879d157f52

SHA1
a1f5f3f46fff54be2b016effee682bcf6b0a1c6c

SHA256
275cdf8d552689ce0b1e343ae31894829f3dbb0d3d3f394f864f0c9112fd0998

SHA512
c929f374d2aa80651d57ba6a33f7061cc6d8ec37613950a43495ed4c648fa5dde1766eb0c513e122b418f5504a821cb4b9248a838280f9cbe74bb36f7d173b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cd5f857a-b5af-4fac-abe4-7bbe5b87b35c\index-dir\the-real-index

Filesize
2KB

MD5
5dd3903f2499c30a440c4fbc10ea31e7

SHA1
7e708e529f079adf239401eaa1ac7ddc01857d5f

SHA256
67ce730bc8fdddd0370dfe29f19e3ddae35eef8f09e1b5b18a53de1e28717445

SHA512
16ffd3179f2957f8370265be7f13392d308940d16e7f6e79678857fb8d2f286a4c6cba013875b3dd5d0857731b701278981626acdf9784e845f5d9631b5aa1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cd5f857a-b5af-4fac-abe4-7bbe5b87b35c\index-dir\the-real-index~RFe5a510f.TMP

Filesize
48B

MD5
8b14039dcdb37156a6910330ff32866a

SHA1
500d649e78219cd44d9e64248b36deac713a29eb

SHA256
45780fddc21fb66780410e6bd9ada66b2ce2e9d0421c42804a26bd602b4b5091

SHA512
b330db76dc02ad7aff19da1cdbdcb9bc0cba11d38405df333c6eba6ce9d5733d2784e4d3de346cabf2b4fa5dcd0092564e21590ba0dbdcf15962ac23d7a4abaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
19a4b92848a300c80cd9b9fa57215634

SHA1
88f0bd45663551d4fa4b94040d60860d7463a0b2

SHA256
011073e9ed04f502b0e59471e99afd434d98d111da951cd83b6db4df6544151e

SHA512
b127f835200b160ecd0babcaa0d92902be864f88878bb410e90142b22c41430b935e28b8f56c0a0d26f4a5145475af202d4050772eca55f40e41ea77492be2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
14a0ade72c975bdd26807c56e987e275

SHA1
c3a587eefbe0fe1559b8cf5e1ae8d9ed4f421560

SHA256
947311b06058c7ab991ee128a668281a5b40aa0a8eb072554c22ee1a06d1e992

SHA512
dc2adb2a80342a3d3e90ad3405dfea43394ceb19829b9f8ab28f219189a6bb5f9ca9c966dc26f547d9d6a468365b19ff71bcf6785c72a550b67f101bc3e62c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
58b9e788bfadf25b086ac02a65862b03

SHA1
89c5939b91d85b5a41aa40bee8206d507422700e

SHA256
2e561d03ecaf22f4c5db6efa4c4e7f660400f51eacf0b54311cb4f9801a2ef38

SHA512
c8a556007554aa7880518c37d010fea3df571ba2bc4c5a11ea7814afe2da55e98ac7724dface1becc9c2e5fd0624b7c4c47016890700487753cdf62a75ff9460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
3da0dcbf3158262ae4f4578a66f72bd9

SHA1
ac0a296e201e8500fc7b712e59aea40c7b8a5805

SHA256
f4cba69d94fc6f4a288c18a40def7b91d3b00bf7e6f5d78bb09adf572fca57c6

SHA512
f6d97914758eec71f9d17c1ca81406fbefd2a1367ff30c85400a9ca69bf5396317df22be8ffd92c459560be5bc81cd09d1b4f07a948d2845697d9fc316d3f99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59c5a8.TMP

Filesize
119B

MD5
c2c3b830ce526d31a9884d3f5e795c54

SHA1
9e503f50d0caa1eb4d30e27fb0c6ed7da19e700f

SHA256
93b12bda1d290035eb82639a4332c771e01b09912632849c9ba54ad732e8a4cb

SHA512
d1175a755965da12416a6c29be80492002c6c4aeec70a130f8397611f84b90cef712da79e37149f753dca6e794850150144c54f271ab9e584322cecd18ca3ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ec0d7397451186c742829828699b010c

SHA1
6fa08776a70c98e1eabebcbfe9c813fe10c42cd8

SHA256
534fb9cd2356d2ce84255652b8fda597671573427848f852283adedbd220a4e6

SHA512
b6c99b034168766246aac7605245061774eb56b3a4c13473d3af993798b243d45bdaf91662624e9fdff2c27b04129f5bb2bd1cb4536810c02ef636b077689a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1500.TMP

Filesize
48B

MD5
e48fc8e442abf197d4b3a7361ef6d962

SHA1
adbb47d7f3904fb0410afb3f4f615d1f908ff68f

SHA256
e724be4a8d6e2d4d13ba1d58ac020e647e60b0904dd02e9c4ed0f3c8a109a900

SHA512
5b9434f19f0629b63fdf1cb11259e4acd1fc69b540c3cb9b5b2f6cad5e2732c39862541e445c6aac5cb157ca64687845a757b05e90fc140301e3c4e4a19882e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3704_2087662582\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
dfcccf835b58a03086aa1d84413558f9

SHA1
5a167f788bbf2a5f4046b2760abf9201fb2a8411

SHA256
02bfb5543794ed46ac36957b5fde69df6f8ea121169677e058d06299331cb447

SHA512
aaff719628ecbd2df436ca72de12624e45fd4662e3227e2e86b40c303dfffd166779df506fa46de5a98ae207fc87e842670e13acadc9254222ea6312a1a790a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
cbc70ec524991466bec9ab91a1691363

SHA1
9b85d537c5a6459927eda608cbb17361191cba96

SHA256
9a0d4d80e9344e30077d8f0a9962579e16d54a78c02de72d48939b505ca9af42

SHA512
b8c690aa09c0f59fb69d7e9ebe0de5744750a2e521f34408638e1114e7aa679014d5be581859527b23ae80c5ccce8537bba5b46a8540f6e515195b6b348ef880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
55c7e5dcc9a287ba012efba3a62cee61

SHA1
5fe24a20e53d402291933aab00be449e5d456d9d

SHA256
cca8fbd5c8020a4b1bba033d622976020b631418de7ac780fc98c84aa9fbf88d

SHA512
30d6f1ed0fb9afc7fbf9295ad50ccc792bc029ca9e2b748b8a3f9da9e1a6b48a2181aeb34f6c688bb756f68a6f15a5a6294c0caeefffe1a06e06651d60283b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
8ead14261a9108c709e9df464aadd69e

SHA1
787f30708c2a9f44868efb495a841e1b01353e08

SHA256
59983ab5689dd1cc77cab78b599f67b9b907817d03e10b517dc9f2c4f0e7cba6

SHA512
6308d6ffd909ef762f6c17579a276fef6447668e59fad0240c09ade22dca7859950898f3b74c0b358d2cc4a86a00877ad53d2ac329719b34e8ba5c5b43d49761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\97E21079D4338ED644D10F3CF8B6CCFD6F24DA5D

Filesize
60KB

MD5
cbdfb10aa50791ade404bd8f0ba29f28

SHA1
6aa6021feba1ec5af57dbfe69087355684210fb3

SHA256
e5b0df37b8dcca278209b859ef174acfd957eae7a32bddab745a43eab13e601a

SHA512
ee421b2a27d9845bebed525ff9d6780dcb977e7adacd37b1cb053e28681e3011c4ae969d12b44f544ee5996ca0c55352c553a12328a0517f0cc98b662cae2c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
653B

MD5
9762da1629c6f6e76282d00a0ecb3e23

SHA1
ed5600013e3d8c29f1ed85e4dca58795b868f44e

SHA256
e00b52797737e088c6213742a4e42e8da58eb0a30decbc219e09ee1ec2576df4

SHA512
58d3c304766ed09aaffd2d986f9eb26152e442062f18329ff031b5da0c5008f5ab926ea4ea2a1698a9aa3501baff01ce336f4a8fa7642a1e04cab9c24d34dadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

Filesize
830B

MD5
ccc8d9de176911a3194584246c9911a6

SHA1
9c3ef9a68250929819a742ea3c476740fd2f230b

SHA256
907dc39171aa7b9ab602b113ffd240b2ceef8df590296337242f275edded096e

SHA512
1563e6083a9467e56d93d8fdb4c35d25380d7a4695589af4fed94ef9e3bfe2c05b96e3f5082a261da432c0a3a40ee13e0181f5394aeec8108182953b6a432dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7EB9EEF0-C7DD-4f1e-AD92-75CDF1004566}.tmp

Filesize
3KB

MD5
b1ddd3b1895d9a3013b843b3702ac2bd

SHA1
71349f5c577a3ae8acb5fbce27b18a203bf04ede

SHA256
46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c

SHA512
93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f06abc8514f1fd4f551d74f04192cea4

SHA1
3135d19dc0c6bb25394db7b2830aa731a6419ff5

SHA256
0b321b436f08c742d0c7745d76aea3681f657094ca79ecb7dd68b85b4a2f5c28

SHA512
072c4d83a7b6d7e8f2b2c255791bf4c4d09d5f4092a2283cc2736c4aebfb4f5bbbc8a0a3dabc3ddec0bf5187742f11bd7c80d5c982d40f37f48e7b71276e8bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\583121e7-c0e0-4277-951e-c10c480e8566

Filesize
10KB

MD5
233abd9bbaf17d32eec34a329253f01a

SHA1
0318480b9d9fc59175425cdecd49f7ea52d93857

SHA256
a070c64d44e5309980cb2e69cf61aa5676a8155dfa9382f67c8b6b58853ae914

SHA512
2070deed1f0cffc8c75fbf507f4e78e9e5af871ea530a5c429425290744941dfdde962cdbd066ac86c4400ac5486365be629b967d487a12653709191c6ff82f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\dbf1212e-f1ca-4b53-9bb0-46bf957c0a0d

Filesize
746B

MD5
c09aac8befa497980c172f73226b173d

SHA1
6ee163f5b951331b5f0683cd01793170d3e4797a

SHA256
6acbfd98e3e3998029a81313b83eb93310555be1fc70a2ac3730501373743f0c

SHA512
d49fb00033d3308568e13edcdb85aaa199302dd13512b6a9430b446ae1b8c59ecaa28b154ad87a798f475c70eb8b934b77c2f1b4e2fcbb3f5c1ebf22fe7229d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
ef50d8183999e059ae6d51563d0a56d7

SHA1
2c207df9549202eee7eedbedab573f474db8bb1e

SHA256
e31b32a7c35d2f707e447fd93cbf187415162f7650949069bff165cf2926076a

SHA512
efdc8082caf2f72ddddeb44b6a2aa0a4a38dc88669d4aa9ef8e8848f639cfdab6209a04a20f61b505d3490501e58a9f0d9f1c0f7f24439c7cade6799f11875f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
235399eb7bef997dfa09c4fcd926c5e5

SHA1
1d18c256a6454afa7090090d79ae5a8da18ca513

SHA256
4b98b2c90eb789b37bd138c0d12d89382a77fa61073b528be5091ca1a022f3a5

SHA512
768a9a2ee54c0c5a2cee7a33e42508a7cf403d3f64db8deff7e6923bf24f24aafbc2365a13abb5abe959b846e708c151af093ec939a26f2d1ee0688139bcf9e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9c5278b5e45ed102cac13e2b84810cb7

SHA1
27454f1a52206ee76ba23e5b97158bd98ed87011

SHA256
b1bc7c73a35a18fd0f1b81470f65b6c763a26d690dc63a1bde3ab7f635f45fa5

SHA512
ffe9784954e20395437404e01434abec9c863c8506c27f355299724947dffe8c9201c8c285c0f0b43b3e7f214bd6a36fc18cdd310d82ff2502d921272b706d8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1c1a8a29d5540d623280c609546e79b2

SHA1
6a41a03cb8646cb76897b6ef7c3e6bfea57e45a5

SHA256
94dfabcc9f3255bcb1940c7bd4f85f3669c0a769e96f586f51d3f9c6b4191d0b

SHA512
cc8992eafc84f1cbd17321063fa3ae90aff44cdd7c5efcfd34f15399b0c6ac7cb8431ae858c8489219a48193fb9894d268f8efb88b8378762179de34cecf9493

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
05c9f7f4f876113410263b8f13854b4d

SHA1
72609852173d6e7f2a130eef3329d04919105302

SHA256
8ce175a599420a750703ce15515fb694669cf1ef01f31463c6a372467187ad36

SHA512
191814d4343cef20c2f7dd7714ad4f159880b3858293ea9ded641b4a84cd3a6979f663b7d13fb9fc764c2b63858509ea73cfc82946bd25d4085a8a96371f84a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5d53b58a48bc6a811c28917ba8de276d

SHA1
3ecd63beee7ae649b47dd103fccd94f5c19baa48

SHA256
7383093314597b8cdb246a1be2cd11088ab93e28d3cb5192097568548e188b63

SHA512
7a2d9c2370c69c54295e3f5340b986fb9b1d93d8932336d0e736e4d2cdd5a743715d307d90ce563033b8c51f115ca297abf4c0e18781279ba921caed19d9ac47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
d9bc0ea69569264489b8f478e1c77e2d

SHA1
cc5d812a0fd1988450284fb941c825072ab30694

SHA256
49ac6cca6458bc56e0ca7e8f875363519cb001dc9116285cce8737215aa3d973

SHA512
66e8438f203531c1eb51adbe05d17bcef1dfec3f334a83c07fed781ed15ad99594718ea1b45f902a2effbce1a6fafa3f2ed064abd6bd3d66307d578d0763dae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0ed2663971e8051b2bcb574926400fa8

SHA1
467756bf41c377bdb07c8be10d5391f1df1d80a7

SHA256
0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

SHA512
e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

Download Submit
\Users\Admin\AppData\Local\Temp\{4DA27926-8522-49c7-96FB-7FC68D3227D9}.tmp\360P2SP.dll

Filesize
824KB

MD5
fc1796add9491ee757e74e65cedd6ae7

SHA1
603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

SHA256
bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

SHA512
8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

Download Submit
memory/4684-9-0x0000000003B40000-0x0000000003B41000-memory.dmp

Filesize
4KB

Download