rhadamanthys | bb1464e75c750d90c0c49d148c9e64eefe0c29b2f670d708c8085ddd3104dbfe

Analysis

max time kernel
206s
max time network
208s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RubixLauncher.exe
Size

355KB
MD5

8a6f1580a5b9b94d7cd47cc6b1af1b9a
SHA1

e68768afd59e18091d345cb300e859572e8d4c5c
SHA256

bb1464e75c750d90c0c49d148c9e64eefe0c29b2f670d708c8085ddd3104dbfe
SHA512

1663a9e0868b3f5d7e1edd30259024e419c2d190ec8c31e76e66aef0c8a0e02da0c829584214b9e2f76cbd349a53bf77d01d03e9b0e9c8a99eb18021b1d53309
SSDEEP

6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfqhsb:gf2R/EEkCQFYDwRqW

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

RubixLauncher.exe

description	pid	Process	procid_target
PID 1480 created 2520	1480	RubixLauncher.exe	41

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

RubixLauncher.exedialer.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exePOWERPNT.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

POWERPNT.EXEchrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673712473622334"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

POWERPNT.EXE

pid	Process
4120	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

RubixLauncher.exedialer.exechrome.exechrome.exe

pid	Process
1480	RubixLauncher.exe
1480	RubixLauncher.exe
3868	dialer.exe
3868	dialer.exe
3868	dialer.exe
3868	dialer.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

chrome.exefirefox.exe

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

POWERPNT.EXEfirefox.exe

pid	Process
4120	POWERPNT.EXE
4120	POWERPNT.EXE
4120	POWERPNT.EXE
4120	POWERPNT.EXE
1344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

RubixLauncher.exechrome.exe

description	pid	Process	procid_target
PID 1480 wrote to memory of 3868	1480	RubixLauncher.exe	81
PID 1480 wrote to memory of 3868	1480	RubixLauncher.exe	81
PID 1480 wrote to memory of 3868	1480	RubixLauncher.exe	81
PID 1480 wrote to memory of 3868	1480	RubixLauncher.exe	81
PID 1480 wrote to memory of 3868	1480	RubixLauncher.exe	81
PID 2560 wrote to memory of 4108	2560	chrome.exe	89
PID 2560 wrote to memory of 4108	2560	chrome.exe	89
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1484	2560	chrome.exe	90
PID 2560 wrote to memory of 1192	2560	chrome.exe	91
PID 2560 wrote to memory of 1192	2560	chrome.exe	91
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92
PID 2560 wrote to memory of 3220	2560	chrome.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2520
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3868

C:\Users\Admin\AppData\Local\Temp\RubixLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1480

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\PopShow.odp" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84fcbcc40,0x7ff84fcbcc4c,0x7ff84fcbcc58
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1384,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5020,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4300,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4312,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4932,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3760,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3776,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3424,i,10790587289901931468,11097286472713115297,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2564

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1684
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1720 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb016d2c-f96f-4b00-8468-157e9035e8a0} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" gpu
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ef269ec-7f23-465a-88f5-7502e307a5fe} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" socket
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 3232 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4d5fe3-8d2b-43d0-adb8-96639106e0a1} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3580 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82facd67-94d3-4e3d-8d38-0954f3c1836f} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4472 -prefMapHandle 2576 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0397b1d1-ea05-443b-9980-10729d749941} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" utility
    3⤵
    - Checks processor information in registry
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5436 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3dd4d9a-2dc8-4020-9179-8020419a6506} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5236 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d94fc966-bc7c-4b5b-8f35-48c8f0a4577a} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 5 -isForBrowser -prefsHandle 5828 -prefMapHandle 5824 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f811bce-aeeb-4807-ab02-3c293ae94f05} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 6164 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a963af4-f5a2-417f-a271-98656b661dd0} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" tab
    3⤵
    PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\01c16ac674a5a2df_0

Filesize
19KB

MD5
257f0afac76de3acb9e1f71373d881c8

SHA1
682c7c1fc3b7add11a12d707ff41000aea44b01c

SHA256
50c7231c1fa76641249c4800e23cfa4f8829e9e9295378146801eed22f1ff2cc

SHA512
f57465233a74469bb2b980c7e524f1bb4fa2dbd6dc7314c9b29ed3739666c7da2df6392419857a39b92acd2224f08a0ea1c50f52fabed75b32805774c632d7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

Filesize
280B

MD5
6b3fed9df39d100f1be0e8556c3bf5a9

SHA1
fb396773eb68c28e84676d14032383d20d264064

SHA256
e5a9e3bfebc7455daa49570af99aa3297d0a704297db0ba71b686133e7e91d64

SHA512
42336b03553f620261639da8f77dc462b5adb60f92161c3d22f8cbdb38e2f9a9e9cc0fda9463e21b01386b578868ddac209ebfb381dd75801297ed35eb68b6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d9f974ff738418bb834ec10faf6d4d24

SHA1
65e7475f0a21e39fb91e4687934372e3e71612b0

SHA256
457736173b0dade70cf5d0f02561f2f6510aad1e21dc8982a0a29d885b920ec5

SHA512
646661191f4bd8ae0efca55d61cb3fe3928bd2f217d6840ac9c69748ed9014a21b7d7cf6d68e9a4b5ce04c90d0855f78a98b70f9d577a297bec0215756cb2e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
739257767f333aec70346500013643f7

SHA1
3f2c9e83822e87582edbea97e560a857448c4134

SHA256
f13c79ddd5c53d5c693faceec897d1b0145af8579bdec1e3e57521f8d2ed770e

SHA512
2d3a1de57364693cd6e2b613c3472d1bcaab126f3000112e716ccaa29ffad538455a5d3e87e7f8fe04dcd0140534a9ac971aa3db7ea684fd08a1bf79614a800b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cc3b1550f2354f82c51c7a17f75277e9

SHA1
03892d9281a725406df062dc3747df57fe480d55

SHA256
aff4999e3fc4ac7f85a24dfddde60400276b3a5ffccceeb169b7f7d1d1630c1f

SHA512
3cdda6e920bfb6d1dc761a5095c92021dc78a8c9153ee60a3ffd10fe85151f1c3c904e943c0481b7cd5d01ac39d4e97c416f29e7fd1b7ff89eb32b037c728122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ef78e33059bfb0a5d02f4f750d025aae

SHA1
401a39499cd9da5d20dbe7720f4ff8112f7ddab9

SHA256
c002c51a60066c06b4f2c32cfee47ca5a044d618b8f4eef7b1bc6fbbc3c2675f

SHA512
f28bc63281ccd56fa218e6ffd8e57a870b071013583e4a8ce84fb2fd5859fac71ff015c474ed17b17732215396d50dad0f84d4a1396582f305526354461a3c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1e4948570be908009e592c2d8e1fafab

SHA1
32c5c0546d798679250793d6c6ac080b873d2d59

SHA256
8e6a18c809d2cea7fb15a994b81a3269ce3e7831b34f3181c1d719cbd91f8260

SHA512
88aff441291f1aa2fdedd26ba437574669532728c5205c77d7a55a2f2a197f70aee392fb90441760cbd105efb13ab76f64eb85b14e284a2bb77552497b794426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
742a85c4263fb3cc3432cb6f2e9cb484

SHA1
14740a6c52350ec91a3c5a5eef462d9ef106af1a

SHA256
c452f6c27e92cb87d3f3f193ef6d9d6c349c4713419ab11b7b1edd33372506bb

SHA512
e51f9e61f63fa3f95ca263ceaad59cb83500f61f36e11c327a238e0033e638d8c9299d47a94d5cebf4c8ffcc29bf1735012dc7a3455a03613f846004e18b29b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d2a8fa0571bdf444096ba6c88b6f8107

SHA1
2dc13a8243ad576f95ce6586055dea7c15f534f5

SHA256
f73b78ab66b443816b287ed0287f5f0643d926405238c7a15ba19c676936d0ea

SHA512
9e80f6a970dd1632a80b31378a69f40942bb35aa83bcb4e695decbb53aaad8d550288e89d5dc706695b487a04a3dfef1664624ee2129c80f884b4093824c3381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a337376b988baf568d5a99adeb22433b

SHA1
2a8a0bacf4b669624659143e6ba3efd09ac0b6a9

SHA256
c21d222c904cb499f3304185a838e26b9cbf70ede61ac09ca98e5662e9a36f14

SHA512
2192212e640770e7005dd53fccaeb012bf8cc87cf79a635cd473d18a3941b1f86e6e750da51bbaa0e51821be2bfbe5b0218824b7e795ad91be24f0dff072b77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7c4be242e88398922066bab98a06b050

SHA1
746e2d0bc849a083f186bb95858be8ef7666f772

SHA256
2d21a3a51516508773d97c841de6da534355cb564cdc6e08e5bed9e54f4fdab6

SHA512
920884a13fd44e2721015e795e76d869116621b5e5f0ef1c450a23ca96081fc4918fd59cdfe17fc2ef2cb86c7c184f56e9b2f4258b3df1de6163ee742b470902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
75ab35367cadfa7248eb4d3c98d2ff9b

SHA1
06b3368123f551e571425c02a025d76737a2928d

SHA256
e90ab7af991ab5628cc482ebba3ab782fbb231e05ac325572e450e9d1e5e88f1

SHA512
998eececd2b55d1655b5a67677e3e99e3df47d5712f4a079f69c518f01bc76826af65213ce24cf16fe88563e6c2be4420089faf7cfc1da2cd9f03fb833a53ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2940b4fbc6095ded25b594b9a5e5f83d

SHA1
f59be4e7af0951a9a985494677a24c8826d65cfa

SHA256
e0e7cbff30e0627ae0760f61e64e718ce4ab0892f1ecaccccc6edbe87e821a07

SHA512
b8c62d5e1af20f213591c1ce9ac49fbed251d193f74a8bfad47f1f679b496239bf8980b068ebd8d3e4c73cd1d205eb233e7fc90211323f0de94d91586ef7b805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
898f3f69ad31a7b983483fea92dcc05e

SHA1
14c6394ac1c9d01ebe1983d0266c850562b7f45d

SHA256
2f61209ea68845931b030a49f0a4a230dc2a1b319facc44aa1b1fd1baeb3f74b

SHA512
377701557713a4914106cde2a92feb63dd498a162c3f44831fa656d87ea4f0b7e77963c7d06e25227e3651a78113fbb9a070863f3a4f907099f965e5cb2f14cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d649a6447adf7fbbea610149ff470c9

SHA1
78caaf4cf98444718180aca99c7fdebffc6b3260

SHA256
efd01e630c23e07f3664e69ef0858c2402edabb4ecdf71e9a9e1fe7ce7306d76

SHA512
23bcac46a55c2868fdb5b6d6d43f8f15885cb039c069fc94299328d7c2d1c0c9b0b78ba62b6ae4d00650fc836c459ec953bd8f7cfca1493f80c6757d8b89db8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8df948265bf3cca15dcfb3b0de2fcdad

SHA1
0d3f9136d26b031c95e26071b558fef464286c8c

SHA256
93c58ae062b2a822af30a26942fbd906f76cc0a9c320ee45d7d9fd03924624cf

SHA512
f79c9b9188c19df5f6d2c142ae5280db64341a6a2031de7a1251c214075633e3dec6afd4f8a4a18c7cf9ab5636af16198983d74c16082aaa235fd60b6fea61db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ed617b3b0adca96123ab5eae905d400

SHA1
bae5e73aea1c9d7116ccd2436ea62242f5e772ca

SHA256
2649e3ac91fb63df02b8ef6482cd7bfc8fa1c044e816f6a4f09b9fe3c08b894b

SHA512
fda2fce1480d9035ce4777257a1dd77b7ecddef32afe9a4f2e0373d1dbc4d83aeb65b4062e6e921ad7b90af36bc970c4005a3c700f1897e9cf934dc2a5fee250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76efc3ca82ee76aeccc13cdd013f0935

SHA1
7c8a47ac69c5b22bdf8080eae5a76f106597153a

SHA256
084c7245d643c73bba30a17acf132d507b4311662217b8cb7568fd9ee612b134

SHA512
925676e27441a53618dc90ff456f59d880887ba1b51368a29bafe4849fa78ee07eacfa9afd0026bda90e5729da50388003a93badc467f7b0f53e189702e3adf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32acd1aeb39ff8bfeb0da602530300cb

SHA1
513876bb9ff2df77f927f3249ed1c847c1150027

SHA256
a359d2e8a04703040c7d8d120fa0277475c2793c670634305d41fdd770f71fe6

SHA512
ca7792be3c68e74af6092cd1520a058e2049fc4c3ea4465a3c07cac24e51c529d78221d34a41bed58e2024381ae141b0c0544e7334d303ab3b08162b1a5afb06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2cde694811d79be8969a5fa1d3382be5

SHA1
f13e5b9b8e6dd56289afe0f7ab423b10ed843ff1

SHA256
a0ea7d616d4ecdd7ffda4bc15a7805eb545a19361bf0cef5c64336e84f278645

SHA512
70390e5086953a959928f3355d98057283c8eab43f5b652f98d063ee4006e9e6807a50148dc636a12ad2d12676d65a8d18d7be637f99a6e062926dfe81905707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a3c58dcecdf998f718a85ec47fadd17c

SHA1
8a964141994d039803817c152e65c6721bc85027

SHA256
550feaa324618a4037e126b42c523b250b7ccbe8cf1a97a2e1a1d47440f0220d

SHA512
e556a00bffdf5f507e904d80508481b5b32e2b09725d2f2ae7a1b58af2760633203812380a2d3cb631fe38ed4a373ce9b636e365a2ed5e209d1a5b99db43b6f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77563ee42685fb2074aedb9e220a41f8

SHA1
20df397086474fe38a27ba1641dfc3b073b4b6be

SHA256
ac93b262afba4ba324cd689ccd4126e8c11acc58e7187a2b387eb4f3e4e35720

SHA512
a0f887ae0aef89c2d0c50a1e71ca4a7eaf46bf933e0e201e2978a28b595396f9eaaceb25e193734d4c31ee70b1e8e8893dd0b900ca095ff38c26c899027ccfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79652b43c9a59e13e77cb2662476a6d4

SHA1
0832ec586d4e02f2c9300963ff9837ca9bed1c58

SHA256
8a767759b407a724aa91ba14b71bcc2f48a81048e89bdcaaa02c9aa862afc028

SHA512
d2a36be4e86fb316c98fdb1c18e469c68256f5a368752f2dcd43123414522d660b25caa99b1c53521f55fcb3691b00ea08b431cf0f73f9f2af0331dd2feb74b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b4ae1863101453ed70c4503ba1b1502

SHA1
599a5f4adca906d11991402d4e8a6d7b3536ae86

SHA256
05c9b2901c0ab0d1a4f831b23fea63fc8c20d715f2bdaf95564c050165a75d14

SHA512
2faecd2bd4953c78d0fc2ef1447e3ad705c737d3f8556ab5ad38a5ae853fb1e761c16b994cf70d217d0e4cd142d7272f4c8d47f4d7a9ed8786750934e9774e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
becead9352aa86bb916e15e976ee819e

SHA1
bb4a4e16d52607eae6b573d30635d185f9f32159

SHA256
05b859ba21baf1900372aafabc20c67bcedc917a30412e6429878b57a2a4163a

SHA512
af219a01458c5ba1af4b9d0e10e5eaa5288600cda504854405378aa1b58d62b4d82374ad37d4cecb7a367a8a160a9101bbecec6b117f56038ad32d34e2040bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
3f2981cf05c92a7cda26e98ed8f9ffc0

SHA1
cd745da5c5f4d0073cd99c5e9b58dc6bb6e08448

SHA256
6162530396ca1c7ecc4892eb3792f47dc7403f5a286facba25cdbb60a18aad35

SHA512
07cfacdebd91d2005821e4490e458fa85347d984e62090b36d25badafb6efad9de4769b5e51d87a09991c1039fd272e167a69623613a7e6f480fe00e636a8035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
f687e0da8a88d5bc48566ddcba31fa36

SHA1
90fb046a1645e1ce699dd77a7f4c063a283743dc

SHA256
b6ad6901f99baa5afb550a4cf4647c5ba5434023c119a6cd46f65a7b15ebf7b2

SHA512
b6715a10ebbc41da1173ca428c9afe768da6232dec8eb28c05724beec25cdade739eadbe4d92a39daf437276374c3add70f8167c6748ffc29dd8d2b20ff6f025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
111f8e8598e564ec07b4921033ce135f

SHA1
cdad2b378b5932c7d9542179d8fa597e761fd568

SHA256
65c3476ad93efbfd5ca857757afecf46490b4a9e783b0c87d6e66ea715e73e32

SHA512
9e4a1b1e6fe06840f28cd44e1c5b623c78510c1ddd14df49220d66d8cefa1bc6eb855dce775afc81f4d310f05d584aff4f75cecbec017193fac7fc91c9e7ea34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
8599f27a7342c5ad2a10a832b6b54fcd

SHA1
dd45e04385c39c3e1e79d8ebaa27da6d237fe01a

SHA256
c79398509d8b7262c0bf76d63cac8ddc37cd5551e1cb5e6cb69921eaa6cabbfa

SHA512
0233f776a0dffb02ea4ad6eaa86aa8d18d3cbc165fcb0ee48b8c112f3178a7a36a57e5a97abbd80595d571dc85c0ff0ed6999d2cc474e57eeecbe225351f5a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
cde9c348a8a361958e676dfdb0a14bae

SHA1
abb228ced861abdca33a9f451e58c144eba742ad

SHA256
777bb177dfff1663a05d8207d5384ca7d04821843f69616d67e55c7b8cdb7152

SHA512
5c14a7e5bc44e20fc0c11ad26e1678d5624a08cd679065eaf850426fc580d75eb7fbaac2adc909f409d67b3fb104591c03aa49641acbb81c14d182be18b3bff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
e24b34a97a82713d0b4f0ebd00c84c7d

SHA1
508f9a02989eccfd6ba565835ae62524ad2744e1

SHA256
416069b411d92ce5e4d6154b30ab5ca117f5843f61af950322eed1cebeffb575

SHA512
d1654e9c89e986c2dbe561878cf3e6711fc686181a6db5bec057ec65e8057e045147df809be8f22f6f7d86fe84c2206404b488aff8e153cbed1cd701576a8d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
7d87b797ae59317b418893fee8780192

SHA1
f7c680959d4de4f76bc6605de063662f88aea3dc

SHA256
40c7a48bdcdc350a26dacbdfcc41d4f2e2e4f86402148a97a65ca0594cc0f0c8

SHA512
ff5610140811a281b7f9d1c2f78ed7d781f249ba810753e9bf78adfb6a7ee7814732b3afeaf547eefd945d1c39a744a4c28114d4fd206016a3cf664fa62b6c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
36fb59a769423c055f3064b7f5b4227e

SHA1
fd7a3c32d897c91d405be4b509b1999a31718107

SHA256
2048bcf44950560243b6a0fb061fceac1a21e07c3c138c856b8f6af30497b4a8

SHA512
cd650e7402abb2b1b463cdcf9028cc7990c3a6e9fcdbad75ec6f896fce56139f97a7092b1b0d1cf9e8514bd6a18dce15c471e9016da4d3cbea188e5a8221bc7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d849d1f81cc54eb102f0a1b83bd5e454

SHA1
763af063fd249055ec77c88c97390ab483127c81

SHA256
e423a1bc7b4fa1f166487c31ffa5e1c54d57442aaefca4618c096aeac496f023

SHA512
794316f59dab6f1434d8e08cb9736768d1a51b74e5bf1694f9227684102bdf6bdd5269c0f0274663a02f27a16d59282518dfdfef940b06d38977d42b1f616a26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
5e42318a296d8bd6458e901a0516e54c

SHA1
412df2005e6bb586237c848e3109f3fef455a118

SHA256
8e55c45fbbee135b56dbd02f4f4788ed28b837acdbfd7ccb477cd7590be3da53

SHA512
00462d8f4365399a94308d6d685f7a03bc44f71194cd4e7d724e32b68049dbf69aa624b9dbe0b21477985c07d1767fe0cb01f735f35f959b3d001bb042ac597a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
8KB

MD5
bfda8541ade6ed78509761b92d2a6234

SHA1
245fc5d4dda7bbb39453888962749ce94f1ed6b9

SHA256
9764d0c13142287648813aaecc4d33b47dfeae79620c836e032e2ce8ac4711ba

SHA512
86faf55246d6aa7a5bef7d52421c2abea1e791383fd545a85e61e6c96403a6bbb1f856a0a405df5b966a95fcbe7090dd286138229f42a7db9ef6611cb4fe4714

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5fc1c91d65f324ba02a433813a3f6c92

SHA1
1a4f6ffff32bc71b4b25e7ad73f40f7cfb3f9382

SHA256
2d2a4572a3b373c58ceb8f8f2f4058fe45e736fba1cbf8f9eb9af46221aac36c

SHA512
0140eca799a24b908f41ca1978bbae2674889b476ae0420f24d4c781b3dbbe1c90c048fea699360146013feee97e247e5a5545491959b5af6f49c3a94922ac80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
df9fcab4e1c7093b7b2ffe3e8eb24c6f

SHA1
0c28eb54558780fe3a74cb9d99cf605367dfcdc3

SHA256
3072e8f1bf0ffd64f18b8a3cd9557c20b62c91e945ba881566a1d23f2bfb4c21

SHA512
dc3ba6255f167082df9537f364b929ed28ea2f72b2244bf020cfb5dfabf5248e4580dfc82f5daaaae895558f0ad6be324b4dc8bbf1173a62e9b9a2832c6e14c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\1ab65206-05cf-4215-99fb-468ccce48aac

Filesize
671B

MD5
dc7e2f149ffeffbd0fa896c35b402c5c

SHA1
6981f54d5d8ff09c01197821def9509bffa2b1e9

SHA256
0d6cc6781e421f74e8c34f18ee3729900f3f91db7bc874af196fb98fed920388

SHA512
f25d63b9c5d891258d05aaeb10070a84a2f487e5a0d75ad664ff023fb93bb073ac3975b3409dbafaa52406e442bc189beaddbcb22d28d91eaba18d6a21a2f934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\60644f2e-f40f-4f08-95e5-fae80096f0d5

Filesize
25KB

MD5
77231219c76a13873711dd552fb22af9

SHA1
f126a0cef4da325af21dbf45d87cdaf72325ec74

SHA256
f553b2c0eea1f9ec1f8b24ccec5dfb541dc1f8951c22f2b18d6a198168b53763

SHA512
fa64ce340d93c3bfde2119e773eeb219a58a2941560370ce100b736c2371331c3c72a10ebaf487c1d550f85064820032a688efc4d22fb792443103e08397c4ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\92e1f6a5-625d-469a-98b3-a6b0aa183ee7

Filesize
982B

MD5
9845ae356f992c4e68e70f8e925fb07c

SHA1
305458d64ab73b41252b8982aab6648af3422293

SHA256
36a9bf5b232af201e83472104cbb40056c3989bd27df668e64c0d512c7ab9a6c

SHA512
fdc33388d09ee091757ff25370e04ec0f6c4de494a203f45aa22e4a5e36d2d1524a477a5174c67cb9d67fd2f6d6824c9ae98a5d480f42035fcda2872d80c0f09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
f0638dd35f6bc6d74a2244f5d4c3a972

SHA1
3421fa6a741d3926013a648d579d3f6a20d827ff

SHA256
a9e7e1334717edef3d5bb6cb3ae41327bcee20b55cab27d6093ca6a2ce768d48

SHA512
a25859c6590293df470a7b882c220dd7085bfcde306ce1205d0ad0df56b892ccca2b82e93fa89a0a979f384af523cadee70c22e8c3c48604db79243e8f8ccab6

Download Submit
\??\pipe\crashpad_2560_YASGFWYHDZTYCDGM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1480-0-0x0000000000E30000-0x0000000000E9D000-memory.dmp

Filesize
436KB

Download
memory/1480-1-0x0000000003EF0000-0x00000000042F0000-memory.dmp

Filesize
4.0MB

Download
memory/1480-2-0x0000000003EF0000-0x00000000042F0000-memory.dmp

Filesize
4.0MB

Download
memory/1480-3-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/1480-6-0x0000000076B10000-0x0000000076D62000-memory.dmp

Filesize
2.3MB

Download
memory/1480-8-0x0000000000E30000-0x0000000000E9D000-memory.dmp

Filesize
436KB

Download
memory/3868-16-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/3868-7-0x0000000000760000-0x0000000000769000-memory.dmp

Filesize
36KB

Download
memory/3868-11-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/3868-10-0x0000000002580000-0x0000000002980000-memory.dmp

Filesize
4.0MB

Download
memory/3868-13-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/3868-15-0x0000000076B10000-0x0000000076D62000-memory.dmp

Filesize
2.3MB

Download
memory/4120-22-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-49-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-18-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-20-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-26-0x00007FF82D830000-0x00007FF82D840000-memory.dmp

Filesize
64KB

Download
memory/4120-23-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-21-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-34-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-29-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-35-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-19-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-53-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-24-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-17-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-31-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-27-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-25-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-50-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-52-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-51-0x00007FF8302B0000-0x00007FF8302C0000-memory.dmp

Filesize
64KB

Download
memory/4120-28-0x00007FF82D830000-0x00007FF82D840000-memory.dmp

Filesize
64KB

Download
memory/4120-30-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-32-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-33-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-36-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download
memory/4120-37-0x00007FF870220000-0x00007FF870429000-memory.dmp

Filesize
2.0MB

Download