20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 04:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe
Size

89KB
MD5

ef21d6e845c47912e81a5c96bd641b01
SHA1

2ed6b8164cdd1fc7c940646f36c9152949a3162d
SHA256

20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0
SHA512

583b095fd5c726e261b316cee01fb075b391c6dda3fb7600b342d8e1bc4013a975006369e72bf506b62d5ab9779a2684f3367532a49cd9fe8c262252066ff52d
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIffxL8XQO+:Hq6+ouCpk2mpcWJ0r+QNTBffyXK

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679093031501365"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{BFBC5AEA-87F6-4D49-9295-CEF22C50D698}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
2744	msedge.exe
2744	msedge.exe
3984	chrome.exe
3984	chrome.exe
6372	chrome.exe
6372	chrome.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
6372	chrome.exe
6372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2932	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 4540	3892	20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe	84
PID 3892 wrote to memory of 4540	3892	20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe	84
PID 4540 wrote to memory of 3984	4540	cmd.exe	87
PID 4540 wrote to memory of 3984	4540	cmd.exe	87
PID 4540 wrote to memory of 2744	4540	cmd.exe	88
PID 4540 wrote to memory of 2744	4540	cmd.exe	88
PID 4540 wrote to memory of 5076	4540	cmd.exe	89
PID 4540 wrote to memory of 5076	4540	cmd.exe	89
PID 2744 wrote to memory of 4904	2744	msedge.exe	90
PID 2744 wrote to memory of 4904	2744	msedge.exe	90
PID 3984 wrote to memory of 4200	3984	chrome.exe	91
PID 3984 wrote to memory of 4200	3984	chrome.exe	91
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 5076 wrote to memory of 2932	5076	firefox.exe	92
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93
PID 2932 wrote to memory of 3512	2932	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe
"C:\Users\Admin\AppData\Local\Temp\20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A98E.tmp\A98F.tmp\A990.bat C:\Users\Admin\AppData\Local\Temp\20440d26baf9c16b958d0c1cee5b141bf61efc5e22a531c3505c6838b6073fe0.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ffb88cecc40,0x7ffb88cecc4c,0x7ffb88cecc58
      4⤵
      PID:4200
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
      4⤵
      PID:5068
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      PID:2056
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2416 /prefetch:8
      4⤵
      PID:1560
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:5936
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:5948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3972 /prefetch:1
      4⤵
      PID:6108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4668,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
      4⤵
      PID:552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4708 /prefetch:8
      4⤵
      Modifies registry class
      PID:1100
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5128,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:8
      4⤵
      PID:6192
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      PID:6236
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5168,i,14142297730162418460,14377639286625732222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=848 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb88ba46f8,0x7ffb88ba4708,0x7ffb88ba4718
      4⤵
      PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18120503970413246613,5819470420568975219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd48769-959a-4d37-b9cf-48f97312a8ef} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" gpu
        5⤵
        
        PID:3512
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cbdca11-25af-41be-a81f-b74f3f2225e2} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" socket
        5⤵
        
        PID:1744
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2808 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b1f83f-3a53-4623-a879-4b989876ee5f} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:3972
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3640 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a35cacd-83b8-4514-a402-9fa3446cee27} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:4864
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4228 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4220 -prefMapHandle 4212 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d260005-7b3e-4777-ba63-f278f243e4e5} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" utility
        5⤵
        Checks processor information in registry
        
        PID:5440
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16bd1992-6648-4bdc-86cf-64719fb393f5} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:4760
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62529c25-58fc-473c-b00c-341c663a315a} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:5148
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85a853eb-d640-47df-bba0-157a57abea20} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:5164
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -childID 6 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {021157a1-ee3d-4a15-9f38-7e0b08f0dbcf} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
        5⤵
        
        PID:6296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c9283a76aea27f9fc8510014a9c35b07

SHA1
052467b19db065c3fb023d00d700a36577980003

SHA256
0c4a477dc45ba84415d15b717ae4596471b077b11e1b28b64ceeb0d21406e8e3

SHA512
7a9973ab92001676878ece9ffc1c5a7308e255fa806783c788af4978fbc1ec182e8e6b89ebc3c66fee00f91cbf9288cea369b7e80904559c64c7ab00ecd46150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
5fcf558a57354333add0426d075ae060

SHA1
fde7994b1a834918b216cf9cf1d783d31476049c

SHA256
1f7b8f507136bf6e55bfe0efe9f5df799a00e71dc1027b68320ff1265a4ca932

SHA512
7b7fdd9e5618670e041673c60cf57124fd6491f66027988b4ef3fa8266a58b85a8992994ce8b321bae3c275e2266d32d88ff0a66606098ea4f3e0c6bc65294bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
668cd68adbd9d735cf3fb66510f93184

SHA1
925b1638234e983b92fba0818558c6c8bd81a08f

SHA256
d1a5e39dccf157682a95da8e1daf983daef3808d5e44381116c2a5d8a6dfd4af

SHA512
0adac4b78618e74e43eb4afc4ecd1955f7d5668ad7ad4998d2666473484a66568c24becc8833da638b48f7830b43ee669b5548a3f73c8dcdcbe1a818518595b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
521f4da6b48f85016a48eb115a8d5461

SHA1
ef23ce2dd6cdb690747d253bbe8c864816f756ad

SHA256
128a10d6e3662f832c70df97d620cf6dcbbfca77885f31398a29b77afba29065

SHA512
809d69fd9e9a64fd2523352ab2b5148c01ce09cedd88e26116583c8d3fd17c5813b676954b3be7c377126f84e90bb284ec70b0e6de6c7d44a85b18566db7e066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fbbec0b11adf1a4c308869025abc13f8

SHA1
a228a4ae957e63d1428d09c9d87df9c0a00b3cb7

SHA256
2f6bab52463116ae124f23f1f891b776db24f45414cdde92749ae86bf40e8194

SHA512
9899ced7c408bbf493af9e22dc53473ff9369c2a9e16bfcd5f03d582893a7cff41ac9a35291fc12a3f6ff4d8da1c32d2c182eb41be9baade5c526c4564f2d927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c2f4e9c6ca77b248921a8ef81c2ac9a

SHA1
6791a3e613d9f5efc44410ed62bb49f2eeff7d25

SHA256
057de52cd67a1fd0fdfc1cd450970d4bcef49410e2ec5cf5b20d327a92278386

SHA512
665f579ac799f8e635caabc0a0ffaa1cdda2cea97d6b5f1dfe17de2ede7d7a23a16789246897ef88dc16fc193ac8e39a243b64c7391ef6703942f804727c9ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09585be5086440b1748a146c1b7819d4

SHA1
fc1843510f6bd6d6a78eb1443605714fe68af1eb

SHA256
5f68664cc019382293f0bdcc8052aacf8655485e0d52e128d43a72936e5627a6

SHA512
af0ad5b80f480ddf35c5da60118e5ae3830e14ca5b0fb1d736bd428ce64a342bc26ff075014e8d2878b6e26f8170be49f12c191c3e85a9961b1a79fe2fc73020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
674efa0659ee4b370a5dd36d9adb46ab

SHA1
c5b3aef58f7de0cb25579898e98ac5373ccb3b6e

SHA256
16e6f71aca22497c2f204a3c4e36137f624438cfabfbc4d7a52dec2ce7ae5485

SHA512
740702e9f3b7c5d714ffd766d1751f1a5baee001951fede419b0dbe67e632c64f06cfbd11eb82b34745dd44711d47c18559cd371a6af8afdbabd7359061459b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1992684f302cc5a67179f4cffbd8b42

SHA1
aafb9f9db692d901da7e2f34ced3ce65c5288f7b

SHA256
9fdf8a688cdd765418e3df044f35d742ff14e807fd9a60dc8fc26891af4d3fe8

SHA512
dd4dd79408d585bbb35f77fcbb6f57f5b0cdd458adf83a5f873f4d245e6b1cc0f5c48ea71d59257375a41adc9efc58fff7d4e2da667791eaa3c52dcd8c442eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9e5a8f166b0030d83806d2e2a87664e

SHA1
6515d0f0c7fd3c7b5242a2f1918c490206473402

SHA256
ab04f93693dd0021fca8890238d0ba5bd133af5aebc34c5f213d89e37cdd9e8b

SHA512
797cace445b863816063779506df46d7fbe5806c8f3f333900249ae110722ff38c090205c71071636e3df44d91b54148cc12b0d979ba327b4a5d83067cfe2f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
722dd58bc95a34c323626b3ae07efa26

SHA1
12a04be4a95fa9692feb67881588d27996b11b34

SHA256
df602492aab4dac3049d96e0e1c47fc11ef8470d9249dab87125b0efb4e66745

SHA512
b1a5642825f91085882cdf60ed688cf632cea9e8dc37381676587c1250f8c5ae775a07ee8f46f12a1627270fae411f269f6542ad80a5eb29cdc03c58ffd0bc04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0d28e10cca4eaa75f67d83f7ba73e0a

SHA1
a16eed118b4edb2740b33f61145150a6199a3f0f

SHA256
9dae7a8812d9455382c8df9e29ac9edb3908250f554b61d20d021af4439d2d4b

SHA512
836990b49e0b53ee71ff5a7a310cca35f5fc7fd77c7f31fa78172da8257a662fdf597d2aab1725f8237d80da1921870f51a155bd6f325c162badffc7487df2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba42b50cff1a76e32bf543e00cae573f

SHA1
7550e52ab31ca9226837fb3654a10e30db57bbe0

SHA256
7559c249c874632689607673ab8c9bc4b7b91eefb8d935c3e6785a84e063297c

SHA512
439058e10df49da5efef616b3cbc04fd16bc0884f9e85a7a8579b576ecdcc02d6d90e3e42da5f3875dc0e3e41845b64da86e62b2074cd79bafab460a81244d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
000d3fe319aec7aa33ed4271358be5f4

SHA1
c702f294f976109fb2b6391ad957066d4fa1823b

SHA256
8c8f76d715fb8d22101ec4f655ca7e07378f31946d0e6ff0181a5ddfa49ad87d

SHA512
2f48e563310af487680e93a1fac4dfa527e7ad905330195414476bfe7a31bfaefe2f9995eb8eee64a2793bf48243043522abcabea59177cb96400a53badc34d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6d99c8512ec3a3c9124d42d79bfaa54b

SHA1
8485d05a9a4a2bee9eea593a4c4d4fc933ecc250

SHA256
bb8e91b0633e2e30cdd1905d8aa08aa464377b3713a8f07656125e525469efcb

SHA512
c98eabfe0ec8629a6a449213579258047bf1c8821aaea4802f9472915191405099641f7e08759505c859a2921c86a56394dd1dd0717742a5f28aa31e261e2315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
121e5b53a9b94d3def0b30810620a46d

SHA1
fe6a698b38c9edbf5c6eae0b4f75df78d279d9c7

SHA256
ef4496f70b4449da9eba754601742f1bc9849d83bbd32068df9946ba773d0153

SHA512
4c9fcdb93cd5c308d83deebf40707b989245b392d5e99ca351585fd19d644720816ffd9fcacbee27fc7f9cbc38ea26ec7239d52037f8a84e08f94013e23d6810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
7ab16d0a3287966b946ff204b2f134e8

SHA1
cf210e980972cfaecaa8b2c20c3b1ce2242a64e9

SHA256
8d55dc3fa312832c1a693b045ffb605e3101a28d5cdced1859a41ee7b05caf2c

SHA512
9c786706cd22d202b185a3542934b4ee730f383b65fd0824f518310f0ebdbf04d2d87f786019994ba5dc702a4613b69bcc3ad09814e0e485f74c2750c761038c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
030569871cf1d14fa422d964a054321a

SHA1
12acf6fdc7baa3cd98a5dc48f97bcf8e9ded45ef

SHA256
aa1a8be5a9712ad0b05f3400fcd00c9dc94851aa675ca792af6ef28a8eee0f0f

SHA512
47d59d9e2009f8fc8e09a9b0b4e99038fb6078ec43724a28afa5f02019d44f5261f9afc8a73e93171adc8eb928c2b2c78b98a7b759047141fe94f70a479193db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b044f84d97f3e284f9740ce995498162

SHA1
5f5922a913d856263c563d093ef43e31ae77e783

SHA256
f1daf03d3aec1251d2ce71c16e45dd84644a73be106baf14b7c1ab156e310717

SHA512
3146baaa7090a21bcf293dc612fd6bf91f170ca383375d3d5695dc4a1cfcb82ffec0e5401735c73e8c3f95e39a7ec30c51b98f68e47f5dfdb53f096800ad5f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6064988448c729c98b1c5319aede4f15

SHA1
0bc90d061be7965ae4990f5c2b482fae372ca279

SHA256
ac8ed3ef5b77da110bb853c26041565c7e618c3887c175f016d08e807620784b

SHA512
823e216a42f0b5a77292a4bd2942dc101b0da66f158bfe0d06b7b42fe3a372641fcd246a972331703ddfb65d2eb947c828a97096b3349e87712ab950a195d0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92a2d3529110292e4f42abdb7a7cc22b

SHA1
aade7ea7ea5b309f9bd1aab2e0b35f634fa2ba27

SHA256
40673e21a14800d83052e76b60143fce92a5856a4f09ca9fa852ee1e1cb4a294

SHA512
98046e55c5d2ee8b4527a92a75229a7ebfeed6b1e844ff4a1d041fa814586b955f1f0fbe4d1321cba6e87945d52cdd500fbcc6912ad2af7d65bb3915c27a4fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2974fd1c20787cb9f14514e70bc85a66

SHA1
0260c25be984cece6f4c877bd1cbcc9c9855ef8a

SHA256
49eb2c05823c1be5a74ac89ea6994a5cb9fd409b05a1607bd50c4ede7b0e3015

SHA512
34087108c227f420d5b4b23d2ba1ce2b3ae81977c3f1f1763d825cf2d54279947b991f67a738619dbb1097ef5f6957fc56cb51851648faf428ecd27b163426b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c220b99ff4a0f7050cdcc4faa3811a7a

SHA1
e93b71fde35062ce2e119aa7078b5c2bf48544b3

SHA256
39013021e759882d941d87973048b57b63cc40770f398db25ef6181dcb0249c2

SHA512
b0e8fd41fce88560506665bd23a8dd69e422a60b8e052ddaacf491012d06bcc3e3299edb5ad704281772a91ebbc98583fc97d15aec2d61b1df6b2f29483b4dc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
45KB

MD5
fa644ceccdb338a1b20398cac6b30a99

SHA1
2a499e9fb318fea95c218de19da488c18eaf039d

SHA256
00fd08f2839d53c129c21cfe8f4ee4ba7daaf354fa75844f09ebdc4c66c9d495

SHA512
1b06664fd58869be0d85e95332e33b60b550d700a7b9e81568b7a7268fd34e32e38bf047aa7407ef02df9e28edb03da4baad3bfdba4246a001395b5e3fbdb315

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\7E4E2A71BA03788A0A5E4671BA934303159252F8

Filesize
36KB

MD5
ba4eb31202b1fff3956d0694fcf596fa

SHA1
b9e818aa76128c6f988bfe61a22c2d89095a36c5

SHA256
9dc967977aa8dd8abdc0b78d26073b4f5b21363c2fde8f5b9dc307b92bb803be

SHA512
b105ebbbba95c45d0a316fec97376963edd9ebc629db8a862993a60f7bd6af7960515fad937108498c0f88abcb956688c4b7242ee7551e85137d125212366234

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
9aa00acc2b9687a04d702908b9fa4f93

SHA1
1e4eb741045f64304fd3299ea9600051f00a4c75

SHA256
66a48b48955eb20b62ef049fd0eda5719121f9fd50aaba35184a283cd5a736fc

SHA512
50f9a7e6ec894a4ecefdc2c309c107ef154779c0b7d68405eae738e899f1a052e96ccf50549c212a9fba726162a806479d2ab9dd59886ead175e08377c49368d

Download Submit
C:\Users\Admin\AppData\Local\Temp\A98E.tmp\A98F.tmp\A990.bat

Filesize
2KB

MD5
4ac6a9d9e192f54598f8b67cf299ea5e

SHA1
c3c63fc731603f581ab71bab7651a4d5112b04e6

SHA256
f1179bc15a8c644c353af64d6c6c3f13fd2d48eed2fb0b709a167185d2ed806e

SHA512
3ff1226c147403aa5afdc515f260849196dec92166273206256ce8437a98dc1dd3b2cf913861e7537ccf36d6bc53537bd49b600e9adb1671f4bdb3d6e3da23a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
7KB

MD5
ca7e3c16b83f9bd7cd3d584985a19062

SHA1
dc6c6c5192d50a7e50819767ecc30c948f754afa

SHA256
ab4019a9cdfed6b6e637d95642033a4ff2613c5f4fa0d4020b6534893c573c2d

SHA512
bf4a401e65ce7a9eac3878fd1c760065680e4498564774d981a11977beb37bdf23f42bfd8410be90ecd39817df9faad8a67512d771e9277f4670bf35d39ae44f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f0db49195bb89b56bc2b6713925b13c2

SHA1
13d192b32e9d181cade7a39ce9cd51ae7828f30b

SHA256
53f754ab6e7054d6ca342af592ab2cd466e1f37ac54785cc2741948fd22c8a57

SHA512
196a469f4315d6a54a4bbd068a2ffcd1b02d78341821d51f6748bfd4f900226b81cb6ef7c38d6c9c26712c2d661cccb8db5afca37d80ad91a7709205e2882407

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d1bf548377d1925c561583b9d5c5f5b2

SHA1
0c69aa141847b510ed6d503593a268891be92094

SHA256
122ba30d9ef6d9a6218f5c01ed585dab6240e8b132c16d71f6349474e21e6a0f

SHA512
f7bd9f54e7634210df6676813d3c041c9d7fa3a649b89a2028d3c17f89e42db844f5581597604585e662ce33f13042cd3955a2ca0818a9cd5154453dd3bd6e46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
077b7f1062134b0706bc62bdb83dec0f

SHA1
43f2110a25fd922c68079b600860b8beece9b1d6

SHA256
1d5cb96c34c11e5d2ffe18a80ae898ae8f9a5748dbfb885193fbfd7139ba6e55

SHA512
0f553ec2b386ce0911af789bb420f7a2c54e92ebef243f20b4b2d1f0f394d97e3ad7cfe09cb72d051ef18c1e208748169885dea023692395ed9ec9cea4b37414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\03902fc8-215e-4f7d-b47a-6ca335bd84dd

Filesize
982B

MD5
256c8b0ee6e478601a9aac242876b0b3

SHA1
53fdff5952d1c1d3e0067bf1f071b64e3f728d91

SHA256
39475ec8a3fc3e60b4336168c0e6b6e763621c927cefeac4e6844db3904078ee

SHA512
b455a09ef1588a4f73f8281d46d6a016b01e065c5ecec205582936d84c7f2aa61fe7fc6fe6980bec4c76f8dc005eba45b63f1056187b2477b8fb0c509f445f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\36b75b29-eff3-41f4-85de-1e59e5c5096d

Filesize
26KB

MD5
33d9082d83a67fe7bc35da8e72ee1705

SHA1
cfe85f71bad05925c8764a9d53f3252ed3124dc3

SHA256
12b966f14f31183360783953d8385ca8701402478a259add83f9ed09703ed32a

SHA512
94fabf53dc3465dbb2ed469722f166c75d99b278e609b05b3e701b6d7361a693b034851cf9770dd16381c52dfa774b1cf702efc39b1bdbcbe761f6cf0ea7595a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\530c25dc-bbdf-468f-9413-e074adef51d2

Filesize
671B

MD5
05954e9e51fd87c84c25efe94e8ab476

SHA1
d2619f5e4963975044fbc8877a98b573a5b53452

SHA256
cb55194df83bd97ea5cabaa6b7eae981c58692d2d026a317a78b3917eac56da6

SHA512
0573222d9b6b2c737d4cb32a62db35b17f77ed79fe044aad9ff9f8c8e7755d03448051fdc35a8bf9d0bbc8dc37fb3fd42f8d19eaf8fd4b458522e5c1aab510cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
13KB

MD5
955a219d1d8b1f92e2a05677b50a4c7c

SHA1
3a6b4ba8b2548faa31a2a2165ec436c5f875e853

SHA256
de3ab048bbee796567b72355abaf1f08e68ba61aacfbcfdcb0c7cc038451d68f

SHA512
c5c38dae0ec6d5a4bd00ba22e07e564a7f895e8869ab422deeb68ca871889276b35a52708994965f439a2c1b2c215f4f85ecf8c668403e0615a0b609dc2afcea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
16KB

MD5
ac621d04e722507320949b40d055f7f9

SHA1
4713813e29587ba1ab86a4cae6a612df02bd57ad

SHA256
26b83ea08c6509e80848aff9ad08fab785665a17972db46e9df06b18a95c96de

SHA512
199409219ef6a39c56d75e96f6ee2378942a998d4d2b8b8864af7ca2608b3d9f61cd4d85ee59bd761568f60fe3208104c4f402d0374277194aec7d2b52ad61f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
700ca0e6abe4eabe5a772f20f66ac6a4

SHA1
9d4652407cf7ac38921faf119f7fd42feba028fd

SHA256
13d758738fe6a6d5496c52e4dbad4c1369e7473cfc1815ba8bd948ea79f6aee1

SHA512
b5255d7f1d8785d8167e919dc9c28a2a24b1c915ccc4f5eb469ef20251e16dfd2242e290592facaa108dda8bfeb0f0ef573f48536800d435eaed194bb21de6c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5405f64f91ad8014b64d7c1e90ee6ddd

SHA1
2725d345e91076602d2d2a03952eb1d4238bcaec

SHA256
0567d51313fe867f98ab5a2e791e6339281c5ad0ac98bb5e0416ada260d7769a

SHA512
1c3f965463ad77826e549bfad9c9d27a58a030ca42ae8a83c10c6b336793689e116dde1560aef2af97f487cbe03a576b8f6233c04989702eea92e08912ce98b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
1252464df841f1bf071225737199fbb9

SHA1
eccf9546abef48ac9adddb9850a85d0071512639

SHA256
e95fbeab8115d587506eee4704ae4353e706723ede87f89c64f825976775c820

SHA512
aa97c95fd96e7cada6d99a313a4b7d5c5dcbd3e8f7c0472d04eb8adf612cf8317655e8fbb25177fea3465cb80a5f3fe18dcddda2974f476267562257c0c60217

Download Submit