94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe
Size

89KB
MD5

331dcbbc8d2d6011d2696f546d480403
SHA1

4e4901e1183cc65020b57eb1781ca1cd0aae7e43
SHA256

94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2
SHA512

9c26f6b990e89985d00fc43cc1e563ce8c47868ebcf86b71cde6fa476682995525012c76afc036797a1b8a43877ead4144e11f56ecaf9e2f2d2cd4b2134600e9
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfxxL+RO+:Hq6+ouCpk2mpcWJ0r+QNTBfxC

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685079655075467"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{E447B92E-B5D9-400D-9711-04A8CAF13929}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
4980	msedge.exe
4980	msedge.exe
3372	chrome.exe
3372	chrome.exe
5276	chrome.exe
5276	chrome.exe
6548	msedge.exe
6548	msedge.exe
6548	msedge.exe
6548	msedge.exe
5276	chrome.exe
5276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeDebugPrivilege	2748	firefox.exe
Token: SeDebugPrivilege	2748	firefox.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2944	4720	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe	86
PID 4720 wrote to memory of 2944	4720	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe	86
PID 2944 wrote to memory of 3372	2944	cmd.exe	89
PID 2944 wrote to memory of 3372	2944	cmd.exe	89
PID 2944 wrote to memory of 4980	2944	cmd.exe	90
PID 2944 wrote to memory of 4980	2944	cmd.exe	90
PID 2944 wrote to memory of 3864	2944	cmd.exe	91
PID 2944 wrote to memory of 3864	2944	cmd.exe	91
PID 3372 wrote to memory of 4800	3372	chrome.exe	92
PID 3372 wrote to memory of 4800	3372	chrome.exe	92
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 3864 wrote to memory of 2748	3864	firefox.exe	93
PID 4980 wrote to memory of 2716	4980	msedge.exe	94
PID 4980 wrote to memory of 2716	4980	msedge.exe	94
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95
PID 2748 wrote to memory of 2212	2748	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe
"C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B5F2.tmp\B5F3.tmp\B5F4.bat C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff7775cc40,0x7fff7775cc4c,0x7fff7775cc58
      4⤵
      PID:4800
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
      4⤵
      PID:2004
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1600,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:1220
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:8
      4⤵
      PID:416
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      PID:5900
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:5912
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
      4⤵
      PID:5116
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4660,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
      4⤵
      PID:5468
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
      4⤵
      Modifies registry class
      PID:5476
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:8
      4⤵
      PID:6180
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:8
      4⤵
      PID:6228
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=840,i,13072787755130611365,2887665781102665616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:5276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff687f46f8,0x7fff687f4708,0x7fff687f4718
      4⤵
      PID:2716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      PID:1484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:1632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:4552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,172034483621988393,9749554199212820352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57128fed-ed8e-48e3-b413-577eadc7b7ad} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" gpu
        5⤵
        
        PID:2212
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20105849-ca9c-45d4-967c-9b8c699d7eb4} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" socket
        5⤵
        
        PID:2976
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3136 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 2952 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f88bbfc-3ca6-4026-9b3a-1de1beb15ab6} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:4340
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3188 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4aeab73-2b80-4b1f-b692-3411b53db8fd} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:1044
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4460 -prefMapHandle 4456 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51e47a00-47db-4313-829f-cfca848dfd37} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" utility
        5⤵
        Checks processor information in registry
        
        PID:5504
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5280 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a199db12-d960-44db-b394-419d5f50f7d0} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:5232
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0464ee28-17c3-4216-a79a-1e26abcf170a} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:5264
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8dbf6c0-913e-40f1-afbe-e6fce1b6b6f9} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:5280
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 4592 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec8b0cef-87c0-4768-886b-c090467cfe5c} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" tab
        5⤵
        
        PID:6564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
190fc024c1151d818b0fd04efd5d9388

SHA1
62bca71b6db64c5422f756a015c439205195138e

SHA256
4c2a3d2c19d32fdc5d84e4a2e782e124fbee74baf9b3ee255e76a973437a24ec

SHA512
84175e30b437f75b597866cd968d3d05d0b22e38da9d2fd6250c3145c757a124cbe0a22d55d6108f67d040cec406191e891abf4d27349e14a360c3430b5c72dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
cf9a7b2f1ec45e0583eb64adecbe4e51

SHA1
55c0b4db7a381efb325cc8e62c324429b79f75de

SHA256
e68e5b1e3a14cfd4c6314c8ab5d193dafd32d24034e376deb5c27658268e01f9

SHA512
18b9116ff7cc45a5ed4bf0db25cc2fd7eec99918e86cc7ad908acfd5162dc911f147088bd6053acb1d931ff0674f72402fc90d052d65f31823d635036e1f352e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b5877de422e32c4ed3fa91d1bf88c34

SHA1
3b8b55849546840bbd23154e4c0365426e69ac53

SHA256
77151b2b075b9c71fd12d9152ad1fa4e44b6c8ca5d82495cee95b03c4dc8f17e

SHA512
ce4129f2690267eb994e0fdbb52116079b183b32440075c420d97ddcee46fdbc385f23453086f2a6e375fdf9d7064380dbcfcbf0f51306118e3c802792adf4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
468a45e9edf417537570b337fa504ff3

SHA1
6a41877d680670839f89a3196ac1f327068bda79

SHA256
9bfa2803388c07bc4c3dabf50fa567d56aabb1ad521b3c612c8b3d2244f1215f

SHA512
97c21f6d094394bb85ddc34337cc71cd372fcb6582db9bc8325d39bc039d35831504c36a9894ba3a8554f22ccf1e469bc9185bc05bf58cfb4d927a53f9513c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3d1af5096988ffb076708b30c2aeeb5e

SHA1
d070be60123e683b18d902aeccb347230f7faff9

SHA256
d1e5b024efa9fae483a74d0b6735cb0bd5c600ca6de33fa1c6486e2437304ad6

SHA512
cb755d94680b9fd220f6dd02e0a8e0eb907e74c87e7582cf2037e2b7c071ca6af500278d49e1e4c644e2d3eee498dc587502d84b9e3bbd1075185889cc1ec9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
500a84dd257c7ee74fda6ce921330b7b

SHA1
3186fe34be47b9dd2e2c41b21b6a63f5bb1c0afe

SHA256
5653ad51d4f53499ccea0e00f694a3a388a5f124da5df909053025d289846c40

SHA512
04068efc848df767cdfab43a602aeaf74617465750d54ed62e1d589a4e7fed1c9d4426e4cae11f7081574b88edc08d8aabb57a281d717d2abb984728dc5fc4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e69030d62657060b33695fc6a42a2729

SHA1
3287c1a5bc98bbfadcfa2e12faede9135ceb173a

SHA256
b3f3b56ff0f59e226e2a1d079f97111839727555cc0d73a1e23d29267f905230

SHA512
baab856f0783fada39404c073365deee96ced2387e0f1fa53c6a4952b64bfc09712610ee8f5fa9d0525f8ac9a2e431adf715735cdeece273a49967518f4a25e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fc8b5e484f738987f567cc2c6a04e0a

SHA1
57fdad80749f40d1bbc6c2f10652fb43cb84df0c

SHA256
5bc4e6fce972b86aee41843953bd887731363effa5b5cf51dcfdee9ad8eba45c

SHA512
b80f43561c2c06001647d1ebbd89eaa5e64e76c0f1deb4c1fdfd7d3a285597d0eb2497a4cbbde7f01a86ebe3032d14f661daa95797e82c77df7dfcd1ed811e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d3c0843773c6068dc8ac6d7801ef74c

SHA1
af128db0cd53a84e08ee9f2d55d20c67ca1c16b6

SHA256
77154af7bbc0b2541a0b731da857870124b59aabba5bd10eef5a5016ea0effc3

SHA512
df88889bc6a551450f1ae5f3011f2ac8e17425093959b59352a6fbed7501cb22538b6497ddac9399391cc3b56d352d6c72638d7d40028b935b5568d190f50f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c34630063e5b48437fa9dd9a0cb37379

SHA1
21a7a2364c6ade70cd3b7fb51e8b5a315784df97

SHA256
47ebc31e7f55783694aeb5cbdbdd768ed3c413afab91315670cfbf7ca94d0bec

SHA512
212299e637590dce64fc6f3cee243cdbfc3b490e022de9017349fa28a6839af1d15bfcbae15cd4011e8f3d8430aae00351f76a72ea09144c00d7c6020548a019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3390a77ad5bbcba45e1ed6e214cff372

SHA1
4bc242d530f74b8f8a94ea75395c9776a289e8e4

SHA256
990853e57d6dde948382a9ff26034fdcebf077e46833f29625c56c3c42423045

SHA512
92ecc63b841f1834d082d0beff1ff1f06b98b951d361136f4a4f357068e18b796ebfcf5fefac65440aeaba636529a2c7b07a48f2dfd10c86067e40d7a715ebea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdd3b4b7292c7a2e93e35f54c98bf257

SHA1
3d95d5bcd71674958eedffdbf6dff502a7c7182d

SHA256
5fbbf9dfcd6974b33d5d290e05fbd85cd295ce370774233b280cd0e833d12747

SHA512
cff70664f2ce826f6b9a413ecda49b8aa52b15a54b5c97211570c021df732e45356ede1904459af09bbcfd7b7e46be2f990d5bbc203d98b5cdedf97b92903ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8477b4ebe9b69a171a94f11cd944bf8e

SHA1
060c0dc515c954d5182a14531e60a44ec64af941

SHA256
183e0a97d6ecec6f958e70609b986c310eb42f26d6ae785cb5413fa36f9d3203

SHA512
3083a8601b357d99ee4b3291740d6deaeba64819777105f6db6f5afcb0e049cd9b3e54c781a23906f8c5e646d6ff3b096410d37740b8b203a389677205689c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9ce889f29a1486c877da51fed3769d3

SHA1
c6cc670ef57808cd5cd36877563e72564d5828d7

SHA256
84182097be6f0c1ccf7b64fdb1e8f04369316b23ac3e326385c281386ede0d67

SHA512
1ede3bb1293551233a6a7c7c1f13022cfaf62f6252c76dceb5505dca23b075eaa3e4c93bbbdf98a6d3da18c7bb18dbcc6ac37033a219cccd66d9214c7ad78988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4be4997be0fef9fe1cc72c7685b5e4a

SHA1
0c440f175582c4179a05df05201d21b54e17afcf

SHA256
61e394ddb9d69ad0e2e02573cdf477214323ee07748f8185e11aca1c549f7e77

SHA512
0dfcc41c7179652d1ae81b7350286a63b7c2c772f87135a4cd07ddaf8a1c1eecb0214ea161ed6e55cf17c10dc48b4316b72f684dcc5b79bd71cdebcadb7e724c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bdb17fec64bd97ce215283a841c6426

SHA1
776f65188b9195972fa3661276b19514fd31d913

SHA256
e7a3e7d3d775fb3574838b15c5403391cb041695b1c1ee9e34468607237f04ad

SHA512
ba02d3e406cb35fbfdcd4670c89ba7af2856069bd09c34bbba6bdab449fdcd5e908e7cffd08e5438d1278fb200a8283fed1706eacf5e32995943883ebe5d1d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
354b045c308fd4ec289c21666d98b055

SHA1
95ee13ab652584f322568f5d401b2910300432b0

SHA256
44f0fec70c9c4a50f48324d16209ffcb786c42849508b3406138e403af135a44

SHA512
69e0e2ae6917aec787e12a836ffade7c5c6eb6926a0a8a691e7025de67a916bc9f1daaa1670301bf5b67e63745a971bfe7d677e4693170d267c44f082bd79bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
73b8210d938afca68e3bf2defeba7548

SHA1
6548684676a413d70b806e50fadb48e4358be3ba

SHA256
373eec130ceb39d70b215d1ee5b4265c851a72ba4cc89e2dfb892b6f1c6c3bac

SHA512
47b804e308a549f01878b355d86a217dd8076d30036debd39ff65f56c5be141e0e83d0c40b5c3af2e3b120b20ae7727fe011d6b779db2c0d72eb4fc09f2d398d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
852582f685e599c6596f8c12b3530e91

SHA1
fb2c182b3194fa6614f8a4efc2371cb536a32ef7

SHA256
f27a24f3ce09cb35c0d4de515df7d2ada245ee77336acb97d63033e149d9a34d

SHA512
b74184c659c40f3e71b8e05ee75abd4b4cc725387ba8a31cb09fa346eea1e108382667036441a8847a554b27c336f28d2e58842956707768051b3f95ce558772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
45fd7d7e55beb9b7752f132788721e31

SHA1
5cbeaf7394b60f4b7bb0cb00610961268b784c3c

SHA256
57f655085f12f50c419cd40b2d2a3b517058a253fa60fdff17e583095ea5c2a9

SHA512
f656d54e14faa9b3f92ca31e95f71411ed1736b5fcfffc9aebc36e9d83c0bdb4650c23548a44746f19bf8dde32645cccb536a948dff8b594d6158f03af5a63d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d87fabd8ba8825005f63da5b4d9d1ae9

SHA1
7862d83a3ecd274e3d6ca0e299c701f516780838

SHA256
76bb4eae1d2d2d1d1ca2842d27125744adeb168ba2591430ad8a452aeb35b4f4

SHA512
955517ae74700c788a67c0a65362321f068d68c07daa51ecc08faf7faccf9912ee439eed7a9ca1343741c52c8a972f70e27be317de94773236d6d200f697b790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aee8fc867843f1da21b506a901294956

SHA1
ca7a4441a24ca612102770414f95c36263c02533

SHA256
7f0c6a89c68324fdeb4b575cad8bc19aa8675544f799dd2ce3f800828c4b6f95

SHA512
62ef14e0d06ac25c521e3fc1985225768854bb6228a9ebe492d65b29603fbc777babb20f6c29ae587a1db3062c183bede09eb374cce6e5389c04db375da729e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75874e2140839fd78211395f96d2f7f3

SHA1
9d811089d047007f94e2df49a20c130c7479a5f1

SHA256
f822b3131833eb1091854291d752931ec1123aaee0e4c41851ac18aa0c78a2ac

SHA512
ca34b629315099754e791a3f0fca2a0bf6b0a53818bdf2dd1a184015ab8a9559abd92356eee74ef83c14dc0be934f37d1fcc38109c4e2cb34984ae214850817c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6ecbd45832907d6c647880a23d909b5

SHA1
9a352e1a910cc107ad813283c3e751657920ff55

SHA256
39a05abf178532e765450d5b49b295daea249306c712b57b3e4dfa7a4c3bdeb6

SHA512
3cd5aeba0ad6dd70944945dce42136a84e7bf609cafb7e871145637d64712e07f62d2cb62a49b6839870d60a4c9739a758aea4f070d3ea22dfece5e9ec4e7b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
355687370a9d3e15c34e3e6cc44e5b23

SHA1
71eedbefe61e0438896e75ba974601dc28b95609

SHA256
5e5e778dd78749c429d3b76b32c30a6b286a8e618ed7c78a018407b374de6d96

SHA512
c2749a0b2ec581b75ae21ce305e633507137f67c1d9df264c5a2044e5501262a40c08a7b6b82cc80b4470728c12a3cd7a59b631e31476f854c490e3ac3aaaee3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json.tmp

Filesize
35KB

MD5
1c7a82b26fe7cc89e1d8b4975cb7f815

SHA1
18003a851073ab10be1bdb41deb60f08ff406e0e

SHA256
b5534487b36534cbb4eafee06f59f7b4f17f9d588eb9c5d061506be83653a0bf

SHA512
2f78a15363979b2e43f18903cb6ac140d16f215cfbb3f6b1ec225224e6da3db10fcd09c88952e46dea5209b0fa4cafb30c36b506387d7d80d1b6153db5a4f0ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
a71c8bb28a87ba12640955b48e905de7

SHA1
877daa9f147cbfebaa64518eeafa6f5cd31432a3

SHA256
01721057dd4315ed857280661f5091b3b3bd1209214be99c1ab7b1889ba2efe3

SHA512
57d36474fe2aca273ff0e78e69d7d39a7c7ee2a1d2a4470d60eefd167fc603590c20959c48c1fd60b6e67e44a744adfdb1e2a31367e59080cd2d2623bd24bd5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\B5F2.tmp\B5F3.tmp\B5F4.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
7KB

MD5
6da5ea4ee59bc7b5f0fd7785988be2fa

SHA1
90c15c530d7b6301ce8f444385490c1da441cedd

SHA256
86e17d4fc8b116aaf3128b4228ec24ed736e47a21bbc4772f24934144ec260f3

SHA512
0852d49be8d6169aa90f091a86475eb6fdca02afca509e99f12b7c370931a03f9dcb16dcd6031073555845f6f2aba07bec601c4d94a368b47e12ea096d2d52ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
a0fef98aa06a9f80bd1c71ee72080131

SHA1
690108314ea4a2bd1bb8666080a2b63ce2cd2ee9

SHA256
e91457f8edd6c39575cd2ba4f0cdb49a2b8216cd9d1cfcf9385b006ed1110f6e

SHA512
c06128e6d8f1dc83bb4f2fc65af1e682f65ee7e0e38c8803166b872de13ceb74fe9caf050637f1e250337ad1ce5130219c522d149ee9bb876f886259906de58e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
d820103fbd15d07a974867809da99f37

SHA1
9918de43bdf022caaa7ea92520ba2b1b68f30005

SHA256
ce3509fb18bafebdb78abc0b4767f2ce1738c4d25a107410d1697faca95984e4

SHA512
a0861465d0ee8fd912e92d31c5eaad55678327321495e8b951fd2ead050528c400723c4abdeb58fdebc25f94d6ae18512c9f01d83ea4605efde5e919ff477016

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
b7c126c4429b23107139b1308f8dd25a

SHA1
de73f3e17cbd8b3ee715065ce53b7086f36d3ea2

SHA256
59ffd37621f4c3206a74ca2b8ac4faf4897acee4415457ea351154da3c8a98e2

SHA512
65e3cd9bd546bcb453d0f9e198b9addde29c4d36c76229a63a746e5d70641949616ddad4652a4730445f568a8edea573d880899d545072bdd7304b8dd315e4a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
78661ffd82d183ad250920756033136f

SHA1
c7db86b53bad3a6e6460f50b463e4653691d87e1

SHA256
2d099e30813973b4f75d9de1fe8979d1219bce3de7b1d15d9c54479ac3eb9d09

SHA512
7d408739bf791dc05cb36c3cc83b02addd8f0619ab6871ce1ef44c671ee4a9d53195b8b40f9a54b64e8be2c9644651a43a45c484416d8a7ba1dca4f870007a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\8cbf6a6d-6840-4b41-a84d-cd66e3887bb4

Filesize
982B

MD5
37a839e42b7912b7a77687a0b01bedaf

SHA1
50485c2344f4e9ee1f032ed060f73244e4f7ad4a

SHA256
a9b5574582da9a0079883c7ffd74aba91b953af6de2b4b678bfcaf1df9e5059b

SHA512
b0414856d82396ce6de6f61844e60812d2cd22a9bd75a6035ac94d53f930c2eabdc808c990c3800e56cad14db9d583639c9fc9b38e4a0acf457c9e7cd11b39e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\f206da8b-5a2d-4e2e-b351-e455ead2eb84

Filesize
659B

MD5
69b3e81ccceec7c3e838f19e024f8adc

SHA1
4848786a3d4dcf300a46ab0298521aacb0ab8219

SHA256
ad1516ae58a75e5e9a90c255d5c931fc9c735772d2d2fc73943e3d26ca75c70a

SHA512
0f4eef46667093cb8d7c869ab2e6923368b155985637982b07b927a26522f99a4d6b89a5dc8a9df568a57bf4f158192e62283326917bd0401cb75201f855e8e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
11KB

MD5
7f970607b6df6b481ac8b64d7a421d24

SHA1
fc8a2880b7c4f367c7a681430c07732d941cd447

SHA256
084fe9ef19295f7aebab8175fa28a847ba3903e8622d54c0a98db6e3004f59b7

SHA512
00b575ce61868fe00364800383cd43397d6a1691aa7b584e9a9be87ee0ea54973844f7323c7372f38dcd38a599ed057c15af33d7386919de80778eabea2873c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
12KB

MD5
3cc28386e65dcbcbadb7cb126728e248

SHA1
90c08fddf64546d689fba7808602be67a30a07d1

SHA256
bb005429047de7d07642a0f0e00c8bba419d7bc025eb409eadb756dc9db28f28

SHA512
ab52e89e7746b6182db4639b5dfd67e76d79b166563f3bba2cdf6bdb06b25fb2110252f32cba9476e21a103fb224b86c6b47c351de93d0cfcb863105a82a2c16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
16KB

MD5
a3a8cc65044e3aac645cc060ba812beb

SHA1
09b9f5d07a1277946944194f85e241b6fe69fd8c

SHA256
a30780170d75d366d9ea2f83a11693e1cd1ad315dfa76961b8b4dd30a2bbdde9

SHA512
1ec6e0ffb76ca7c66f8b6c317d289ebcf5e450835d71a6958787240fb9bc23c3164fad17ff93922633127a9c4c715e368689fbb525602c1219e28512f27e7cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
818e8424004f1fb99d16940595c0fb9a

SHA1
e23fbd06265aabfddf592365dfbb2ef525a5ea5e

SHA256
942d1afdc2cf64eb8bcd9c967a383bedf476051bb39d0432d2401d5693cbe5d3

SHA512
61e0ec0f705dbe08f923075bfad7ccec95c3735671c62572aa9080471b201d28285dca358c577b2619ec7bc74b3ccbc9be7c207658f1a4b47ff2e3a6f035071b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
336640b481330285eae5b474d423cedc

SHA1
df39c52a527d902a04757e0cd5417fa8bd839884

SHA256
fefeec1fb6f4cddc2e25e8fe1374f7936c0f15f1c2fd6112be8f65c35be78f73

SHA512
8580b9ff5d6d9576e3dcf8aaf7c91fed11dec40b58a11a12abfce54055b56bcb2fa8df65e5537fd1e20c440c22896948f52a7ec5a28b254515b295fb0572de96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
f2ab5365db21ce10986d06678087813d

SHA1
5681f0554093bc648f4e7069b2ebe19e38bece27

SHA256
8d00b6ac6c04443e567701cb1b2386bdbc760ec89761a63440bddef5cdcc47cd

SHA512
58d9be3c480858d61cbc13df03055e3c44a9a92be8fe6f217eb915342ac86db2849a64a2d865828206e9adb7be6e2ab6030830f29542fe6a566cb84f8d85d89f

Download Submit