hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Resubmissions

21/08/2024, 11:58

240821-n5n9ksxcme 7

21/08/2024, 11:43

240821-nvm9jawfme 6

21/08/2024, 11:37

240821-nrkdgazdql 6

21/08/2024, 11:29

240821-nlmxeazbnr 8

Analysis

max time kernel
599s
max time network
582s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2980	winrar-x64-701.exe
7104	winrar-x64-701.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687151644481654"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 798381.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
444	msedge.exe
444	msedge.exe
1584	msedge.exe
1584	msedge.exe
6012	identity_helper.exe
6012	identity_helper.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
6540	msedge.exe
6540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1192	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1192	chrome.exe
1192	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
6036	firefox.exe
7104	winrar-x64-701.exe
7104	winrar-x64-701.exe
2980	winrar-x64-701.exe
2980	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 3064	1192	chrome.exe	84
PID 1192 wrote to memory of 3064	1192	chrome.exe	84
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 3388	1192	chrome.exe	85
PID 1192 wrote to memory of 4028	1192	chrome.exe	86
PID 1192 wrote to memory of 4028	1192	chrome.exe	86
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87
PID 1192 wrote to memory of 1640	1192	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd99e7cc40,0x7ffd99e7cc4c,0x7ffd99e7cc58
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4324,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5052,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5508,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5652,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4488,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5384,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=948,i,7865900258561711236,6184022150121118483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:4912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd870046f8,0x7ffd87004708,0x7ffd87004718
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,5298836670043522520,5148401376488537082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6540
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2980
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6096
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0516501e-139d-4a9f-bff9-a8cc83957228} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" gpu
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b033d2ff-b93d-4bd8-93fd-10099a7ac246} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" socket
    3⤵
    - Checks processor information in registry
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 1328 -prefMapHandle 3268 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3341e7a-a5cb-46e5-8e7f-3b000f00531d} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
    3⤵
    PID:1188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3248 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {426d0943-2ee1-491c-a8bc-88664c97a22b} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
    3⤵
    PID:5764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4672 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33a7986f-8543-41d1-90ff-aef67206ea2d} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" utility
    3⤵
    - Checks processor information in registry
    PID:6776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5192 -prefMapHandle 5188 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b39797-a13f-4d57-a31c-4cb62cfee18f} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
    3⤵
    PID:7160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae7c99c1-0659-4a46-8d9d-a51cef65f2d6} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
    3⤵
    PID:6332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9427ee57-4d11-468f-b0e2-e7c889aac9f9} 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
    3⤵
    PID:6756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2cfd35b38a9bc13b73f97a653c5ed946

SHA1
8c9143af060959cd1c562505cb045406507e1ff8

SHA256
3abf74c51d901331a3cc27b1f2712e617826087154fda859e9d9ce2d67792693

SHA512
1c575af5906cf1b8773cb485a5857bd21ee27349a5f6c92b38224a2b71f5009681a8191046ccf01015bdf665ab8bb8c5fe3dd1564cc5aca5c61415ee7419b7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
03ac3c9ee7fedae85d44ca9d1a6ac2c8

SHA1
d13e09e98a505c904fd9d397fcd7229694f6fa0e

SHA256
3ebed9fff39d67bd46eee0d458adcaa24c923d3e49871ce8a7ba0cd49420e053

SHA512
60ac35939af9ec6c9c8420cbf38c59599d3f7fa5641cb88621f1807dedfffada7733dc616b21f63c46f169fec6444ea7d559b7a3a8b26831b886bc6eee12f826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ec097dd3e34c5cf55963bc9cb9038f8f

SHA1
0aec94586a7de88e0dec2ff81a4ba6dd7299704f

SHA256
ae8295beb772f9b278c968306db843e40dbf990e8ab4df7aebccc01090fd0c58

SHA512
201a921fd1b4650ac6ad358852ab0b6abc7bc8c6d8432498188a637bc95c78b7375f1674d2f5fdf1e9cbd7359abc8fed2996cc4ba75a25f46e413e1d080b8da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f185ac02e1e67e288ce3491f8f826d9a

SHA1
a490c3e675ae276ab02eb3f40ba9da42f3f28ffe

SHA256
b943c1c8952d2cc65346fe385f2e7835bb7724b4ae1467ab711cf8f8ddbb6369

SHA512
933519018cc3d44f8a46d6fafb7675c453308a87ad92ad45348147eadb717b8075a63f4ac01ad38bc21bc8a749f43f54294c57d7e2cf7d3293df976bd181bc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ddd65968b11723dcbb30754ca2204254

SHA1
7fb6dc22532cacb65568404fc45d5b8cbd2e8c40

SHA256
52b2517f159497471534928021b21108944fadd36ac1454730c35d8b1443d96c

SHA512
e891d9e6dc345ee20b1b011c10702dc0d86e7f13b7ae40c4d537daaeaaa4fb2554f1ace038bcffef1cd5a6cf6e0977df1e6227ecf308e8813c7cd10c4935a846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5feb027378b1dcbd90e0899332e261b4

SHA1
89c1fe257a21740770e6705e6b6ec1d7dcfb0cc1

SHA256
9aacf4f06122ad18e9cbb943e5603460597b78368112438bc5bf67960e1470a9

SHA512
24d134e6f3b27dd4054af59d267e8c769386d65a97a55dcb4847e3019e7648329ba4d685e60c76a7b81a2a5759640ac0bbd37212cc916e6e1178bb97cb390002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1014B

MD5
4c304022b8d060a42e2126bef83abc64

SHA1
b6c9aa639740e8606ab3274eecc5e681a45d3a32

SHA256
2c5628f92446e6fd56b209b8ecb552619f764faa5413da792c06197717fedc4b

SHA512
7848fe74e61e460c58f5710be674f81347f522dbe08e554d0ce95ea6487b55e2b231229dd31b65d411354a163c245f34cc38943455b18eb7a7872fb7f7a350e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1014B

MD5
b0931852fa140b4788a8c35e89eda8c5

SHA1
bbfe58979e85908cde248f3a7bf35d357ecb729d

SHA256
9257accf39b5200da9308b0f411878b20771496e8c551eb5752452225361453c

SHA512
75aba1ac8e18209c9bae650ae7f1ee324ea7bde814b2f164317209de780438fd2cbe746db12531e0583189be87eca42278c89cd328b93d3d3f4b8771b3ca7847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a9eb30be3f932bca1b56469d3452bab

SHA1
9c8c91d9a1025a8ac1977a93af4a177200334272

SHA256
bb161f18f8f545eae66f6a8384e3203f5629e3f5a7207995cc55c621276d8bc1

SHA512
4f5e24f2770fa2b1109afa4e0093a321474e3b02520b910325c524c2579b1696fc7c08c02f67ce38f01f6985a6785d0d655dbc416df99b895b11acbb731a2853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a12552b103eca340a0d28915649ef3f

SHA1
e13f12665cd9d00060c8aefef67601bd016996cf

SHA256
a1e82044804bd4661305a3a7b017a04adc4d7df695db294a6d021209cb4cfa11

SHA512
b7081beec2410323f51ef204e9445f3ef93049aa6f6033c0fa2ab0e9f39ff7cffb6927f0b9fb129fea3986db294deccc7337c6d4b5dee49246142b65595e7d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5d2c036b0622448408634f92391e3b9

SHA1
9d045a1d7ea0998fe0c9fc99aca488caef902344

SHA256
078c4b57b86c3f32205da8c5ce4d15167935d17c3d0bf0f9967ab83d9f9b8078

SHA512
8512666f6c56075d5d3be614672e8e88eec5638173937235f8d011412a8edad6fa10b7def26c0a2c3c188230229806fef9da5679ec14dc3383f9a60f46205011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e31ec588988e53730cb9f92113f5a2c

SHA1
cb284d5dc7b2a14de674ef2815c78188a3eff71a

SHA256
8baf588cb5ba74a3e83f934da5c92648eb8555da28d644a1bedf3df23181e469

SHA512
69af2345ae4069b6286721d6683352defc2cba450a244312edcc0b96ac75df55ee6e5e3b802f6105fe94fc1e09c5a47ce3c39fa3cb2642151179c2d99e8a5446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30962e81d74b0ab333773367b902d769

SHA1
098775ebb25d93f6e52dae70b5dba7d3d34d3ffd

SHA256
54c77c6bbe8cebfec7e5b9a108ba7eb5f1a4b59cc1d54824c9ae24d8ab3c8cd3

SHA512
fa4488d979db3d2a8706ed47e9340491ba3c232ce975375faacbf2c0be5aa7aa700955bfaa50967acc7da555b885af2bd9c906e2836a674939ccd89043672212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8381a1623ab582f10b403ad1dca6f3cd

SHA1
3422c739bf5ab10dc02ef1c3fc2a45657b809d5d

SHA256
9d586a41f2913bf5837ee87ded4ebc68e6cad6ebf195b9d365cc9198d25f8946

SHA512
bda18a6845b11dcbbe6181fc2f3ab027bbfce0adcf1f505bf85810b17d4cf7c7de520f8e6fcd3bd5cada26433165d47b73e57db5c0ff784f8d2be6d4fc46a4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c29f651f91eec7845177e5a157bb05b

SHA1
25c1a3686dcbd1300103aa34359094a6be7e7b91

SHA256
c3f3be6e385ae12702bf441b3f414a5440cabab2a2f91434ae8a5150af638e63

SHA512
a71f8ef64dcbad9588f9cca306f77e5356a6d5697e699deddc0ca1b5af14080671febf67e24552086f09ee5d9ae4b925191874ac82a7dfbdf8784d59fdebb26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62da07f244c12436632d6e1d311b4d01

SHA1
f2ebd776435cf47cbedd34dadc3a018d2d183200

SHA256
d3387d0237387801a62c7ca7dec0c69e3266e1eca36a684004d5a4a64884d553

SHA512
d9ae0d2e1605d7f4340c1e81294bf3674a93712bb4315e6c64b27d7499cff373ce921927dc99ae81f3dbfafc2b8594ab06479f530a59e79518d1a253f530bf71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e773b1d63b57cd17589164428c21daea

SHA1
7b92470da29e2f248dcf1e861a3a587d09c887af

SHA256
25580a37e6e194a05a62b1e44bef735bff580a211e19e16340b1b80ca542ef76

SHA512
ea3279fbb82a7c5a0352ea31a3b10a002f19eab4a5dafee87b721beae67dd9838f2b5f77115f29ccd2175a37a7abc8065a96a0394ce2bc0da69fe05df9d8f1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b3583dfb64b26c470f3666bc74d9023

SHA1
0b7882bb0bf5c874fedfcf8ba6ff7022d7c0e4b8

SHA256
5274c2a6b7dc2d864b85a3555b8025b923656cd248448b15c4186aa06d0f944b

SHA512
c35c37adb59a3528ff9eba1f32e5916a833c71ae2a6f11c259a5a30d242ff41213cc056fe140797a0b4c769a47bc384800088c78c9c40499eb7c3de225232623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2bd517dcda98559cdd3fae3b737633f

SHA1
59e832bb988c36e807353ddc7c9f2d4673255748

SHA256
1c7ca628c62e4f74b00fc809facae7ae5a1e91aef7c26a0ea184057c70b5247c

SHA512
24eb8908f86c6c594153be04c32383f24742e19634efad6728691a0d3cd6c7ba0fb273df104b09c422dd013bde973df2b19cc685049d18b3702c6679aa26beae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a09442ea79e80445194ba1c1e424c57d

SHA1
b7886fba8c138363dab7fd41f0cf76286f831e05

SHA256
0fee130553dbac4762d3b3b0d8b20e45b30fd35bf603967835a70aa9202ba3d6

SHA512
63dd19df3fef59389d407c434114d36b4bd7fb1c76ec6180ec9527f80a01a642e31c6b2a7b6f5c8ef905ae5f5fb6105041b9db1e6ccbcf3e68b094e153e8200c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27c2544e709e063176b4a80c17597268

SHA1
05bde2a25a700e92cffd522e015234a633fa2653

SHA256
dbc76695a18fc0aecfa1aaec1f107c0a8d49bfa4de0c706423bfb5da385bdcaa

SHA512
dd4ff84a11e64a509f1efbc5736213c8a27b6e9902507b8d6102237b985fd25f04d842cc909fff5555a8f42cb64c34faffcc1b450f948bb2fd617770fd7fbd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60293a88031783d15cb399cb5afafbc3

SHA1
7ee10865cf346636569469723fb45f24f5a3d9fa

SHA256
87c91a0debe32de7752d63f622311e071196b13306863eac5d9ca9e5893fd514

SHA512
deddee4149046e7f899e37eda4f258287cd372a8ffa113832d38a34382932e89e9031a4ac5a8d645d64394b5d649df03574b09deff97547bf935041cfbbe3895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
303aa2ddf8a07459d532481a8619af2c

SHA1
487774d7b61bfaea2070866850a31dc4df239ed5

SHA256
f909634467a41437d04f11c0d5553455e0e8ebf9486ca9c82ef35acbbbcb4474

SHA512
f13bfe27c90ed38d715207b53afc61dd934afe3b365bc24c571f5ad8e694345aebe69d2edb58e6dad8817c50b9eedffeeda3c72ef69dd6bc1e98c1636b4a6093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cda37816a5753e59c569912d97e55309

SHA1
9fbbe367350ad3d7e99910e0dafc600399dbdf6a

SHA256
f28812722bf2fb91a8b52416651eb3d729cf0253e50e2d8ac4f72ca4190e53a5

SHA512
029843e96f105440ccecd7da78597608d60ab694f72a8a544cd22443bad391518003c8456572e027c3d5687a425a3650b40f39017b01dafe409658c2dfc17e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2eb9d0e836ce053a88a0c5404608fa6d

SHA1
78f811941930dab0cd837f067028a63acfc12575

SHA256
77e4335f2dd1174c225049365ae9886e2cb368fabfc01a534f1b155670363d26

SHA512
a1f634b615db6f3ccc07b3af6a4edf2002fa4d55636b8fa4bc5bb51362072d906e3da5b77290e8739d2b0ce3a11f59192725b05333ae1d2e1edcbff98923c4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9220afe065c4f837bdc0fae2229dd642

SHA1
9b2dc9cc3b066b487219b13a9b89996f90451789

SHA256
c9de2469308aec730226cc7475633a1b45cb17e70f362b4d01292d2672b50ac7

SHA512
49f75820a839f4cc741dc6e9b0dc06c61be899aecb1d9fcb57eb98d78d9fea92d4c490edbe5abcb2ec69a5c3b132d9179eaf156148c085432f2f40e645c950fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d75ca1843976e3923901da60f2001a64

SHA1
1ca193ac82696db6551c800ff169fd8cdf41e9c8

SHA256
cc2679eb0fba54e8dc6250ffc73efcae05e95266a50c8616481b9c8c7dd6d1c9

SHA512
65046c2a3f252e3f71cc37a1d30fabc4daf0ab8fa35e40e09c59b0d67cec7535f4cd145b61e418c2c2eaa3b942ae8dd81eb4f93543b12033784bb36ea0b8ac0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bf546def635a87c76dd8a91a54a77fd

SHA1
c97141f1096d92ac54e8a179e48e58b4ea8717dd

SHA256
6b5c969d0d9e780d202000c44ec2e2a49bb872ee92143b8b7e7c82c064256d3f

SHA512
6d754611b57658808266ab6533a7c82a34fbd3addf4182e6ec857fb93f9f1bb66d6fcf545f8ddc0d3318718b0f248c2ef6c2d44c41e302868de1ae2c02545337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0effed446811b223bee0fdfaf031ccf8

SHA1
beaddca456d7c5f2f50c592f7e2338862154057d

SHA256
5abc308a42e9a77fe5177ed345a1c65c4f79870d62e07543ec6ef7579c1b57b2

SHA512
589400d97597911ba277116f8effeb3b34059d505f89b52b6f6fd4015971fa7be3baab011c03e8bcd74ed5eef4210186fc8d8a41425328c9634abcc34a61d8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
987ddd6ea2ccea854cb8fa93846ec442

SHA1
3af97ca619ac9050bcbbbc39188a6191323e7f31

SHA256
0147c659b172ea799a634718d41c0b6d42895f1b2c0fbb96378a96680ff94c84

SHA512
419f2c86dae06be02ec3cd6cd99d8ab78107fdeb8ed80089caa24791976b61f5c2b272535790f9f699db629f96046ad6c019b15fd7ef5d201ef07f7fe8e248a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a17972b639b66e0ef7c1dbd08c370b60

SHA1
8b2ff646032b9ad20a322b701119c523e4ddc40f

SHA256
247ff728f58516e07d3f4a595efd0a1d3c6ea090cd3d672737f7f6a3ad2fa7cf

SHA512
efe947238ae7656ba1bae7de37155f3825eed0a231f84b643ba07bc76ae183e4dfe748b0f5fd252aafe2314d442bace9f4612782cc340fdb5a89a4b4ebaaccc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a67a5e77f754c64ecadd7f4c113f684

SHA1
5268c0989dfc8846e76fef78bd23055ff72435c7

SHA256
5a407a3bbdd99a11621c60ec6fbf01c1e542a34977e3338e786014208480d621

SHA512
25b66fd0ecc0589eb52dab584ff23e167fb3fa0da1e1d55e189a216d5143a92f1d5aa980bed1ebb0868fddbb9ead691bedd5aac10e7af649f99073c7c2b7b982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48459666b3a1483aacf2c9ba2926d862

SHA1
a09c3a079f6b9123072b75a9fd0dd058d77e9c3c

SHA256
756c317daa39e7cc7ac5281d1331a87dfb29a0602e9e6339f12923cf633b1260

SHA512
db41b5bb2b866799190d9ac1fe00017e7f016c6d1de89d9664c29076de32ca929635ef636c3c26e05af3de1169dee4a2acf01652e959162a13885878f3135138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a15a5a21134150f68179bd0c72c85267

SHA1
854e1470d62f14dfb1e7763a2a1ee46b6af40621

SHA256
5fbacf11343bc033f743ee3c288ef5347057265dfc1cda75d8ee8fbafdf23b19

SHA512
f8459c58c9921580fec0102ff490fb182340c652378ad424326fc8bb6d0f0ea3b65d17f4ed7abeaa5b822a760a071fbac5dfc4f8c123777aa6236cb6c2a5c6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
850881fd8e4030c3859a69a93a0554ae

SHA1
c5836788511a4e9c89f885b09440f285270fd278

SHA256
3c2f6d85c024f42a030e8604d49bef5cb0972753d09b0f274e68e4fc3b3b4eb9

SHA512
8821d117b243cc9ebf8ffd3a7ac9a4828d377d5b973a7f758678d9535b1d5b0be1ff8b629ed67dcb2ff8f0e307ce410b95d212ba11f9a00383b560303d29e959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31640dfd184e08138112398618a189de

SHA1
c7e0490f66d19825ee70818c7cbca7947aea1dc6

SHA256
95d3a760fb2d08f82cbc9afee4d51e87e700a4663864339aaef5dbbf5d461bfa

SHA512
8bb53bc25c24bfc3be686980134c3e2db6154ffa69df847331ef54af0156dbf697a0436798cc97eaa349abe1f9438d5b32480c82486e8a06ae17d6ced6b610bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63e069a20d9dba39d645c9c1d91bfabb

SHA1
092c83ac96abfc4965b6131ddf459966c238baed

SHA256
9a1d7ee1f9ad8fb5565f7dab1cfae465b88c3c47030fb1fc1d16932924675958

SHA512
ab2c312abc9aa29bd733cbbc5a27d4bdea7cde5a95a4244555928bc6c92a91c822392edc4e55dc030cc95e68c69942350c55ac95f1dabaf83bb4a5f3442ae576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
595f452c936e224567767779271483fb

SHA1
bc75e9d10cd4396488a59495a916bdaa569741bf

SHA256
4f862fdc358affd97bb0d3859d863d8838496c1e93c97e5c0d62644583a4aecd

SHA512
dd40205b26b4e16634236c1da99380828d4695b987396f82431f8349b0abb2823a6b3e21fcac70980f5b266d332772a734a5d9e87044ca3cf6d73c4a50f7fa63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
caea5f2ddb1c8ec21120f4a72dc66ff0

SHA1
51d0f428697d54e401b14c8969de3e11a92234d2

SHA256
bea630078a54c5cb5721350454e829bdd542c2a797bd2ada5be403e9989450da

SHA512
e337c79ba96d1c500f58c4d88bb7964789923b3e97c9f2211d3f15666fe1ed07599636c4f52a801513bf6dec1e07396a1ff3017d32a1782df22bc880a106fafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
85a46a7dd569ae67ca4d571d4d51770d

SHA1
79eb8f0f5fc8eb0329fcb2a3ca72a245e3a94247

SHA256
186deef57b2b97410a162e43583a81380ff08a5a16216c1934058c3e6797ffbe

SHA512
7fa353fa7c67ff9774d652bf7cce71419944dc70c2a5e60a1d2f55b2d8b1761a8905a58c85dfc031cf8ea49531694e0717a7a62f73eb5e527208ffa8c2e0a9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4b418284d0aa45e17cbd2fbf5ab8ad57

SHA1
4ca3fd0829501e40f8768b02a061d03325d29f2a

SHA256
c3b0f2492a17735e0746307e4cb3209bfbcd3313f65349fbb267a308887a6c32

SHA512
7c7deb88d35a37dfa2eb84699f5b0b7be5c5c9f1990279cdad4770f376fe4c6e28560995e64b88fa7e69d33d55338598ab96ea6f508a4007b4d1e33280e6e221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
45ec7bebcfaccf9b10681a80449f3dcc

SHA1
11a25fd9e54b7c3bb3e242fb0638b99e805ca168

SHA256
40746572cc2a5c5f6471ac9ff63ea2667625335aba9df4161b7dea2a223c4dac

SHA512
317bc6755627800cc513838c33ebd0ba0afae17d34c4580cff2750055a98c86b012638f7ea640512b3728e93851f3540ddcd883d15a052f37f024b4850267306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
6c375c806ee46d79bfe1f374fe3090ab

SHA1
1eb4ff5b863c43108a15d5921d7151143292db8d

SHA256
f63dc3d9f26f0a70b61b5e82c5e4f62d34520f71f8507671e2bc0a69d2de35d9

SHA512
59999e38467190c7aa3ebd411b06559e52e969176c76d14d801a174a050418a606f0d1db2a3f531d62fda72228c76bb7adec5f1ea614e78e60484ff6bc5f64b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
389B

MD5
b603de80c49473095a42578c5f7d9d0d

SHA1
4f06ae8ae3393af1ae229a7e9dcdb7480711573d

SHA256
cf58743ef2c64b7fc6ce26f8a2ace1dce168dd6af81c6e721a39a64e2453b1f0

SHA512
7deb77ddce7f62fea2c08380dc08f37ae6b7156357a6d67b8b3721f39918e351fd16a2f094c209e8928e75877e854d7c497256c0b6c30e2cd6d01b293639ab53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
757B

MD5
13b25c0d1395539f8b79413dde8a9962

SHA1
4f575c108e4ccbdbf41099083dfa2c2742ba3d90

SHA256
b57ba99fd1e7b3a744cce5c015c17bcf98394cbdd9fd46ce7b55d2ac222b701a

SHA512
483d88cd80ecf291ad9b4cb03f81829d07bd04e8389cf98cacc7fcd12985bd75e1339741893e4698972b6be1ec10d8c6fd26c0e82aedb3cd22c18be17405a456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
755B

MD5
f40392da40d7fd430e087074f2f086cd

SHA1
6d794304a719da7a70f5d1cade80e2d73178aa9a

SHA256
1294ce01201eeeeb12b56b514621cf467fbfb796eb4c824256c88ede7709d360

SHA512
a9cf4dc451c1fbbbac08286c3b1459671d7bf6dbbbae860248b7314d61e332261f77282291e122b9c7fcf9c3ad1fdbb0d00f03ca9460b2ddcf481637465361b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
809e06fbb0c5fdf54c59909dfd11ae27

SHA1
15983c05b5eda688ff0908963a372acecf03cc70

SHA256
0dc5d638297035df7c166f033b1db4b58b9b0ccdf2f054d0a97d99fc34165e2a

SHA512
6f7bc64a90f9500394bcc0e0f4fde5be288a1b3235a8746b51dafbb790e28e36fa0830db13988817efc118293a6bebcc4b76e4ecb3c79c07e03d95c21466c353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
701f91c5526358b389705f3948d7ec43

SHA1
fc720b2e81c125f05ad2051459fece4107f05fd2

SHA256
bbc332125814194edad22121ce0b34cc6b30559425e888c8fc8f514a2dcd4552

SHA512
e7953a4c65f447d604f6c627656de8310dc361d69bec235f351d5dd0c149b8a2c97976367ceba690b0822267b68059d81bc708d111dd5df05a051fc17b2a1567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a84dc1d8d4521943fc97626f8bea7b8

SHA1
0fdf586f343a3c5aa5fcdf4a379a34179293433a

SHA256
551cd9a8e12377f95151f506e40d5c9b5813539f6e34d48e8d71139206fee88d

SHA512
e2221fb99acefbb3cc512fe434ae9bd5784d34bdbc0688f8f15caa46fd8d2049f64fc263fdc02f548306af0d1f4c72aab97d1915acaf880f5d27d948f03ea7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ff40c3b8ff0ad5dadd2857865438f96

SHA1
8d6adc088e9678f8f38c94d77b6d093fb78e89de

SHA256
aa64f8f7a4bf91de5daeb54c9bcb67ff3e76390215eb9f1214cfeb5c5c236e05

SHA512
1cf7ad574a2e76ff7a0668917d00d5d126d13e08dffad0d206f22eb68c82392ad6e8a84b08ff79d95027d7512691727635ad8760314ecc07c10c01b603972e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2980e2f61b55535c0c05adf8d1f37faf

SHA1
b7f3c7243f27caf15f209ad5f100a3e3dcf23b9e

SHA256
85e3264281776fdfc4ad1e6be1feab3a611df88ecc55059717696bfa2d4c76c5

SHA512
abb61189f04701a0a4a9b43b16094709f5f22f03c642384599213413e9a5bd2c32504c1ef6ec35e74d9e0bed658aba5cdf1e91f121479a19b48345161ddb3a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a29e015ef8f3f6c5fe8fd39bcd57b274

SHA1
cc7df7ebafa4a1a872d6e9b7e1b312d4dd328a97

SHA256
eec8dcd7b85be17aef4421fa66a513b887524d282224dfc247a9f06a4c2dfef4

SHA512
42e39eab023892d2765f5498908e0632626d09c388e940fc07a8e9f7712aff978d0dcb2b343281f13a70ff1954fef9296d7e8a999c2fc84e87043d0d06b3d4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d481.TMP

Filesize
370B

MD5
9a9ae87409012fb47b8e7a61e2f70fb5

SHA1
b26c0b33a36ca82fcfc13c736c5d04c70bf43a04

SHA256
a854a78d9ab086dc4b43d50d4096ec486bfb9ca6c226affc532cb526395a8599

SHA512
d41df39f29fff96422a9ad670b70888af9888fde4bba212a4f62f70ccaab48e2fac7db88032dc61d7a69286038d27c513f189fa1992819ba5dff0d610bf74ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
439cf8a0a6ffaa58254ebc21c6360623

SHA1
8c4429c21a47ce9dd9132a36c6479a7fd82e77d4

SHA256
d16b4a463add7e41f5deb3c8eeec44baa06854b2c5a91825f74e483f6ced05cb

SHA512
63461873434e2306c0ecc52723b1e2d1d9c60b9a3e84b0757c267dd06609c1f2a59e436fbcb133c6f23f8ace22ab7dd4da211b3b37513aba512747a8cfc01306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d49fe0d2-3625-4ece-8fcb-9bebca004c23.tmp

Filesize
11KB

MD5
94cec3924499753d52bb4abbc770e7d1

SHA1
50b20c7901e58c36a4540ba1e9cb22b152a24799

SHA256
762c917af2cd8f7d7af43715ee9702afe166956556549de16a6046114b83363c

SHA512
2a25d922d2805024b43d66bdcb2933f9dd644639be7200d43ee69839055f71b01cc1e7fb68e545c5821b6a937f6d78601180bf4c1ae1da74150a6891754bde33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b6428c6bc4cb1bc80ebb9ac609244d54

SHA1
150cb6bdd55485beefff778df7d81f113f4df476

SHA256
48a74ce334a62955e562f649babfab2747b4193e90ee6d475ad798e3dfb8ee50

SHA512
cfb082b42be6f74581c47399f2143505f284582ee6faf2a32dae9b63546a0cf0755d0b8bfc3070768f7b25319959dbde1d98cb3876a14c3247a8e12719f7b81b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b41cd68b8ddd486ada157deee43c9476

SHA1
2d1468d17323a7ee854db53438db87502dd02245

SHA256
790a76682789c75b96a117d207ac3bd5a74e178276a8b559b73a85e571a32de1

SHA512
90cd5600febf5c105755b6d6a181368147643c0a795f038d18a20197824f36a0054099053033018b9ef06c889cc241620e7e6637f5a11ac9315027bb236a46a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6bf33cfacf078a55dcd8e7b44500754b

SHA1
726dbffbda70ce55bad514af1b5ac6993a106de0

SHA256
4cbfe7b13581e1ba7f407c1e474b99fa12368ed1cd3f0cbeb2483015d5de0f41

SHA512
ff7c28f8637c89c9818421af543e77a954d486dfd0da2e18a3c48c483f4e1aee85eb82c04a3b569207fbe6b1ed71882ffd61b9876aa53c2fc302e1475164d1b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\2ec5ab1c-00b6-490d-925b-362f54e09d86

Filesize
671B

MD5
cc5c938ac0f3566915fa11365b5616ba

SHA1
bcc830439aec084d5538022a9bde7507230bbb5b

SHA256
30e69c55c5694d985f2a9964858b4f8a7b4404f01045710019c46a4a1adb5f4a

SHA512
bf5658ad2f7ccad92b24894448eb890b234933b21515c329a36f2ef19be26a46102aa306000e709bc3b0b3d6ae7e04d11471a6955fcc1302d353fd852458afb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\8e205de6-75be-4fce-9295-6e576b424f9c

Filesize
28KB

MD5
bb7ccbb383669316b12ac0ae60474556

SHA1
9e2432d1c2d1718ab44c3a7474be200b8ae1b0db

SHA256
7f4ef4f27fd1fabd664dbed6c10aaec5ef9575d8e3e040e2bdad54b35e7fde6f

SHA512
e71e7f9817b5b503266bb3899ad26f88b6e2ee538fb6c37c1d75578ba4dddc03d96336b0d94239c3e9691785ca6de4b3ed7e61109cf427b243fb844b2c75d476

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\cf3c87a3-cdd2-44be-b41b-60c2c3834bd5

Filesize
982B

MD5
4154e8189b7e34aabd5e1236f5c867b1

SHA1
9a91cae29db69606fa104a725b12ca3890df3d11

SHA256
d877fb9b479f6a63e9cb8420f88f5af0f40922bba433ebfaa70ab4507e9a3e46

SHA512
7f97b215fdc85ba02a1ca1f2ffee07fe74c905055de7ca515bbc415e2425606eb1b354d6e994b889a572bb9374cc8f44c3c3ff3de9184a0a39fb0771f153f51c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
11KB

MD5
9b7b6ce4c5cf955257d4c382f3e6ac0c

SHA1
bdb072b3cebc2112daea649e4de250bc783412ba

SHA256
8ac58387a40ccad8d4c286761ca62d843ca79236a226955703d5e942513de321

SHA512
b4e6ceecd86ccb30788e151ef853508bdffed6378580a58712063022358b0b905de74dd41daa22ea751d9d5964f80174314e6da93239ffc290c3568b79833104

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
a9e679d7b535c2b15eb700ad601d90e5

SHA1
718503845c2f5b6251f4bf44989d7d317f3d22e6

SHA256
26b63472c6a3a2a4808edcd7867a3a827864c259700697f2429fc8516a20edff

SHA512
731d1fd7e8f82668dd845bde6fce383e277e1b907f531c764366d410b4b37a7c66ec1ffa8beb2d3d104358a51005a1849457e29a7a365c7bd1dcb5fccc03196b

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit