9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe
Size

89KB
MD5

1778ea5458ed1f2eabc6df2872f84863
SHA1

55bb0ccd3e2b18a8f2155a5e8c9c465841152152
SHA256

9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749
SHA512

9d8a631f84c2462bd8ee1ae5c159160368256b7f885efd123490cc5f23a8ef8fe3ee090e11cea5a1cec432b8033d8dc43a337507509d478383e2a1746e0592f0
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfzxxyQeO+:Hq6+ouCpk2mpcWJ0r+QNTBfzG

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687199284624531"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{93031849-E54D-436E-81E5-54DC2B741178}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4672	msedge.exe
4672	msedge.exe
3608	chrome.exe
3608	chrome.exe
7044	chrome.exe
7044	chrome.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe
7044	chrome.exe
7044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeDebugPrivilege	3560	firefox.exe
Token: SeDebugPrivilege	3560	firefox.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2488	1252	9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe	84
PID 1252 wrote to memory of 2488	1252	9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe	84
PID 2488 wrote to memory of 3608	2488	cmd.exe	87
PID 2488 wrote to memory of 3608	2488	cmd.exe	87
PID 2488 wrote to memory of 4672	2488	cmd.exe	88
PID 2488 wrote to memory of 4672	2488	cmd.exe	88
PID 2488 wrote to memory of 3632	2488	cmd.exe	89
PID 2488 wrote to memory of 3632	2488	cmd.exe	89
PID 3608 wrote to memory of 4368	3608	chrome.exe	90
PID 3608 wrote to memory of 4368	3608	chrome.exe	90
PID 4672 wrote to memory of 1040	4672	msedge.exe	91
PID 4672 wrote to memory of 1040	4672	msedge.exe	91
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3632 wrote to memory of 3560	3632	firefox.exe	92
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94
PID 3560 wrote to memory of 4144	3560	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe
"C:\Users\Admin\AppData\Local\Temp\9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\83B7.tmp\83B8.tmp\83B9.bat C:\Users\Admin\AppData\Local\Temp\9834757bda4d8078d99bfba04f191acd303b8b589bfba64ff29dad819ed73749.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3608
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffade6dcc40,0x7ffade6dcc4c,0x7ffade6dcc58
      4⤵
      PID:4368
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:932
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2500 /prefetch:3
      4⤵
      PID:3748
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2604 /prefetch:8
      4⤵
      PID:1280
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:548
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:3936
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:1
      4⤵
      PID:3876
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4708,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:8
      4⤵
      PID:5804
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
      4⤵
      Modifies registry class
      PID:5816
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:8
      4⤵
      PID:6408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5388,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:6616
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,5836122635181584400,6093496795278725214,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4920 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:7044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xec,0x114,0x7ffaddf546f8,0x7ffaddf54708,0x7ffaddf54718
      4⤵
      PID:1040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:3772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:2956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16309321895775852943,15895379908766628402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3560
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6743e7-f13b-4f37-a785-0c108772d139} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" gpu
        5⤵
        
        PID:4144
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbe6e4c-ec7d-4eef-9381-e2c30f57804f} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" socket
        5⤵
        
        PID:4772
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3296 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3176 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2be01a-20a3-4b7e-af27-eecc2a3df585} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:4364
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c789e21-0e5d-46f6-95cd-26b57651fd79} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:4668
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4220 -prefMapHandle 4200 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e2f84a8-cf29-44e1-ace6-27c7351903e3} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" utility
        5⤵
        Checks processor information in registry
        
        PID:5160
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 3 -isForBrowser -prefsHandle 5500 -prefMapHandle 5496 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceea037f-2f62-4e57-abef-294a33fcbff2} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:5912
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5632 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e39364-3ce6-40ee-8e4a-f1c8bee6e951} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:6064
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c94f140-fbb4-44f2-891e-7a7427d0ad0c} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:6060
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 6 -isForBrowser -prefsHandle 6288 -prefMapHandle 6284 -prefsLen 27039 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd2bfdae-8d51-4aad-b237-3a5cf913801e} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" tab
        5⤵
        
        PID:6304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a95163c782b96818f80b332ecdc6cbe4

SHA1
19ae5b466f2d0c8e9fe0fdb9ae95ad89892bea15

SHA256
0e30c40d6c150dfe95261a476c55f8dc08e30764436b61bb52a0ffdb8ce64d06

SHA512
1e61155a415e64a2543aa0a5e69f34d04c0f921648cd38923ac30a000d9f4ec941be971b39b4cc338b7b1fd2ed2a32d2a52bb9a92eea3e566675217860575b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e420f8de92037cb83f1f4cdeddfdb55e

SHA1
575daef10d0fcc130b4b9ed74961999d0a9fe6dc

SHA256
e70e562037359fd2fc3b5ed33741c6decc87788f37e3cb4cd71d80ffd89043a3

SHA512
447462a6e5b3f91e1fb6d5b82dd2c75fdf262e37a80bcda5a4fb3fab839952af28daaec4e964719e58c2b34ccbecea965e5e7550f4a0d03cd39d0d93d9fb4696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
015e3b9d612da874573da66b58e9a7ac

SHA1
d9b7d35ceb031a8b929e2315d3b18b5e20127cfa

SHA256
5c4b08c073f8fe435dbb3a93ec2d38ac137b57688ff51a87732dcdac4ba14f8d

SHA512
a8db3a0254e5848ba64586f36313dae1cdc3da16239333b79cd5b1b7b281174da54340cf52a7c7a325d21922db300e5ef34a3e7a313755505ea81d63388c315c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
76537dc7cd7c4e8a135870b863b685de

SHA1
8f44aaef0639ac57b88145ff32b1f859ec15df44

SHA256
fd200c80a65fc48b4a00a7ef545eb3fe4ebd6663b8a26e15c8aa548cfb75dd9a

SHA512
1de40a1fcfd47b454b2ff94ed5293e690d8811aad1dbc496230d1b1976e7f06056c2e749154897a3b018676f1b57235b2bfe454edc506e67fe6f8c1d8ffa0b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
8b1d1b0a2de6c7a283500202fa19cb31

SHA1
e661788d417b0d84bcbdd3a6bc0b1e2239230399

SHA256
abadaf00899e79b8dadb45c1b57239a017de8010743d0603cc02233830e5eb68

SHA512
438468e06bfd24680b4129ed9731ad87d51a9f8f7661475279e050f75fdd8084555a996dd5bda9c3ffe961d3d4bc2ebc5f99fcc083487be85f33a97624ee0c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
74c59881e72ad939b83284cb5cd34d3e

SHA1
3869c61efc2ca3c4ea2e1f1381267fd79eb1289d

SHA256
b80027d8b36e5189ed19c06da0fc718103c857d393395ff2a644e335de3a9fc2

SHA512
65b1c68944d111b4605d96b939b5b83ecbb64e361b40227f0d9b18ccdd0eee148934e61228dca83210d7fd99d010c70dc42d56cd4fd85e9160f23dcf4e232e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
4f42d82997fe6e629345da08bb0cdc9a

SHA1
e5ce308c70098a5fa6ad8c112a8f0461543ebfb8

SHA256
35417a4a5e4947971465118cb4070085c9a8c794f52726ebaf2859cec6e43e55

SHA512
7199688f92b9f59fab8b5d8801757180d3dc7da7edaec52dea72e483118718acd9e5f9fec4e328df2665ce522eb9cbd827203f2358fa85e35fa1e2bb8c45eb9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d133492b87b1576711f844007d518355

SHA1
bebd9de50d4419de0384710af1f63fb91a8b85f6

SHA256
ae0583e5ca5dc351146f47d2df615f14e751e2fb9f0dd901302c3dbde9aa108b

SHA512
064cc1081f69ad7d902b375ece31e23072dcb5d4fb83b9655d407fba5ce25c141c8b1e1b87ec49305bcc7e97d5f83495bec4ba494f39b7899f9659920a675800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee81fdb01203e27e7cf2ef83e94a7d93

SHA1
f54c6c4a0f3ea063959307070c4927c18413a251

SHA256
4620d83df9fae580f6f9b26dcb13817afaf58f6aa1dbfb03080760244fcd6702

SHA512
0a5bbcc336299aa20d0a83c6fd544e68c336366d5f7f4a005008b55107f1d6bdd0f04db3418ac18b48e38fed1fbede643702055ae729741ffa863dda0ce0e427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb20f6b264f8b87cc93a236b6a6b7f81

SHA1
d76199dc2d21142b2d40b2ae6e59e60b1e753438

SHA256
127133926f5b46ec1273d0d04a097266646f10274bc2990a748d536d22eab312

SHA512
af9257278af7a61b8cb287f2eaf2fb40a108d5f105691e63dde82e449a4fc846a00dfc6cc883a2198025e2a3179087c58bb77049105222f7d914a10492bb0708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
192cc3313d20abc3dc20fe6c168b4966

SHA1
d6d4ffd833ea4507251843c65032dd35d33f973a

SHA256
2fd7b6d9bd7b27bd0ddbd0ada4e051d4601288ae4eb837365753536700581b94

SHA512
4adff880704d6309859a3c15d361ceb99b3dda39a402906fe59cd71f043fdbe0a3e4df1b574009d9adf9354f8b48bc2ba047ebe3d19ea0012df109792d37c7a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eede0c0cc64fde236ae77297b009400e

SHA1
3b4c3cbd01fac48ef9d298eb2f0878078da27f5e

SHA256
1e2eb73c346e08a5b7cce18d2ee7cf2793a4a5e405124234ea999db765ffa261

SHA512
bddc3ca60a5c112e360c728a410e77ba80927ab099a2c6118b96e486084f559efacb670668f6fdb340fd0ad4451edf82c6ac665446585a74f6169ae05452c70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91eddb53ca7544cd5b145210a851e3e1

SHA1
abd108b0e8789234a515f8061f3632015f0e7bac

SHA256
82846ab4e8616fb27aa4ffd553438f623721edad869f3183ab61a3fcc9fe0a90

SHA512
1617a28881fe289009bfb90aaba5c4b92ef4a0bc10a29847e5487b7e066c71f31953b6b950bd94f4d085e2c0649107f229bea724b79c1ed65dc023ace3c575ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b156ce0c0ab71e778265fccb74d246cb

SHA1
b41efe22cdb6dbb52989132bec19a7043a16cf4b

SHA256
847f2e7d612d6a5faf183db12f50daa2e5b279c5128d91cde14ec565b401f066

SHA512
7b895ceedea33a2ecd8ae264ab67166f3a2916d8241e60c0fbda2ce862e1fdce16919436be56dffdeee9e34536a04efe12a0d6155d4d25e587d0bf9aa7311cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55c6a3e106fbaa06834d2b7fee14c505

SHA1
f163fc1c572b72e7b922b326dd7227b38556bf69

SHA256
3c6cc552dc890889879dbaad9bd326ecc40793a361db741d07a1c937012643b7

SHA512
483561f11f28ac45cae5548072a768ad40380c7ebbac8406ec88ebe65de7ed917aeaeacecd4b0bcaee030f58960eb28bf652a0841ab3be0808e938401fe358b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8a00807881ab90d9e46c2a74bc16191

SHA1
678a1d6c99f76a755f5b66109ca3876bdd8ff8eb

SHA256
1f091b0c00ad5f59cbe18c11230e799cfa9465c06fdfc756eec3df8eee5848a6

SHA512
849b7d9906d14d2041e47bb73648bb768f1f97018778197e24297dc9b7cc8312721a7b193464b88b46b899b4a96dc06e0d77eeb8ae3ee21fa5ae0ffc2faf453e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
658d8c8d95e45afdc22c980953c5b1d8

SHA1
cd0b5b26ed0e386bb4631fe8ad8a3cd81d8ba32d

SHA256
895a55d3ebcf7fad475abb1044361b9c3eee1d36dade7ea980fc265af6aa42e2

SHA512
049f5748ff6bfccffb413ad40d2f603238146c180c94995d8e25dd2c0817e88f89a7379d8fafadde0b5b769217819b2f7d723a9631e8fdc0619ff2d78290a09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
7997208c5ef650a6a2eb97973762a6fd

SHA1
439a798b9ab30f436ab9d6c855b038066b7792bd

SHA256
a07788ff3c795a78f1df6feb077bb9a6524bbc5ad89e6ffa7268b67ba69a3845

SHA512
460261dc0bcd5d5b24a582f100c00d83f50e4fec88f8c48fda46cc524484f9b5e2118c3b76dfcc34d5399f30720ff3514ef1e7d1990dbfb357b505c6c3ca8a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
50805e518be2e419130f0f4fc2bd33f6

SHA1
5c08a3394c99c23b65fb0be7be7b9b13a666584d

SHA256
3c9f65168485673e7bbb4f67c9e2daf5b24847dd22a4c8f351c75eb70a18fcfd

SHA512
80d18a4b0b474355b97ad3791470b5b5e836f224af758ed3be89f51c57c44e0f4f6e119e60e0c78224024285c9d4e7e1616aedee617f84cbf3867e344ebbe732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
03b655248ae0d11de6fc0dd27dc57313

SHA1
55848e862e1baf395ad2fcdbd786be70b3f39ab8

SHA256
d8579f523c11242cff7cfd5a3cf8ab54e50198ca558d99ae0a75ee96c7b3f473

SHA512
e1017af15a76c377b1a9f830ea7d1568c778f5c60ab488c19687da296d549c2b113258ef4b495f33276b55da42f5f05423fdeaeef6c3efe91bd969e93e11487b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f252e4cbd68c5405cc92fa2954a9b2b5

SHA1
7b968e6c49511943a35d93736a4c941dc6de44ea

SHA256
0b6004bc7ff03d873b4808fbc8c14b37b055623d91c6c88a79d12c0cd765d9e5

SHA512
9c4e21066861fdf079c17bf5eadc4e1c91e46de3c11ada92f0ba2b0b52f4b571b3102d2a3395ddba832e3b0b91c79fbe3b1854b9419ec939078e4cd2c2b6d4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3d03a14bb079acf4f53a2cc5b33f38a

SHA1
2334ae22ca6a1b8d4d6b249f00baec1c76acc9af

SHA256
b31dfecf110bd3bcfb98120f87d46c64f042785955e9e8cd30451d138db28f3d

SHA512
4ea53beb0b6601b4c77a0f23f80dd1e9a4597c3e363790eb6a2003d672b69b10da9766828315cf4f482196dbf4b061c918918ff01577c3e0153aa70863918525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
239b0289699398f770fb306cff64d628

SHA1
304b457f2f38e7c1ae2e0439f091594e82b97989

SHA256
05f1573b9c76900c8de62966f12cb4c6210c95741b05f0339c484ec967f671f2

SHA512
5c4316287e59d596f1866615b7222c845610f52c1ea264ed1d35256dfa33b6da7c42bb6fb43185b928c36391f2872e25170a49d5786881f8fbaeda3f42bb39ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a33d6b80cc1dc226569026f118339d2

SHA1
c92334bf00a51da99e75dacc623ec67116ab2466

SHA256
5db0e63654509c7a3b4fc5ef8803c927fe67f16bd5b842f78196ca6d59c953d7

SHA512
09935857e9f2920875bf057380b7c2036f7b89cb4c1f58910c30c7fd4b01c539c264b8c5b3fc265155141ccfe43b84c16c1b1a3aba4239179a1d5e32cb94cc17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbc3456f21162d528fde417fd087fe51

SHA1
76614046f041339d9a7c09e52c9264d49f4cb381

SHA256
20363a08c6ca669c11581e3999927e682253a076b4685b8f6aa586d07f329d31

SHA512
bfc0434f6302f79d25cefba02e2f9bec57ff9c97272bc9b0c3000427023445e0cd686c10b2cc2657a249aa23c6482a322a3ac2874c2ebec6d9e0ce8f7cf7d49c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
9e9f2edc8efb3730845102674f0158b9

SHA1
fd1b96fe7c40d25f352910e50c94a7fad64bdf07

SHA256
7ca61588ec99b1c470dcb6fed87812253e148dcefff846bab1586875c6a6b480

SHA512
4eb4be843df36a087fc832670ad15f7a277e42485d13fac85036545325eea5c2abb8524e8f2d69825d0abea068cb6cca8e6fa3037c70559268bbe41bc6e5a9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\83B7.tmp\83B8.tmp\83B9.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
16KB

MD5
77d88588dda7be59ef3bdecb97b3071f

SHA1
b9e3a45eb60f3558fbeee14b3f80e9e37ef224cb

SHA256
2513bbac0ada696a9831d94ddb76fec84e8adccd5f7a0d28ad366aea1bb4eb3d

SHA512
d272d1f498671fb53a95cf35d447a8b5cb7ac1955355c25d383690907422056453a93c9d555541038082a7bb9780c76051d147ccd5ee188fdde0a329d45471e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
8KB

MD5
91ced60cff8265a36ad70b9a14d531c7

SHA1
f6ee423927b00b5ee8aa10aaaca02b6db8b32e2a

SHA256
3d487fb748481deebd3e9deb5a2121640d4e29e1fc9a3c843954e3eb04380cf3

SHA512
e2644a814fa6ff27adf84a8ebd6bee6271454fcc83edd523fa2fabac456742a212f1f7d71c9b8752837e8899e104b4c6cb374c69776b522cb43dcf2d868f52a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
916fa6a9f739bcb903710f4149802acc

SHA1
92a70cf77434af129428861a71967bdcc3e35f55

SHA256
a9e97ff9ece7a118e647130bd4d761e9d16297f41af17c0eba232208e4ba4449

SHA512
3be63d0d2ee685ff48112bc763569688c439eda615cdfb2fc17b8f841494823e101367790b2a327a8ee98f0839184ee08130ad3db8cb531fa081ec11d4260421

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
71055c577716d5a1551342f046aed661

SHA1
992d37c80a6a455c4ea83f40427b4b994040abff

SHA256
48cc220e3581e58d634b5ab62ec96392fa511e9b3b86f1d1d538bdd3dd8f443d

SHA512
06b1b85cfc7786c465d22a880674bc5d5bc11a2577c7bdb62bfb8a8302811f92a43bc5d23d371b02153ecba151ca51d4d392a354bdc7faad30dbb4f4a6860dfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
95be3da921986f2063b04b9b44f53f8b

SHA1
208e466b54885b5a2ccae7c4e18cb0880c15af7d

SHA256
45e1b1223a7efac5bf057338bef20c7a9d4e21e74422ffa49f416d5d9a8284ff

SHA512
13fc507dab58b4d7833feeb1681e72442bc2afe598c6f3a7ef7c3868a49a09b6d4290440408d7bc89bafa8a148024c860db85bbf9456a9751cf2d670ad431bcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
a352f063b125f3357e52d21aeef06fe3

SHA1
901da27351dcd8366f45c94f92a07350a5c2f681

SHA256
256967fabb90f34c9f50869dadc01f0cf4c53a29f3d7a036c3f445d78bc20c57

SHA512
6530ee35b12396e84fee9df3a4997b0f800f62e6cb3ae70adc2df764c3664e55fc1f3982cb54629929dd0a8534b5445cbee8a359b1d057d721df24ca992c515b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\40aa794c-aa15-4408-8693-cfcf959519b9

Filesize
27KB

MD5
0bca69f4e5881872b918f88ccdeb70c5

SHA1
4ce2ca2ff85ef3a127893975f8caf319ec3a629a

SHA256
4e034d9ef45027dcf5549230e6029290d77beeea4159e1a3adac8913571b7619

SHA512
5d0844b1179a5657bbce8ac349d45336e6ee5b2fe115917bae7e13ad0aded11dc5533e7bdd472ba6076f7b53282e2ae8ae47c44fcac1aec0edf48c1427238a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\b11214d6-0995-4527-86d9-809f53019520

Filesize
982B

MD5
6396fc9a36518427d9988aed105fd3af

SHA1
8911be118793d5f5cd4d94911c7e39aa0fceb3c9

SHA256
4f47ccc1bbb909e77fe51a9190177046795a8da595461cb87379e740574eadf8

SHA512
b72cf84bde8a50dc4c462ce7dea75523b224a554b2256c44e17f9df551685d9cf07762ea054df832949235fe0a9576a49f27d07132d9f7a9aab69944030b0b2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\db568626-868d-454b-8ed8-f83f66b1073d

Filesize
671B

MD5
13fd819f083d501d0df0e482b1435001

SHA1
4fc6e2d094732e41137353d5f95e40589b5b91a3

SHA256
00fa5f25a5591bbf337223ef1474fe30f2aedb0e07d89a50f519487c18c2e57b

SHA512
11370d3a43c841e4d8e6563a5bfef1b1355f3566d934831eef44818b32f834994c6458e25271703c9df66334c731dc9a3b72f809e418f96cb74fab1ce9dc8e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
52b3ad3d8de8c6dd64d49a85c299bae2

SHA1
d0352935664fe071840cd030f828664940183617

SHA256
2833b54ebde7ad00abadfd4942b3f0e6e0795b38082b77af364dffc2478dff58

SHA512
82404fa5df101f11a9eab7b4a676cf27dd0daf021d90de11921d6a45e447549bc84e4cbbf435b1041e508ebaf7ec760922f63d611ff46ce697d26ebc79eec3af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
15KB

MD5
b5aa71abb9d5ce82a5f1c0374fe620ed

SHA1
ec1df977c646613228cc63772684602b4a62925a

SHA256
a3b13cf450834bb172f62021d368e4d1322b2053228eb014cdb5ea37a65e490e

SHA512
a30e67df7e2f1309d8c747976693ac8b0170ba9066d04e84bd8248b6517c08a3aa382fdcda0f2ed464f21673f46c08de2a2c66fe548a7182c6372890bb63c845

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
10KB

MD5
36d144037ba621d44147cf389396effc

SHA1
069cfc9a1e2f5a6478dc8f53a28349be7fb98175

SHA256
056d103815885339e3e92155f3381559d2335fbabce2433799d989130eb45a9b

SHA512
cebe1d73dc1ad4397c5011ca77d502ffb2dfe3ff33dce11a0f6e47bf7081fbf8be661b89abeafe86242b47c0efd970b5fd05c542f6a6a729ff4e96361465826a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
7d74a5bdd8a50a46192b938970ae4086

SHA1
f223a499f9f46fe9cefc7a7e0c8978760f3ec853

SHA256
c6921a5df447875a330b76ee3a0ef64587c7480934f53d09f773bfa6d80af42d

SHA512
1a2ffb144430b018f9bbfb0b619f6c4278a000bc99425fcb8f63b0edf68f607fec20f771b9aaeac33ec1a7299f6a1a2291d640d97e7aeab3768e8e434f616b0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
f95049ebef9435c09d024a258d2763cc

SHA1
e630cbdd23b479a22329cc1a476a015b99e86e15

SHA256
27b02cb5bbcbbac8af7186830263c552c1e2fec31e852d42f255e338d3ca1c88

SHA512
b5f2c3f72da040e2a173176a7ac18495cebb35610f34bb0fe8667d85a6ae1468eabf575b717f466c7b6d78d12c74340f9e3b72dd8df54376c5dc03c9f31193fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
bddd54be8f831b7cfaddd2655aad8e3c

SHA1
e7fafb0650a9610fcdd4d8089e211d6c031418d6

SHA256
b4375489a9326efd3cf4b17364403872489983f7f6eb84a5505bf1654f3e37cd

SHA512
6e809099e9236ba7b643569d3bebec3a92d9c56cea63a76ea36f6bd5bae2a00bad3a1847951821b607d10ac94be84510942458762bda23483e7269ed5a535451

Download Submit