72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe
Size

89KB
MD5

08ba35f38182ce9533b8a49ac8e79c0d
SHA1

84a72c41a3b3277fab7c8fd5e1ab94ae2bc57921
SHA256

72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9
SHA512

f8e0f94c5d1fe0674521fd71827a21aac156f34a5546be82ba9fabf2352ef7118e47bcc19ed960a390324a6ddb895c9b0d4300a519f534fd1bcf86d6e63144d7
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf0xZzEO+:Hq6+ouCpk2mpcWJ0r+QNTBf0H6

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688632648488128"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{B25A09BF-BDF5-473A-AD58-C2C977CEDDCF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
1188	msedge.exe
1188	msedge.exe
1556	chrome.exe
1556	chrome.exe
6468	chrome.exe
6468	chrome.exe
6848	msedge.exe
6848	msedge.exe
6848	msedge.exe
6848	msedge.exe
6468	chrome.exe
6468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeDebugPrivilege	2016	firefox.exe
Token: SeDebugPrivilege	2016	firefox.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2016	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 348	3448	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe	85
PID 3448 wrote to memory of 348	3448	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe	85
PID 348 wrote to memory of 1556	348	cmd.exe	88
PID 348 wrote to memory of 1556	348	cmd.exe	88
PID 348 wrote to memory of 1188	348	cmd.exe	89
PID 348 wrote to memory of 1188	348	cmd.exe	89
PID 348 wrote to memory of 4900	348	cmd.exe	90
PID 348 wrote to memory of 4900	348	cmd.exe	90
PID 1556 wrote to memory of 2868	1556	chrome.exe	91
PID 1556 wrote to memory of 2868	1556	chrome.exe	91
PID 1188 wrote to memory of 5088	1188	msedge.exe	92
PID 1188 wrote to memory of 5088	1188	msedge.exe	92
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 4900 wrote to memory of 2016	4900	firefox.exe	93
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94
PID 2016 wrote to memory of 4584	2016	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe
"C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9D3A.tmp\9D3B.tmp\9D3C.bat C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1556
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc9c23cc40,0x7ffc9c23cc4c,0x7ffc9c23cc58
      4⤵
      PID:2868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
      4⤵
      PID:2380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:2144
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2612 /prefetch:8
      4⤵
      PID:1316
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:4652
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
      4⤵
      PID:2720
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3640 /prefetch:1
      4⤵
      PID:5588
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4320,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
      4⤵
      PID:5664
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4292,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
      4⤵
      Modifies registry class
      PID:5140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      PID:6316
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:8
      4⤵
      PID:6376
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=220,i,6479325006370182637,17455625906617798581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc8d7f46f8,0x7ffc8d7f4708,0x7ffc8d7f4718
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
      4⤵
      PID:5036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14679542136717984206,2176547222326793571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2016
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3104f4b4-9f0f-44b7-938e-d3932c0ba93f} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" gpu
        5⤵
        
        PID:4584
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f1f3b2-e72d-4e32-82aa-cffad93b212a} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" socket
        5⤵
        
        PID:3880
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {532b1d33-c773-4712-948e-bc1df206c844} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:2272
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3124 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baf43c06-e467-4e67-a58b-5ea836d14901} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:2080
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec0d2085-2766-4de5-9cb8-3d2859c00eb2} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" utility
        5⤵
        Checks processor information in registry
        
        PID:3584
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5280 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ed8b1d0-e083-4cc5-b001-aa9dbbc5c12b} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:5792
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f87d6fe0-d256-440d-81d7-30b9131b4083} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:5808
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03a5e855-b022-4c2c-94d8-dec83150d136} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:5820
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 6 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e7fa0a-c2f1-4004-aace-77df94b2c8da} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
        5⤵
        
        PID:6456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
087b3afccba431e6f8956f440b5fbc43

SHA1
c646e2e204e0029455f527ae77b0459631de9a79

SHA256
f009f231a4154aef803be17acb8ef9cd6039db2227d716b12da2dff646f2780b

SHA512
0e4a991698bac7102856b3d57ed3b0165038d42d43aae521170071c5eddcd3f76a58d9f995cec9157c72ca7c0dfe2cfb8ca026f4265bf594e07a4eef5ae0e156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e12b1901ebb2eec982101a47e0e1a058

SHA1
eef36c6cb9a0702aaddd858c2b5f4e951e900476

SHA256
c7491267590a4682e302abbea7c3a7f586095003e2b9d4abf6b95cc32c2e5e48

SHA512
8d311c43d44bacca8c539a3a7431f79c2441c5240026b5a840981f900ff1471ff3d049d248576b8b27372af5fb7f57faf2861e77671c46628e21167515260c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2b3ee25a60a3ab2959cc478df0fa32ac

SHA1
9dabe64eb6952b2af8630c86b682bf2ba21dc055

SHA256
210058c34367c100041caa3339c6e26b9829b5480942e10aa3d3e350052e1a5f

SHA512
12c1da39b0aeb9bf6128afb8bc07fd2dc86a72801b6fbcf84011ee5d96e450be806d37f3777620fe4b31b688b0c65c6789eb7f567a181a87167319715df4e151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
301bb12012153641caf0602c95887a86

SHA1
6abfaf946e8ec8502757ac61245b6eb9f30f9f09

SHA256
f34265116b5fb12b9b332226d74f873443dc72113063c4a9b29afae4ec55d7e0

SHA512
bcccb339f95d127e04696e68506e821bee565b36e5b5486e0fa832c2568df5dd1c63ae04a4e33a28e7abec2f17a38eff64d27fb2bb62be20469536c4008bd942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a44549ac938d9606a9d1d0a24a38e283

SHA1
10bca4dda55c89823a0906662d1bdfb858a3f35e

SHA256
58b51609c2039c198325313169e1a65df0b0f52826d2899c7a51806d085b9104

SHA512
9a97ac20886cac3764cecd27d858d44bb7dea106f09d4d8ab966ce256829bfdeafe26789d73e3e30fe5d1d1d305129359bfa813c3933f932c534210bf4159011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9564b8e119ff163413a7199e06d1547e

SHA1
4e2f42161cf27259ae7cdb105d2724e4ab0c4273

SHA256
260e70ea8697c7886426fd74548582f6a7ad1c80c0cb33149152ca192b975268

SHA512
4621b4a9eb2c8b945623f057f87519b25a1955aa471f1bf90c8a88aabdd7d2a9657df6573154804eef2fcf1171c02ba3b49bdebd3fe071bcb4498cc21b64944a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ec0d3e505d684f67cefd9643df128e3

SHA1
b79465fde14eb59bcd2eb726ffc5d8abb5295093

SHA256
4cd6385c88aae2afed510d6c9b1e4f090cd8eba731064f2808aa3c1175e7be50

SHA512
572e0311bc17ba9db6b22d9cbb59c1aaaa35d7d0f9faaf150c5c3403de0b12c2083c1e9d965d5b650c969d25d2a1876b1b9b45e5f9d74e0bac2daf790bd18fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3149da52db8ceae0ff8004d3992eae9b

SHA1
b7dfb164e7ec11847f9299bead12441e3accc4bd

SHA256
9bc77c22d3a41758b52cce0113d0e21b0d67bef66f4e6327bf6ff3e403ba0fa9

SHA512
0d82190da3fe931e118dc58bd515a0da6497b124b8cd73c76adb7790dbc56a46dc53d7a5c34bb3764bd0e309c42cbf038e310f17bf742d89070a46ec25b07fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a6d357320418b491660f083a1662713

SHA1
36abaf0296d55eba94cfc7255347c1af8fb5066f

SHA256
78aea7d08d43b5ca22c02592f65401d4d6c13b2626a4a0414a40425a8af1b2f3

SHA512
010e80125654e001d673d083c7acec0e8516bac43622cecb801dfabd5c8865f18e590c5df3642e5fcaf46c288d9e25cb0c82e8d7df1f9373fa27a29ec2c96bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5484d8383461f163455dc2725fb251e

SHA1
c9d1789d9199fff5c62d10ddfdf5c26396de031c

SHA256
9be6fca77ff8fb1901ceaa6d5afa41bd2575344d8c1a50365f91d67db2d6e534

SHA512
cef8144376007d9db997ea8fb8b86c2dda15b10b834e453d9675a05838a0f2fdfe9952772431fd1a41a84bf53cadfa4ae6e33c83cf04a079775b712cc5de6080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1643a5125958c3e570ca447035e4f1d5

SHA1
2e512f341f2a4f1b960a9428bdd33c382dffc4b1

SHA256
b29db3350a1225a0e18aa293a0439af858eb57fc6ccd3a05b78dfdf0e78a7258

SHA512
df62f709e5b1c6016c14e429ec72062b6bacf04af9787532883f9752aeee7c5f0ca74f4fa81b10a53c7849d941df07b1ab6506cbabceb2bab4eed1546ccb868e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55065184840afa79d3d30d2481e1be48

SHA1
d28469d26e3a937aba6f4bb217f45ee40e9f95b8

SHA256
e767776b516e83599937bbfec92013247ac1ef545b1b76ab274c6c27dbeac9d7

SHA512
9662151aa4aed36a4863979f3e28bec2c0ef69a4207552236909a5fb1ce05ac2ef5518bb50f0daedddbcf59a6923cc86132f7e8ea81232ab15f626909aa6b36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52950d7ff146aafe96448e0e41b73af2

SHA1
3513bd8d53658f6693b8f216453a9375a0d0e802

SHA256
0b078e492bd6050e9d728fe516ddd4200acff05194d046912c63ed48e7ffdc18

SHA512
f88c46f217712b916f01397c98df98f8c94bca99b4fc07cd2e4af841e4f6fa3372cbc9a779107adbdce63bd0bf88c1ee34f825ec4a03338df0bb582a407bff78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5102f2a452550d11f04fa720e54d2a84

SHA1
5fca3411b8c30b9e51022093cf2bf3b5707c5743

SHA256
1c9299c834547e9f0cc4b9c7dba07fb15957e705464d00ef0b871b11fa4273ef

SHA512
be02bb80f7946f555082ecd98a8e74e3d89e3781124b2366a09f9dffeca016303bdfd74485ea3f94d7149253c0f7afcf7f24b26cdf1f97706cdc48b21ad91531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bc58262f86e49032cd0ae9b2654b78a

SHA1
54d74f7ffd8540ac0a338d4c49c817862de31146

SHA256
d7947a51adbe40343ecf793d7b16a1248b687f7231bd6b1ca6beef70ab8618cb

SHA512
de1283d83bbc462cd13766c5b999e6961358a97217ab329059bf49574a990049d7faf611d0433107f7f3a3cfd90b9b3b4c499864f927ea497fc47a8cd26a5ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
306e71e3703faf9abc3c970473a2e60e

SHA1
4a07cbadf3d75a12ece81bf7cef982e774ee7599

SHA256
8ee5bc070b5722f18395aaa0c5aee9638d04fd0dddef91539c23282aba551b12

SHA512
e86b1cabcdc166ed4f1b79ec4e5f4c06be4bdc1c147866090d3d6678164a048419decf43106a5883c364c4a2c68bb7f8ea5983fd8e1b20e65f54ed64f6be4bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bb9f9742f6464d3765172dc8635b40a2

SHA1
5f084967fc56d7f75807007f224ffa10ce363168

SHA256
86ae0173f9020bd8dec129252d750220fa81991634b986efd4d62f9138ad5be2

SHA512
38388079401d68e1794a2e0d3879b873544d6a534c9c06a2a58ebcb1c20e3c92876d0945336828188c56ee7064ddfe63acee93c01d2111f17285e27e7c5f3888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
a89122afa8575c60ea6eabbf4c55bee4

SHA1
b790ce0cfd8d6cd9be4db8b1bfcd8079611df739

SHA256
8a7f64053f6c87b67f28a0a14feb95f021c2c4760751d14916eada40c60c8472

SHA512
1964ce8655db33d0b6fcd40b0a6e7e1dbd7425872d6b8262ef74c0bd0a40c988e87b6e8986bdffdf2433343b2bea99c32b4df20ae2f7bb21e0fd33068f37793d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
3b3c7b7a383709039d2763551401e0fe

SHA1
b0b7e2b239eea21b3f6731dafc1fe31170db5bb0

SHA256
9480e9f1bf70fbcdfec649a60f896339c7cc28eadccb10f17c5768c06080a86b

SHA512
1ec69c1335c00191e7f5878bc615b99f3a7592fb335ddac56c516b1312ba74891a15a6d9764e8746cc21fce2a1f26e035e21a120d2966e58f71f6060dfb85ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e95b562234a79776f8531decd1b2bafd

SHA1
47dc88482aae7b240994784a8cf2c290aee96b17

SHA256
96c5984597f912e266af7cc193154a6977d7f67aa505c42e125a40067d8af6c2

SHA512
2faa023f28da501b65feaa1c76861f5de4a137cfc349d5919ce66c9fa4d13cbc2f2951d63e58ac871b3e36c58492e0119e1a897b755ea556280e55e8da9bffc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa687a699cf8566645f881d90dd167f4

SHA1
b4a23f12b2a444b6b897a6b353cd8cc654929b1d

SHA256
b6c27dcac90bfdd9b4c5d081ea39337f1ec9983f6f3a12cd146d0acd43728bfc

SHA512
ce3a5a196cb8cef56dfcb091eff9ae85ee454533e0bed837f390161241f6e833d6f68a4226596860ea17abae56107087f1357faa938aafaf55aa909950c17255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32a7fd1d39b9d29848ae570566a15456

SHA1
8aab407615183fa33a54a17f6402cd10520890c5

SHA256
4628c5e7da8eebf459a1129c3ba117dbfdb0caf1ffbd39610c630e5d01528a45

SHA512
62ceb74555f4ba2d10e719c201ef8b77d1fa83557aab690fc2f4b90aacbfe196c7072ca5bd02155ad0c5b716ada9533c4df28d4df78ac173c2ea2368319f0f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cc2502cfb101fa5b2ab2b21dadba48b

SHA1
2060740278e253835aed93445a962cb6359f8e82

SHA256
e4f81b30abb27b9d4ac28158de4fd3a220bd3fc3fa79c6941b2bf83bd572f981

SHA512
add7ad0bc3128f3d34652ee4b7a1804f2cd41b3b8d2acf25b5c8287a333cce83fb53cacc34834c7981cde4dfe3159b8fcdb366ff3bd15cc99be28de874ce9e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4490cf97e7c570ea8cea016342a9036c

SHA1
906acc32150d4174ee3f712da5e903b6faaad595

SHA256
744a0a220bde312f306dd2efb17687afb270b1ad6cb799484e501125f5e95254

SHA512
f49838b1bf00fd3fc9ba7d9414d8de6cf772076914e951e4cf4ca57b3127b9e5272d4ee8b49b891a81652cd2d6c0c6540f37b7ebf5c79dfb3c144209e4f52be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
030f38de2884202773d0c4b9eababab0

SHA1
ec77f61549fa341b2a781cb038d66d08195e0f2c

SHA256
1a12764ec5b704899820abcd03ad59cd495c436154130d18a780e843c9c26e0c

SHA512
a36d571c9f3e4644dea1235429565104943017308c8526e3f45758d44fc6df1f09b93d72835353d336f30bc0b9225b422a7ab48abb09ee00d406fbea335a380c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
fd8a1629bc3a16a2ed7f4a95d4cafc56

SHA1
933850262648593d369330f5c9b99aaab761bf13

SHA256
469239d13ff58400eb0cd69328bf297219ca48d2f6e40588d2f6f37a4543168c

SHA512
127a2ee40fe8f0972db4e1925315c990831efc203e22eee2edaa1bc681619989d6f3b5c17242936191cd683513c9a57afc8b0851f8f1e5cc2816a87d5e768a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D3A.tmp\9D3B.tmp\9D3C.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
8KB

MD5
ce53ae4db36cd573e8b03ae7196eda50

SHA1
c797ceca40c0d0db9c7f4939fcff118b04ab7b8a

SHA256
0fc79ad1f1f50f7812840c9566e23b6776463c62795e243c37dea6d80a4bf479

SHA512
e58dfefbc82b5cd604ddf8d82c6a6eb38c558f7018ad40aad908553391282aec24520cdd48896d108661081f5cacaf9f3f3648d4d0295428799bee065c316a29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
49534137fe82b7f1674fb2374418a1a2

SHA1
3c358a1773d4df60e377faf128c285c0153e0edb

SHA256
5a01d4025bcfaf92e945afc49263a5ad77007403f5183efe46fcab29f2f6aace

SHA512
1e595e008f99d3888cd0a9c06ed69eaa980fe76c78919f4877fa902bb6c4443eda67fe280c88bd6d964aa302a3fc856a9c1580af943f4eb786108a3753df9155

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
9b5abccb15286ba6b3f26b0237240c80

SHA1
3ea8a3d4a26b4184abc30bd5b80d3f808215afb4

SHA256
d3e37190419c43a835fa67089263a750e81d96b378f4689f29946aa40e876c8f

SHA512
6ca15a3b73eca0eab2b9841f21f1718d64bd4229b6ad2ada7e123d6422aef07109af7a11ad3cbf1b74e657099d23a2af78b4a6f51b1815174e5f2ef3c19f3bf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
175e39019316eb801f28122f2925ee8f

SHA1
e5b5d27c1f920d8e8ecd6ae8b55dde6f8ae50dde

SHA256
649034cbfd83a49fa77e11830aea39b11d87ff79163ca2924d3091b6c6ce2f08

SHA512
4f5130c1790decadf952c726423176aa416ba7e8afecd023af67b0edbf0817a1aaa688c0ab8eb0434c2ff589b95d0cfc3029d4d10862c4ea86d78119840f25ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
cd238ae56d32d421c11e84ce658c1a32

SHA1
d99427feb7497de3116e63b0bcfb1915c420efe8

SHA256
7c20c6cf571eb34287adc4ca75714557b33019ad6f4996456e4ae57efbf1ba96

SHA512
427d4ed51b523490f5103b837e6af32bd7c55b64fd11b29e09328b5a6daf17211db5c9af2e2401519a37593a2936f01c548a74f325dbe1d1018b21735b377e0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\80f36c7b-74f4-4e43-b70a-5e24265388fe

Filesize
25KB

MD5
23eb3610fcebfbaef64475ea40ff216a

SHA1
3380a4021a5390cd931b56459fed7941f2492265

SHA256
0e8630fc7b748af3d37095f561ff0d7e882a872050328c813bed3788c4d0144f

SHA512
c397d0727d857ca635dc9f4350c0e3f0cd302cf3d765e0d42ca5f1c8198aa9babf4094f10a0beb31706d627e4c9ad7a98b21d026f85a0d1fbfc5c5c048dd46e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\88f81105-c6ae-4848-879b-e62c4915c2f9

Filesize
982B

MD5
cab08944ca7808651f1bb2f2a4df95d9

SHA1
64abe2e7c320f2aa03355eaa3bdd43622f02f34d

SHA256
e9826d44e8fa9cb8283700e94c6b9d48a031d4299b32caf998baa3eb9779b2ce

SHA512
0cf1bfb96104787bd929f802ba473218d5b589b84c301775c1fb0adb98f35699744bd86777cfd3d3575b3fbdc43aceedec11ac345dadeb5407a0ebf4ccdbe2f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\f0738063-8ae2-4d0d-a621-9b3cd86c4c71

Filesize
671B

MD5
1d355a3ee89536b1fa29d871d21a5d36

SHA1
15441bcff0cbf877f192f07d100ab31b4e905d55

SHA256
5b9e18eb4295e1e0ac7508cd1f5b6ff21c9e20f4a6008bf193213cd6157b1044

SHA512
88ac1b23fcfcb036f33a99a0b85562884a55d6ef7a580a1556aa548facc4f49c48a7c97bbb054051b7220f5c2074c83b1e0a698a94e9793311fc6d1393359ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
12KB

MD5
044017e6cefc9b59fd3fc47aaa275905

SHA1
ac4a6069966ca0e4686aa43fafb9de762a325107

SHA256
dfc5b385422d00516f58e43acc3294a5d21cd7c0192c6f34d2f5bd1eb3f9fceb

SHA512
66007eda52a389cef6279d59c4bbd119573d8759ac6d3cd6523ea0b1f2e29dde3626e6fd85811d1e7cb18e152c4d2147046d069dd1358bd44d3ef46d85fe0ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
15KB

MD5
5d3bb78dd90282880a3d8e88a4a58554

SHA1
e4ee718133a7c0426f2a165b5bbc05dbca4fbcc8

SHA256
43b8aa20e3e1c46ffcf174bf6d2a9b7623d80aea0f1de563d152201ee048d0e8

SHA512
c7d000d132c745e4c47362c88a37fabd20e7a74339c3b61d9a63e50e4aa0895f4d00402ee959bfad71d4f764341ea94fef77b8135320212333e5bd1b2caa6277

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
10KB

MD5
2fca4641b88246a82f66bbd2dd2e04f1

SHA1
d289e7721c4a8f0330ca738a3a5f6fb0870c5646

SHA256
020465bb83394ea0e8093100c6f0fc13982d6b177cd1484af18d8e74cbde9eac

SHA512
deb8006be1174e59b92985b218da58d3f40f4cf4c898968fee01ce605ff4997bf195a14de0c80d2d2ccc6842de90c37d625ea6d0339c58ace3af1a7cf1578077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
9c37a1af40e62b3ba0165dc43e7b3350

SHA1
b3a6c400e95fd5cb20f8358fb45d5a56cb090d44

SHA256
2aa1458c94c9222f662e94f2e28b31e7c6e739cafa2a0bfc9cd04bd73000a93f

SHA512
81cf9149cfbcaecc95c40a65a23c8b17014a984e6f2e51b1207a387c2ce0d16fad5be56cfdf334b9dfeea75aa0207c2c5dbd9dd1de77f8cde415f5b02133d91e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
04ebf13f9766724d0978229b395218df

SHA1
8668f7bbb43b912d2e9cdf7c4f53d2671dfec982

SHA256
6721c32e82e48563010f32a5496ab66a103922201908544ba60af346e11cd5d3

SHA512
681eff08e437cb50a4c3f3661988f60c2a7474ea94e990365f9042a758aeda2ae24c1f1ffe6be26f3b5f85074f25de9a30d6d24315e826cc02dab94cebc19310

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
968KB

MD5
c4b5917e0cd1dac618b1dd539391d833

SHA1
9eb1d19cf50c15cd66032aa9ae857790f31ad425

SHA256
f9e47eef9b8a6bd608133a40026fc2448800405c16012153df9f2bcb2f649a13

SHA512
49fbf87cee165c0a3543749413f455c19f00c2ecc34c336fd11641b4ee02c2065b0ee9294efc282295aeb5e367cca3e763990a8231dd8b691c36f3152dc69a4c

Download Submit