f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 15:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe
Size

89KB
MD5

3a0b6c0ff551feb862798a443ce9a20a
SHA1

d5a00fca1f8c6ab3a42d3a79ba8722a204154fbe
SHA256

f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256
SHA512

b026fcdb7dae895a1a836c9412215fe42e3f53cf69ce750c2798ec84a03fdf597385171d89152ae5231bbb8d403a58e73c1e79e20dd7422835aa3ac3ac23316b
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfoxrHO+:Hq6+ouCpk2mpcWJ0r+QNTBfodx

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690730765554771"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{CB66A4DD-F620-4B03-A500-8394AED671C6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
4084	msedge.exe
4084	msedge.exe
2748	chrome.exe
2748	chrome.exe
3460	chrome.exe
3460	chrome.exe
6808	msedge.exe
6808	msedge.exe
6808	msedge.exe
6808	msedge.exe
3460	chrome.exe
3460	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1420	firefox.exe
Token: SeDebugPrivilege	1420	firefox.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeCreatePagefilePrivilege	2748	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1420	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 1392	5080	f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe	84
PID 5080 wrote to memory of 1392	5080	f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe	84
PID 1392 wrote to memory of 2748	1392	cmd.exe	87
PID 1392 wrote to memory of 2748	1392	cmd.exe	87
PID 1392 wrote to memory of 4084	1392	cmd.exe	88
PID 1392 wrote to memory of 4084	1392	cmd.exe	88
PID 1392 wrote to memory of 2452	1392	cmd.exe	89
PID 1392 wrote to memory of 2452	1392	cmd.exe	89
PID 2748 wrote to memory of 4496	2748	chrome.exe	90
PID 2748 wrote to memory of 4496	2748	chrome.exe	90
PID 4084 wrote to memory of 4360	4084	msedge.exe	91
PID 4084 wrote to memory of 4360	4084	msedge.exe	91
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 2452 wrote to memory of 1420	2452	firefox.exe	92
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93
PID 1420 wrote to memory of 2756	1420	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe
"C:\Users\Admin\AppData\Local\Temp\f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7455.tmp\7466.tmp\7467.bat C:\Users\Admin\AppData\Local\Temp\f67dcf15535081c36eea82ffda8ff3703c0467dc2effafde1b9e761f6ad11256.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff379bcc40,0x7fff379bcc4c,0x7fff379bcc58
      4⤵
      PID:4496
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1724,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1720 /prefetch:2
      4⤵
      PID:4544
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:2996
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8
      4⤵
      PID:1128
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:5348
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:5360
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
      4⤵
      PID:1960
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4708,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
      4⤵
      PID:5792
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
      4⤵
      Modifies registry class
      PID:5452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:6300
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      PID:6320
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5240,i,12844836811887955303,17612634524883918124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=844 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:3460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff299846f8,0x7fff29984708,0x7fff29984718
      4⤵
      PID:4360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:1520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
      4⤵
      PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15842577328181407066,11998985575682860151,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1420
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02867189-bc32-44d9-bdfb-1c192d1c2c98} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" gpu
        5⤵
        
        PID:2756
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18df93b5-7f04-4439-b8d8-bf4aeb249544} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" socket
        5⤵
        
        PID:2388
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90680839-733e-42a4-9c55-0283144eb735} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:3100
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 2840 -prefMapHandle 3180 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9391946f-b04b-440b-92e9-bb697e8cf413} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:4160
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97fe0dbd-ce8b-4ecb-9d9a-49466ed8a67e} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" utility
        5⤵
        Checks processor information in registry
        
        PID:5872
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df1356a-32e9-4aa4-8b69-8ed541c439a0} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:4868
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd049fb8-6651-4b04-86c1-74a4097d313c} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:3656
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5612 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c9eba36-acb9-47bb-8ed6-94b2ec1cd213} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:5968
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5944 -childID 6 -isForBrowser -prefsHandle 5972 -prefMapHandle 5956 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea1d52c-5eb8-498f-b530-1cd955c01760} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
        5⤵
        
        PID:6476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5160

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e317d760856e2232ec3f02ee6f6498dc

SHA1
cf0b9c9f9dbb996b06d5744e643959a3966d098c

SHA256
b38c8948b3cbc7204201b33ace52c27f852dfd21f0c02038b64710d57ad33d4f

SHA512
e05abf73ca1acd7159274e3082eb8ad16412dd3b660721488adb7d8a49c0339976a6c5b1d8815a88fa05bdab3c43522e152fc518ba0d33e5995f9eb58a453d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4b5fa94a794786460d73dc082aa573a4

SHA1
5f749d20bc8ec518262881357e8873d583501e44

SHA256
94d0b922580aa54e00d2b41945302d3d6df981636cf75997b503ac7f5542b85c

SHA512
ca2138161cb5613f509ec37626f8106635bab3317fe4ec614e762490af14d267a07090b50c09ca190d584806c5c617b4752ec1fd83e4af7fd97c6092a22f423d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5850e67e039eccf0cae9b1599067e1f6

SHA1
701fbc6eda9917cdf63a4f887dff99f7e80e94a2

SHA256
9a3252d5ebdf23374843b7d857bf25fcceada2e071086a84882c98f7126a5f3d

SHA512
660aeb31e38eecfd084b992472a7d95348d0606f298c7ed214f04f247c1e848eb84d8df28b0b1e585712fe786f51ac270fd85c7d64f4c604a34284737c7251bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9c821055c2203d84b141dfb86e774aaf

SHA1
c2a67d8acdafd70b659eb7827cac7ffd2639e0eb

SHA256
b418b6907a3d50c89bc30c4564c850a6a606315633b1986c8a739ce9f6b8357d

SHA512
d6175fd4c83594e27cadbf88a53706acc07d16351c8891da9d69fd477d84aa3c7a083da1df0f983fba5cd8aa5f47ca8cb730c0953687f786c3f6706957902653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e8fa1b78cb505727f5b95d62e84198ea

SHA1
772f3c3abd89df0d5a8b18144d381d0dc8040719

SHA256
53416ecfc25c4e61c1ae415b7ea3a4030d816b9c38363347453b20c1aa8dbd38

SHA512
20337989effc31862685ff7f09b76b6ed06b3a2075af53fd9ffbb314730fa906468a3a679744a218e37e882027e9d4ed260bcff06ce273dabd93d7743734a774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9b0dcbb80ac699b558a2f2fb48b53e7a

SHA1
17a90c0c46076be79a2af5e7acac9c44da6b9085

SHA256
679723a5d7a3705d4038b0a30cd4957fba5825356f138a148eaaed719b4d7530

SHA512
a165ac20b4b4c7255447635eb5f7edcb3899f55f9cfd8c0262bdfccabec6d1af9dd732ed45a2ea7fea25b39d9be784d6af7af45921b8af95fcfc297533230ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bf4a661502b8f4d229e13c2d51087ec

SHA1
647c085fe0677b3656812298af943976fc647a21

SHA256
5850dfcff901d9686053f8cf32966ca9d23aaac1f9a85948d89f90aae3a71f4b

SHA512
b1ac0b955cba9789fbc1c2f3c41b57f7fd0fb6746d42bb66bfd54addf3a5b280beb3e061d20d427e81bb5f5d3893a0010def212aaa4b5e76e6c2f36678999f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cc8f5cc112c0aa77672031035800ba0

SHA1
1eff7e214744e6491b3f1926827a7dd9dc0487c7

SHA256
423dea52c357f776ad30881cd2475f848ed43b30c9e4fd9e981e1138460c61e7

SHA512
c488528289f5b85e042c8d7bb702ac996d5ee266b54cb01bb3395088996fcbe042b7c513d3b61cbeb968af31223199f9b20a3e4fc403830ba364e2fe65274fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d9fc092b6076549b13fecae8d28737a

SHA1
f1e49692bae178150ded17cbbf6bc5650d5c4881

SHA256
106fda5f5447e284831ff4126b66e10afbca7b2a706cd6cfcd1c8147e7b9b135

SHA512
d421f2b5f0b86fb0a67da5e2409e5314b8d84f0634eab28eb8c92e40c7d2ceb77db2382a740ac47965a72a5aa30cdaaec42d9068d755343591c21f3f3619614a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba5d6d0c53b7e7ba1983525dda55bcae

SHA1
3352e42dfc7dd86ca8609f116d433f1751bcd11c

SHA256
a1d0794bee7ae218fa4d0ca82f29a3bdd785161802e6e55794df6724730936c1

SHA512
551bb63d18e7361410739af0b20fedbd49ff0cd09ee38df0880e55269f1b4975ac4c898b30ed96145f02df4c1991e217270c924f4c04e1ecc26ee6190abe52cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fccd580ce829d3e09fa9da0a7f30a1f6

SHA1
6f5b4caa3d65d2f04eeb8f37697b411832d0c891

SHA256
0b7044282324962e2ff1f72cf59d3b0296bfd806c17dece6b82718eb30dcb31f

SHA512
45d8fc15848e92adb5b98537d69e452d357f35ee2bd7c530331c457270b3b4bd17a4dc25bb6570168d775914053433a2d95475d4b1f4431de62ae8ca4193ee41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c55506f5c177ef39dc4ba6a59f6f8268

SHA1
d925c1b22891c9ca85e0900efee07d15ceed78f1

SHA256
dd5df7b452fb007233831615b31b6a8aa18e4db00b302c15983bc586f853596f

SHA512
4068d60a0fe3470aca55e8ca52bda85f1c1be2b5b9c83dd8e29a4bb2908c4b8504dba44057944797f4379cf0cba53c03f7c23b0d7649d7706328d36b8544271d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ed9088f66e3fe532a769315c917a298

SHA1
9a85876b6557d4a79b50cada912a04e3984a2ded

SHA256
704e02ed76012cf8617c2b2bfdbaf89dc61d5c03b0bc65c4ce3740ef3b6267d2

SHA512
bebe9eca9829cebe2a138d90502688ed8ea847c8179209613b84487975ca4ff2a3218cb69cc139f300bb5712f199df5f3a67174014fa56447a5c990b4cbd5d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99c46dca7cf22900057972b560e299d9

SHA1
f6e08d9938cbbd8dd56fd6ce565872810c64ce28

SHA256
485d9d4eeaa539f8e37795fe213870bc3bd5f71752759d3bde3f2d81982c4960

SHA512
125af369f5f84675c448bf29a853ff56427381215c4ea7106e9f92929cf9858246b56743363292e9b9d7e0ae44b880ae7828c99a4f66630040c5533059ec7fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e30ac1d6677b585d3701a514893abe2

SHA1
b42e403885db503db1088df68bd87db84199df0c

SHA256
0dd53191e25e8bde052770c6812533ecf52cc19aee8bed01501d56ab239f0c61

SHA512
46c2f09d3b41e3aec576bb1ed6311839b0b02bddd90625a64e9960b5aae4d3cbce610669203cab21e90923a65630ae16f5356a40a083a3cf1874e403fb42afa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1583815df00f7cbee93533e652904084

SHA1
835bf4e53bbe40118eb588d040a8c58fddf0ff23

SHA256
9e61434fd1a0ef71cc65e92677d349cf8687eae5aad75f557712063f30ba21b2

SHA512
996350f7d3ebc7a905ed378fd53e2f8dddcb7bd981f72d3f1328ef06841891d76d4a043c744d1807083a232a626a2a90da7eca75f08edbf7a4e9963f37d3b713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
383e63c45694bb9f36775717674fa3f9

SHA1
b84c1a754393aeba249493672dde4d15cec68fff

SHA256
7b7e3bb5b800b65fb6c169e2b9e150c6bf70bf797e57b14b983ae2a63789803d

SHA512
dec1a860db140ff217457a38294993a35122bb4e0c6aa8c3780f41a199469cb5cf17b0f2a08759cb0e1727d3fc7b707f2deda61480d70fe8916441ff08a41892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
ac72354c35304b944a705506ab585f0d

SHA1
699a0ceea4d0265544aff2a880c73220b2980041

SHA256
3c3c880e137107aebdd981c718c711b0d6d596b77acd8ac35b17cd509f94f0df

SHA512
eef380af641dd464aaeca134a4a31fcb8965fa45ed8c646800e96c3d9bb65f345ed709150ce1124e08198f970919fab13eaebe37f70841832da850c3659584ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
fc4de67226f9333e348c5ce528b54a4b

SHA1
39f9e88cb297cc1b89d9982e2747492756368d23

SHA256
797fc50cdd8847d8fe537469ceb436aaa66f6d93c7addc5c1da3f10d4d6eabdd

SHA512
ae139472b9f1e4305cd142a6b4c300c820e11746bf1824b3eb56273e49d0f99fb8050d30085a5924cef78d79fc28c894f9dce75c33b8bbdfe013811743a19f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ba77f99beb4959367a65acc092ede5f3

SHA1
fe550e21606a989a235f6fea6714e013ebdb66af

SHA256
3e8f8a897d3604f1275d005c5cc985633d4c8c48e4883ab884e6d4584dbd8c2c

SHA512
d409cd7f063204951765c4876ed3dfe4eba3c5ff2a882b14eab0755482f11109338858a7d197f60aa80dd987f168a1b6b4bceb78c4a1c0b65c9b76171388a75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6eb313edaf0a8127465fa3f0107e0b1f

SHA1
6136d38baf7d3694dd78f107f193003f53f151d9

SHA256
d5ab2961a15fde4ca1e72c9fc37ee56619a49bf457f02b21e15b598d829b7fd1

SHA512
a4f6397969ef2512387fd22c26f626484c60a436014233eefef9795880e49aa0dc2127e166fe95765a9af21dd55a85c7aaf7d1f17517c71e7fa82271b07a27eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed365d7080f021a318effc96c1ed805d

SHA1
a6fd7ff47c07ab080d44da3523bf4b2865cee34f

SHA256
be22edba3efce24add5245d4dfc31b3e1272bfa13bd6c2c59ad37cba2b1b558f

SHA512
d3028ceaaca44287ed7c539e4d702079d4fd3929933e500d53c1b1b61ebcf2b1a52e4b62384e007103330476d74d59ad0f7c2ff18d5200c0a6b0bf88b87abc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a8d1b7f25f275ce5f94c95101c49da5

SHA1
9142507c9af69172d9a1c94fa1cef6f21f7316bf

SHA256
95dd2f8001c35fb9ddd2deac12843fbe002a1456342c18f7444d3051b355f868

SHA512
9b65c52dca8d414d83248c042103d2402927f5e62145c8684983ba173ed85a311328d33a66ce0e63c79787c7c9b6074872ad3f8352a44f8814e37c74c708e231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fc06f97eae25ff2ef843bdf6b4a0992

SHA1
965cac7a65080a1f9816503fa77d717af5bb376c

SHA256
cfa0ef5cd2b9f7fa8d15214e51d666fcd13d8fe90440ead91ea5cfbb8c86ed05

SHA512
6ac31dca091c3d3d4648b3dfdc27808fb689d873df46facddff00b90615692c719482167c2404e5dcb8805feb35cdf342f224e5750fbe442d308a88680d2288f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d76f80efaf3b5b6c56079557eb137b3e

SHA1
3c8c4f260268898beaee400e29ec5be41c9bce0f

SHA256
66f30e3d08ab7cdafb41c59fc5a9d9093a275fabf9a4c40a2653096055d084cf

SHA512
628bcb4afd5eef9e9f088c9d5e26b8653e0a147d68ed58c141899da7c5e7a01c3335cf1a7dbe540be0f11a5ebfce16f137dfc21f7f0ea41f4c70a1ccdf28dcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598e1d.TMP

Filesize
203B

MD5
4c5168d94e37508b85ca3fd3b2404ede

SHA1
78bc1241bcff850d65ac346e033a31527d2894a1

SHA256
58cad273829e9a80f19055f3ddd89d0cd4f691b1c8db234c7aa35bb54ccef5a3

SHA512
bc7becb72e80af45f3fdf904aad7b11252bf41b2e672ff870092aa99a73e6bf8cb643e27ca40170b8fe58767180cd0de2b43d434142965274abf95e81fea062d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
409ece28e672bb2c54ae589edf185de7

SHA1
72fb9b1765c34e57f3c29e22c99baca2f0791e16

SHA256
6c65dd434fc30b06eb86076baba941aca427af8d8bba32a40a9a48db5e51a423

SHA512
4467af7ee1f353b2586ac9c738f5c478c018ac8fca73d11a846058a610f3dfac3e9bd31436b24810cf5192bca219d083e31d0eaad4e3dd6be4749fc144fadb67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
44KB

MD5
5b27c34cc84eb3b2b088667a700b53e8

SHA1
69417be993c7d32ecda789187bbeae3b7021f38c

SHA256
282338c089b78d31787fc8cd2be7185cf84bf06e5161f8a903851370d25e0b21

SHA512
059f1621fed0a60569ef1020a3d17aae1f7e21ba0582ace82c7eb1fb6167b436e14277faa9110759e6d46435fc4d1dc33f7cd57d4bccd40de3a0854cb2e44cda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
c8e71b552c91461bd480fde9e235740d

SHA1
f5700f72d664a5d08a10319ea4770ed3004df253

SHA256
cbbdce2e3642244141f0003dde93384e3fee6dc06fffd4037913f06c630157b6

SHA512
5caeec152c79800d06b5175d646807675b9a04b21699682e4932658fc599dfa7192dae78c3d181c1cd3766b99d22918e1e6fa3ca7999ce3a56a911d10dbea789

Download Submit
C:\Users\Admin\AppData\Local\Temp\7455.tmp\7466.tmp\7467.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
10KB

MD5
51e03c19d81f37903b101c321b2e0ca4

SHA1
a9de2386e2c2d5b284dff1871fabfb03dba705c3

SHA256
9a7acdb2ed09098b1a02b4d872965d4729b6fdb89af7c636974f2d7b7b0a983d

SHA512
25211037e396c5e9653de214075384e070edb2d148e779524183608c748f96ed667d36f2da4044cc7067e9e48c8871aef28036d27d54e017745dc5183054c85d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5d79c4ed35aabc29f0b0a2246ce9ce07

SHA1
6d69156e823f110ef3e768d56d119d43664f957a

SHA256
204571e293a1dd8a377af367053852386ba421b4badb5b5936330fe8a0d42429

SHA512
e3eae28310c8d4f01d34b1c60cd6f28617b88315cce14b7ec84e4e36261b1a2509a8fc8ac6bdb84bf3defff0b1f97caac7c822cf949672e378b8a623fc8cbb31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
fbf7b2ccdf89a0a5596b18f5850d50a8

SHA1
d6c544c8e728f77742ed70dbc25f7792af8ee563

SHA256
a4512297d3d28fa0b0b02864358068930a9dc0de8536bff85ad296fd8e779473

SHA512
f90472c6c0c6a0738ab907e4e8525344e8a485cc2e45a06f9c132389ed5251fe506dee6db8ebc5194d1998d444f4b30df1f107e1fe7710d5e8496b6c4ebadd0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\24fd9de2-37c0-4a8d-8ce2-e1e88122861a

Filesize
982B

MD5
459d5dc4a96a530fc60800a285b370fb

SHA1
81925c1f89a72f1fb6d0a072afc0c52f39e02d76

SHA256
a1e72882122c00f210c44123fff41245ec7f51ab998f54677fc228a39f0a76e3

SHA512
9f2e0d9f6b4a877ca074d5f2f3f8c30d334059c3af643a605cf2da63930e9e9b524663de06953e48e02a2bf10ee43e64d6ac0a69722702825d25ef6c3fc76186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\3919b0e6-3400-4e0b-b179-06f69e9f0cc7

Filesize
25KB

MD5
4f197f08e0282388bacd4bebb7b4ffd0

SHA1
c83302c4b4277dae0cd315040bed20b1f7f87669

SHA256
631d3783c3f71e22cbeaa5db5775ca8d9937bade138c63cdc9c1ddc84a84b7ef

SHA512
6b024769621086807b55ce1150f589b9f8f2300d150367e74e2965d03273275f4943ed5ca00dde060d8cf56b97566896fd405fa7f67b6a05cf7fe0d1fe277766

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\ea04f785-e405-4565-8a7c-bf6e8258d714

Filesize
671B

MD5
7a993c6551083aaea40f9d99ffa99ef3

SHA1
f8080d3b21722f858df0f80752b3c44fe820ec0b

SHA256
025546927ead8d98521356a0a25348b583a416d7a9360124ebc3df363d9eb974

SHA512
e1f64f15661b4ee00c6f4f0ade7bd6e26105e542d221af828612ac7e1048674fda721e9b32f0fc5e516c0022a80bb75e36da68204025fc1db8f9316a8726ad3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
12KB

MD5
5394fe680ace201b44af63a8738dc0de

SHA1
fc14a3b81dc5f118a2cdc9e60e32f1680c77a163

SHA256
173ca37194b6f58e2dffa7d91882456732b8c9b196a11ae2e9dafea64d7d4e28

SHA512
50db604bcaa46f98973396633f2a87926fce04dc67967b8d7325b6206d6df589d65a69e858810d648cab45c4cf53ff4523cac5d5ca8b9f18b5a90cb28818dbce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
16KB

MD5
5adfc268993e97aa669e809811885cce

SHA1
67af2a8a03dbad6c37a464dced2d65258b53358e

SHA256
388137265ef4041ebf985ed1b5ea5129961286d33801b9d57192379da92109f8

SHA512
2b99c9c93392bc3ec12832ccfe98b62b2142bb8aa439a597dd53dc99d6dcbff87d7a664a5836c9446566fe87faf969c296a236318a0a1486d12bc882e96ace4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
11KB

MD5
8c1fa0992af602656d274f063824224f

SHA1
6464effc83689be298cd58f19ea64b25123d6375

SHA256
e29ceebf36db6807acc944f0601a5c4209a1745be9bd0f23f61d2d98a5f6e863

SHA512
983383b86356b4e3e4f9083d3eed483b81715f745c9bc2b9e11d534799ab4829de359f7756742c4aaa6692ce2dce8fa2c2a117c35e594cbcbe3a6bc83dda99bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
11KB

MD5
bf00fb85471ada7162ede9bbf167d6d3

SHA1
69198a3d09875f82fcb53f5830c2c692e68b5588

SHA256
cde45be3b1dc781e63f6664abbe098b581b994efb48b2fbc0e9c5c4e195db38b

SHA512
2fa22cf569c4f6efe5ccd25e6e6c63e4de0582001e41d976d783ac0f248de48f65c9c5cdf663bda7791bfc3c8b45e8ac9cc726defd9e56827283b5dafc64db83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c53f92942b9808f6dc468ec8479d7521

SHA1
b2bece6bf8a2a4b707ab76eca6be772483ec2519

SHA256
c19dd64dcb073170ab71aae6dc4ca0b6e3fd81cae996154b2499c045cc3be480

SHA512
fee309d0b765fcc0a7affc89f28f4bc75b840004e9f0afdaab1668f19b59bcfeb159f9b07d09ca983b14e59e9eb1dfc1d0367496fef100682ba9246d9bf331bb

Download Submit