330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe
Size

89KB
MD5

c8dd7c78f947483b1413af77300d0d2d
SHA1

2ae0a454c44dd4a2816b2db6f2a77e5c19753dd6
SHA256

330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c
SHA512

af357a8a52cf4d68091725cc1fc3f6c06c8604f712d97a911d0d7ce075e98f664edabb763798a01a4aa6dbef9606cc82d83cc789384b4a62be7772e16dc9eaff
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfbxT3vO+:Hq6+ouCpk2mpcWJ0r+QNTBfb7

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697381078421986"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{550C63CB-6001-48CA-B79E-8E5973E42422}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
1940	msedge.exe
1940	msedge.exe
1864	chrome.exe
1864	chrome.exe
6264	chrome.exe
6264	chrome.exe
6576	msedge.exe
6576	msedge.exe
6576	msedge.exe
6576	msedge.exe
6264	chrome.exe
6264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2908	firefox.exe
Token: SeDebugPrivilege	2908	firefox.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
2908	firefox.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2908	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 4612	3316	330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe	84
PID 3316 wrote to memory of 4612	3316	330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe	84
PID 4612 wrote to memory of 1864	4612	cmd.exe	88
PID 4612 wrote to memory of 1864	4612	cmd.exe	88
PID 4612 wrote to memory of 1940	4612	cmd.exe	89
PID 4612 wrote to memory of 1940	4612	cmd.exe	89
PID 4612 wrote to memory of 3772	4612	cmd.exe	90
PID 4612 wrote to memory of 3772	4612	cmd.exe	90
PID 1940 wrote to memory of 2648	1940	msedge.exe	91
PID 1940 wrote to memory of 2648	1940	msedge.exe	91
PID 1864 wrote to memory of 2672	1864	chrome.exe	92
PID 1864 wrote to memory of 2672	1864	chrome.exe	92
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 3772 wrote to memory of 2908	3772	firefox.exe	93
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94
PID 2908 wrote to memory of 4448	2908	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe
"C:\Users\Admin\AppData\Local\Temp\330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DE79.tmp\DE7A.tmp\DE7B.bat C:\Users\Admin\AppData\Local\Temp\330cb53bbc0cc7d82f5775d5ea6bab0ec93146f7c5302ecac33c503ea7f73f8c.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1864
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffec166cc40,0x7ffec166cc4c,0x7ffec166cc58
      4⤵
      PID:2672
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
      4⤵
      PID:3748
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      PID:528
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
      4⤵
      PID:5100
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:5140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:5160
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3632 /prefetch:1
      4⤵
      PID:5224
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4708,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:8
      4⤵
      PID:5312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
      4⤵
      Modifies registry class
      PID:5604
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:8
      4⤵
      PID:6200
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:8
      4⤵
      PID:6240
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4960,i,16185686048192894161,12358787532681137639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffec17c46f8,0x7ffec17c4708,0x7ffec17c4718
      4⤵
      PID:2648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
      4⤵
      PID:4844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:1004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:2188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13107080279026829062,5371868013453493699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e0969d8-5765-4d7f-9ef0-f6369368878d} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" gpu
        5⤵
        
        PID:4448
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57e61f50-b858-4f49-8218-a26890ec22ab} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" socket
        5⤵
        
        PID:3252
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 2724 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d5dd507-2578-45f8-9689-fe687d0f61c0} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:1128
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3016 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {150f9200-98d4-4596-9c78-e458126792b6} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:4408
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca9cf626-37be-4e2e-8f86-220feea5060c} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" utility
        5⤵
        Checks processor information in registry
        
        PID:5772
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {032f8bd0-51e2-4509-8560-bf4dbad3ea09} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:3276
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5516 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf3e8d86-034e-49f6-884e-6d61e350d2e2} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:5996
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e347f52a-bf3b-4ee2-bf02-0808fd5da444} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:6024
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 6 -isForBrowser -prefsHandle 6096 -prefMapHandle 6092 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6efad585-5d60-4342-98e1-32d5f61d332e} 2908 "\\.\pipe\gecko-crash-server-pipe.2908" tab
        5⤵
        
        PID:6296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6faa7d82576a27e5a5ea62722ba838a4

SHA1
f385e42e6eea1520d2e45a51e31291f195263a11

SHA256
cd9965278adbb62698d4c799e4635a4520601a2027dece09dde9554ad02b7c76

SHA512
74e9ea7306192bad1d29f73a9a17528e65a61b35069d22cd716ce32777930d2a211f86a4d75a4d650ba8364baecf99927c0354ff089fbd7f8c63af9deee13ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
5fb4f96f7ac4816da58675cab585528f

SHA1
7e2558245d13e5201fff2698c1e0855ba356b85f

SHA256
fe5ded39a20b9e63370ba1240d754e067a1e7e6ff374cf1599d8018882842bc2

SHA512
47d2d1b6af1e4037915d5fe690e8dd8fbf2d157161841b3f590574afd485c05590a76b0f8147fa33d6077c0809c8377086cd44e5d4a0f40bce830d3fc98c73b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b5bb3ca6ea7baeb74ed7855f3c219c1f

SHA1
5017a1fce63465b986d94d761c2297a3ce3007c2

SHA256
7743110371a7ada5f884ce2db244883de1211186a430f23d14e329802dd0f63f

SHA512
3efb76670be5e0a08d03a7a9693dbbe2405afdcd522fd2a50b20cf8e95653044ac63b02aaaed0522da2cf63e5110e59b19b3b8c90c265b8d393c52e048db0b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2afeb7edda80bf155c16107fdb65ca0

SHA1
816cf5077a1581ab6ed5f3645fecc54adee8c823

SHA256
c8514cdb95a172b6fc7a82374076b2573d9016ae8085b95da8a9e11b18a607ff

SHA512
608d5dd9a273927ae3f0831e2754691f8f8b04aa88c4ed3035f644deebfe621722be41f01bb0361fd58aa49376dd182f742ea8a56dadb710cc4379c657595d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ccce53140b78f76cbd217e4a74806ca

SHA1
e5a10eb42f9bf2cdf06eee9339f129a69dcf7676

SHA256
2a19e3e195bd1120f4685bc5a159395719a0e1a9b7d465da0411d1660708feff

SHA512
98c028e2f4ebc6b90526b9e33b9bc457cceee05fa7fafd87b38c9961eb48343f3633e8860c4a3ec8d711fb3a15a3d22bf790b29de462ba1b7403037f68b90833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
42d562ea2f0a130038cc5a77b9f7f459

SHA1
d8dcb60e3253e921d9871953f1324a75cfb36b90

SHA256
69e95d811939ec9004037f0ca0c15d854b416952e3bba3ae4354e962451f08a1

SHA512
8bdbb8be21011b27388ca116de67f7133020a1711650eef87bc287d0352de43424bff52a08fe912457eea1e7f24c6d3862f9724343f774e7e531382ded99e49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f20b7a93822c33594578019aca7a097d

SHA1
677fc0cd4b0e18f9485f513312965df5c7659599

SHA256
26c3add565fb50c3bf14c1ebbfd8e2c046420dfae2bd0739ed5c57195767fa20

SHA512
e809b40815a41a5b203a6fba5d746866883d3cdf55d8a1afc6aa3195370df3b19b0686b8cce400ba95e61244fe0f338e399e4b7de164848f22481925533a2572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1cba66b168e26d347b7ecfc2762ea6e

SHA1
a65e5ad1aebb117f60a5e9cf8d587c765fd673a3

SHA256
5c2fa91a495c15c19564fae7e9c3699cc0dd37cc579528297320f577020390a8

SHA512
f3b2899157f15f763cb3f7da6b04d6099241fd2089fd89128f9f56f6f87cc5631ff03563fb3021c9a2ea89a91d3836705f6fb9865ab3d34a53318df4dc5cab38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94bdb059453b7d68f0d6a262d46a7709

SHA1
dc3015d1919153612c78cc2d4d05123a9676c4ea

SHA256
a7a6d337e52abc878cc84d8de568922b90bb9d3aac7a7de89d2f051f588f2d29

SHA512
f32785efd3b15f3fd7e93336cca7501bc9e11433ce8bb037b5116e882a6fd5e58df68236a65aa7783e583c9c794a0c942aa9bfd9b1ae7bf5917878be745e00de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7e62415928a2f16ac0a81c648580b2e

SHA1
b2853c3327e334577058f05f1e7953ccdf95be51

SHA256
3ce13901ecd53f08234db845f36aec80f237af0f761585576978b346a2a226dd

SHA512
a81867f9e80c80a3bb8234de28005362ec913ef3263fa4bd958791aa55663c300ec2b1272413ebd9dcadf47aa0e1bd52f6bc8ec416eefa5a6a1f542e3897a329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18708396e98902e6e3c76ec565b2ec0d

SHA1
7e0158debe0eba9262f12546557b412f2e56c729

SHA256
86a6d7edea2f0f5a4d92d8cda3bdd6a4432a4c5bb8da94d4ce4c9b8782c618b9

SHA512
c5ec14edc9218d0785a7d1153ae86467df1b62448382860b9b40f06666da07f43e024e27b08aa2d9f9338b9334d1ce49d34bf15cb461e4a8b93e7b82ca669321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
695bf0b4abb935b321a639184cabb164

SHA1
8e08273a666cb5d9373187c900c0a6cafb28b18f

SHA256
e27508f7386399dd1ead5c5fc790f7b2137767fadb334fb6da3b618a8f07528b

SHA512
577e6dbbfa2d413a58064f5a63f2209e23cdd4c919f061b5b0ea89979180ae3a3cabedde89719aac6a74cc7c51500d6cc57397f1ffb83f1e1d0afb7f926565b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08c2c759504969bc5f9b088f4dcb185d

SHA1
58ce7ca9e525b53c2edccd9c3ab4a9fc5e702fef

SHA256
a1860b185961005af7dd670ab4b82ba774d0c86a6c7e9de0b50ae53ea2003a35

SHA512
f095249586ff8a982defd91b022b53afd19be25f5b03a9106925d528572b21dfdec11f167d593accb9f34d39b054fad4eeb204b7e34d052c029c0b9add8f7e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43fe0dd91df9ea5fc65857f776fd154e

SHA1
a573f705c8bae3bb21b3af4569fb073c4f27f10e

SHA256
a4a9eb229cae141b31a7f22d359660fddf93a17d9c86051380fc5d066b3412e1

SHA512
9614f4a1af300dbe2f6a1b05c7d886ec60d57e55374e9c97c684509e67c6a4806599c4c380276bc90df5cb1b11ba32498a12899ef669ae47faaf1d5c95d0cb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
441e383eba3899faf4650598f4a6bb7f

SHA1
b02e20a59c6a393b5679c4ce5c0e5425cdc8e3c3

SHA256
594d9cea1e8ae35a4fb3bde041b60f9ae3a06e96d45b4f0774df2caf44c085cf

SHA512
69814ec162068505fb090cbee73493eee8e8765e132071752b31bcd620e211645194b716b974af7c26624b99282f75284d1ac9a3ef5b5f69b2b24e82f0fa217c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ba26b87e22039a26db06411ff369de84

SHA1
1c9f0b64b11ef6086f15a5a8f6057758d680f1eb

SHA256
bfbf5545b809db1a24e1c5431c4a50c42df549303bdb1ce11db4303a264a5257

SHA512
f605483beca49f3528852cde113145d91e98ee877399a17f3b56764f7b8ce257445ef4bb754fe43d36f8d80d793bff520ae0215e1c023353cc54b7655d02b087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
84d6beee8a1bea113e63b37a0bf7e0f9

SHA1
67a285ce89b54f0176daf06436d04690efcb3fe9

SHA256
9243ef6b725e3d445aa1aa2d840583201f0a54c1fbed988ca5fb7d4ffb946a5c

SHA512
2b2688984eedad12abfb17f9b1bd10a502d85a3dc3af1ae2c88914997e562cfac5b1b2394427e979d2dc8263691b6d250bd077515c644321f6160bc1ebef3e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
7c91cdf26905134922dd8dbc86bd2724

SHA1
d5786f06a41eb40d83d4db721cb6255ccaa77459

SHA256
266d778250ae400bde3c0029e27f38290e5ed05c13a8e009721b1804ad899219

SHA512
e2285cf5007e410a9ac88f6f82cce24a74ca0c551badfe0ea281b47a196848aac083185ef1db511f53f1781a4991f90ae96a6b275b505eda53658191d0aac102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
184KB

MD5
2bcf794218c851fd9f5a2c32595cb1cc

SHA1
425e0835d02921d64fe63b98c5f158582dc21621

SHA256
5812fd663263da11caa410ee21aca09d8b6ddaf2c43b0360da86ac68dbdecc03

SHA512
9c5606dfd717f9b37ddf664c306a833c5485a9143e8e40edbece3ccae6d1eda14d8642e2fc22fc2025adc03ad748da022efa323656cd23766651fca63b1c5b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5c221c3849ac4ecc9f5b6ddb5a585d33

SHA1
88ea8f6a50de2f5210ab1d4e773b3bfd90b87cd2

SHA256
a6a6a58dd5849e22da0361b3412d47b097b332f5b589ab497fbe89afb1c59694

SHA512
dd34c41536ce3396c52c0b3fe8cb089a207d74dc9e311cac0fd59c4497f275a2b5203f9398f0126ea292fc3cabd8cdbba75051c440b439f585eaeb2016433dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
585b6ae94c80472575104153a167fbdc

SHA1
c7f0b0110db75e40324deed0e0de821d118dad35

SHA256
4f1b81d8239c6c57044aa83736bd89848ffe678957de019d65aa69bf4b0f1219

SHA512
be571fb001e0fff241ed598a39f7d1e93b4227bd96590a07172fa96e6e2e90e4c14a02e84aac04c8ce522234bfe1466eaad5d4219d5b5a8f6df753fdd43d238a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59a1c8d5e5ceebbace738eab1eaec3a3

SHA1
d09be761f6265722fa817ae83f4bf15349415b23

SHA256
4e4d74e85009fe5ca060564e7f06399ab8335a1242c01d2602f974300f433a1e

SHA512
904aa79c2fd36221e81e5cb93583e54cba003f29b472e2aadeb4f8547ad6f9bf316003e87ac8d4d366a4faa094382fd6cc64e35aef9db0ddf269a72858e1c3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f20e66dc38c4aeb2cf2e4baabd567b8e

SHA1
06c7ec7ff729114034617bd7975f71797f90999c

SHA256
a147d9d75712402dfbb3318d3ecf8bf00ff413cc7aaeff1d9ae1cb526a5727a7

SHA512
436a893c2782a9cfe973f57fda1e8cc4279b95ff562dab58f738b27cf54a9b415da6cfe103f33693ff4ae80cb02ab1f456328188bf0387234d6cd06dd95a3af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77a45dd55ecafefae08346a6dcc6e90b

SHA1
d4ad1ff917608ec21a598c9541b48285fce2cb89

SHA256
acb20b01a5d3d4e23c3de66816f978f11c1a6020a17dd0bd2b75044580eb5db9

SHA512
56557a812d19b0735d68b84a37522195e0ad73a18bb6b409ccfe31d13b3907a184d583073251e8fcd7a88eb309275058d36fb71790eeed2a171f2b19a4508840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5dba028293fa9b01e44eb28ef163eee5

SHA1
c95d970947aa7de81c3579502f44ebca208034e9

SHA256
f34f6b3a0a0b94014677c61a3c5d3fc29740a38aff42f5f0514371df3f958458

SHA512
2f5016dbef87b1bac2470d66a7c2f2c98f5214d3ce4160d44fa5c6c7670db2841e8cd19a6f60e001aab0b98eaff8435dc6e617ff478ad8dded6fe6d8c22694d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
35KB

MD5
46ed45564b7adae647d9359643183738

SHA1
79b935fb863a146604b319903057faf433aa1717

SHA256
8dddf5c161cbe45f86794b05eac98568f431d70a2f14c2b9cfcfd8c462af4749

SHA512
5f3d04504fa2d9b0e92878c8c282e41f164c94872f3f8a743aaf34fb5b3e49d416d11313bfd0dd5c17e7c1987e3df9484330ddf1bba90c8764fc3d0dda60efa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
f50abdad23a02abee1dd5b40e46f12ec

SHA1
6503597bfb3a55056112f5a3431f3be1a779cf1d

SHA256
3351e31354cf2ee0f051881438cfff4e259c50b54fa8713588195d7ba1a6a80d

SHA512
d89cafe16bd96113817ec546b585057322f3a3dbafcb1c38a3ebd555575fdd19ce16b5f18b027e3d8f63c48adc88ea8ad014a8ce2ce508264fd9980a2e65138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DE79.tmp\DE7A.tmp\DE7B.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
91cae7476bd4e00a81e15126f00f5445

SHA1
5a04874aa1a1adee75ed25af07eb817678674fc0

SHA256
86de662a2bbbdf02e88cbe10ce7303ce15f143cd3607370f96ade6589c7cf261

SHA512
4bc3f104b0212d1108c1e4bcaf64c0931065aa2a474ba83b8dd5bfc7570ded6ddd14e3bd28fdb23d32ff5377b1d09440a00b0f00ce2a7968536981a95a1d1570

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
7KB

MD5
ef377ad1a42dba9cc8dec761c469601b

SHA1
1e0789280d999f7b1ca8fd4284c540cec2239eb8

SHA256
4451052f075476dfec9989375fc783d83d27789db34d31a76f14f6964d44b69e

SHA512
d5ddc99d2b64d48a83d8673ad467e2fa37ebec39356c20e96674cd36e636ffe125c3714ea57b17d179ab6bbf9b2efc97bddb5e332e61c313d6b2856d7caafb05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
12KB

MD5
6af37ad96dd63f0c47f00e7dea69adf1

SHA1
309d1a4c82cca98fdd4a5561c7826c87a0a70969

SHA256
cd8bc03b158289c5e0cf1d4e9c7cacebf54fdecb3c2cdd4ee016a8a8a89c275b

SHA512
612a3aac5db5e136994d0d3b43039849a2d77206f56744c61aa8f3c177b0555b0cd11369a0d9e0111cac5bdb93bd61d2dcf6e1c618f7de2a6efb6b0b46135120

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
16KB

MD5
8be49844f3fc4b80bed9e3f3a17c3d31

SHA1
357b5e70d7fc519ec052f25d676478743bc845fe

SHA256
7d5b8a97dd3fc771dde21cfaa99227c1dd03893776be5b0daa98107448be5783

SHA512
7de82f6d9053308f0e35e83e9eaaa6498680b05457d2752f56e7db8a03795bf1e0e4108b0f7c691237655c2280a8af3fbf08fb624d14dd1af206b2ff588d3b23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cc1b6af84b2e16d42afbc0648a17f71b

SHA1
12e795d531589ddbe61a398b7be9c9011d2229e0

SHA256
ab0d0c8fcceb30c82950cbc2ac15b2572e0671331dbd984009d87ec51eacc670

SHA512
d1932a0683dddf9df0645a58c10b6db56852aa819e5ff5ae4c3b40f2722f553273f5da2b4468ca9c03704cd78ea65d769794730a3f2cb3b8ac693652195fa1c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ddb02c3b30bcafb758b927457a939a22

SHA1
4d20a0201d668cf6de8d32048e995bb1dbe6d2d7

SHA256
563cd507d7fdeb8ebb6f6b956085b959a7de90f6e5adbba3ae28f7c7b86af2ca

SHA512
25c894efc838c5cfec49d33a6f1b91247aa71540b1435dc2d97aaefc58308833bdd32188fd873551e9229d9f1e4b81aa1ecba74a423837d4cca2bcd07b1b2dba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7a02418b0a9b540d1dd2b8596030ae62

SHA1
907323f34ef578ef324fd3bc18e38cfbb87c5d32

SHA256
f4293dd2f317721eb40ff7e07514b2ab16035348a43637ce0c4b15d8a93ff182

SHA512
e776f3dd4dc37e9c5c45c847628c658af68815d72a071484c1318108e1625c2b911da5fc729b743e99738c11fbaca92bea497a22dd530ea017deabf4ff26e050

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\84143f71-e2ef-42a5-bf2c-b4d213213d8b

Filesize
26KB

MD5
6684a4e4c36d56fc8d40ced2f6c32fb8

SHA1
308d997c61dfc944c1409c3af3eabcaf0adc3e39

SHA256
8cd0dd12838ccefb70a59e9444783fa7797e073d129631678c3ac8248eb01461

SHA512
f415936aeef3d0034bfa42d7c8dddadb70fd9b4d3f008ecde7d9a6e8be6583a125a9321cd28808d3b2b52ea3712fb9682d8ea757b34dd2b9528fa13e03f61d82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\b77a2de0-59f1-481d-8d70-a4fc5a6173ec

Filesize
671B

MD5
c3a8bba6a8a205a082d175275ecc15a3

SHA1
e8486da2cd7c24010578c1224fc9464cc278231b

SHA256
3c5d2623091f973fc45c9f7b2dbd73eae38f85d6cbf8886f4cd994b2d7f414e8

SHA512
65fc450e447f839308920859d417678f285b453d8cdb85b8df3d8a422a7b5fd15bce0740d401d7ebf2674706887ebff95e0a0ee179417bfbb9d74e2cd5de2d98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\e7d4feeb-59aa-4848-ab71-c7a0fe2c866c

Filesize
982B

MD5
5a06f2e3c15ebb0e5ec651c66efbd75f

SHA1
406b7d425b0157240dda233cfa946c9a45fffb33

SHA256
a7469b543f03316f1bbe0784fc3328ee71fbc650e07c6f3187a70942184bdc24

SHA512
b279e6b2b40d802d24092214e549185b543ff47f10bd2007ba55e80564cc910c1eb8959cb04264d0cbfa841596897db3564194eaf28d7412dbc2e4994436244b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
13KB

MD5
cdebc379956dd9b8876814cb6065779c

SHA1
0eb59427accef6e6733b9bb15038528ae334cec0

SHA256
a888d58e4713ebb4225b0f48196562d352c95f150472e3c1d58a56c21e4b8b92

SHA512
6e896e51fd59b4a73ec2f88299c763a1c8aca35e59d49a8f5e6e39555aefd93e53ef20786c9daa5caf72cc7dc908fc363f6888230ead267a54751a83620efffd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
16KB

MD5
957a8c14904b619a92bfa1243571ecae

SHA1
a319f8dc0aa9ea15084a04a4ea4fd7f55f952d26

SHA256
cd902dea2ee40e2dfe0dbbf1d7913c9b338e2ab9587d574783d9cb62587dca3e

SHA512
4b74090a61349360be0e2b8b1da254185661e3a584161b57146e3f229420999dcbb570e1556fed5821f3a92e9604a4dd81c6212dccc73656dba7b4f645ad5797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
85e1bd1e2b2e8d6277a8d5a34bce5961

SHA1
803d28d62e53d48a92b549727888678fccc52a7e

SHA256
3b3c89ce583141feec39d719317e16c58fd6e88056c9eeb9c3fe54c9ece38f84

SHA512
9b0888adf611e83584b2f593591be41e2104cee26f5ba287ccaaaa74824caeeab7f036e30e6ea1ccc29f645206121aa6d9a3b7408b6e641a8e1031ef1bdd676c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
773ef5ff5d87cd1c48a4ee665f27fbb0

SHA1
568ec3d01f7f2e29fe717f3acabd5024b970536e

SHA256
47c6e8a7c1ac4b5c2ea05ec001867dee1f21f8f6f899cf96e6ba18782d9a4032

SHA512
19c700c843127a9c5cb6648f4791a2b0961e19adfb3994397e878c9f018e6aa808d2d8f3f22dd82280b3b00aafa4d697e0a59250aeccfaf22009ca39c9a2c18e

Download Submit