2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
599s
max time network
577s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe
Size

55KB
MD5

0cfa58846e43dd67b6d9f29e97f6c53e
SHA1

19d9fbfd9b23d4bd435746a524443f1a962d42fa
SHA256

022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03
SHA512

263bb15955a86788d3006f4d3fdeabe6fed1291b6c6e60471ffdb59626755a81d1ffbafc58fe13c0633cb67f3f1d9a3ec92046b6d85eba56e56cd1c252ea4ea0
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDzANyCa:wwshK8yMexbW9vJVDzANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709133385328546"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exeidentity_helper.exe

pid	process
3340	msedge.exe
3340	msedge.exe
3132	msedge.exe
3132	msedge.exe
1140	chrome.exe
1140	chrome.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
5196	identity_helper.exe
5196	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid	process
3132	msedge.exe
3132	msedge.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe
1420	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1420 firefox.exe

pid	process
1420	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3132 wrote to memory of 4588	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4588	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 736	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 3340	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 3340	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe
PID 3132 wrote to memory of 4740	3132	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe
"C:\Users\Admin\AppData\Local\Temp\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb70a646f8,0x7ffb70a64708,0x7ffb70a64718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15863348321848834666,17595384677000148500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffb607ecc40,0x7ffb607ecc4c,0x7ffb607ecc58
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4532,i,8567894573599176800,1083947298907728332,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2256
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb9131a-4984-4ccc-a744-3b3a5cab5e83} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" gpu
    3⤵
    PID:3548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7b5b62a-7b92-46e2-9edc-ac2ff5c41682} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" socket
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3416 -childID 1 -isForBrowser -prefsHandle 3408 -prefMapHandle 3404 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b5e38f9-340e-4b08-9e5c-947ca1a22a8b} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
    3⤵
    PID:1128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 3280 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e50f29f-8a90-4ba9-9881-e73f7cfef097} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3752 -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 2792 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42801db2-8ac3-4aa7-949a-e8c097500df6} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
    3⤵
    PID:5620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2916 -childID 4 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a01c427-b17d-4b3d-b4e5-2e821db4e342} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" tab
    3⤵
    PID:5632

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5cf14311f223d2ead3af366ab8714b82

SHA1
be707441a45aae219e4b26eb3d93bcd41d6173ab

SHA256
9bc7cdf16118c2d5d11a08c5c48c4e5310b920c87eca2d2db60b512791378c40

SHA512
200362444f8d88d3d7f9f8bf6686f23b8c4fcb78399c756217401aa0ddd481488f3432fedf26ddbf3e151867f59d533363102340579f246caac2a8874abbd98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0fb6a47c651875b7f90abdbc27ed0583

SHA1
e16c1fe5e23963a344a32e23bfad68d8694ba58c

SHA256
b0bd868f7e4e149cfdbddef7c50dc05162deb2cb70552bd2feb58763fd6e269a

SHA512
14c77e1996ea82acf9d08534f2cd3b1038985ecc1f876e5ac70c8813ed8262c61dffff4c7c2711e3fb31252c16d8d40dbba1234dd266aaa28db16cbe2086bbf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
de9e3f70fbc6017b5233dc9d2834347b

SHA1
03392c1b92186f4a5aa74bf26f034e44ec5810c3

SHA256
675bf70bd702266acabf577c3348a8af8b73d4c53cc8485e17243569c8139330

SHA512
52a076140f98a5969509c73f6f453d5515119fff1c6c4582a8fca47eec3cda004f60daa7fbce7ed468fc5fd3c7e09212d9e66a9446df1ffd2e3d0a30ec90d234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a84061b45545ca541ba01ae22379fffc

SHA1
ecdbd4cd660f4784fb17cb0d723f1dcce8ca7a31

SHA256
723cdf18618cebc51146e913a38eb5a0ca0dce27ca6a2c5896dcd84dff879c43

SHA512
c182bbf9e6e0af28f8864aa7800b9c3afb46a5357a079f54e17c5f866ed897954f253d5eaf5072edc98261a3107f92f36b19dd0d5db6cf56aad3cf1a9e96e0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b495ad646d373e4ab1b0f793acbe8034

SHA1
d081057f0da5f6c5689a0fb2a37e8f76bc41da7a

SHA256
74e35182110b3aabc8985235a28ae867808b527fc4ea024bd225af100be619ea

SHA512
7769820e0cbc6e5bcefd8f53cc13e3cdaa612d2857e18d78227d65e71ef26cd81d099cb6ea96611b59f1424f0ef5bda25c42247bb5aefed2f984e22730ea5014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d7eef70320853b43305dcaa0a3addc9

SHA1
74ad528068820d9d6a24708df9a9a48132b4101b

SHA256
0e678ec1a4359531915e321738f3834072b633b979ba6bac07dedcd5476baf89

SHA512
3a2675ec3b42977dfda10ec4e1d74b1cd96a4571793dbb9f1530486528d3a6bdea145a73d048d168349fae9ec1fadb57a8c7101aafc587fc0911d973b639f131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
accf307224ee8722cbb765138f605088

SHA1
b43c7b41bc7d89ecccb36d0af08e9f45be379c43

SHA256
d21273e7a36cac5e65a54bb9823ba23cbcf52c0898b66f729032873915dfb9f8

SHA512
73bdc760855309b1322de986ee5215e19dc9abe6ca5d42ec4e170b5206638b6d3405d37a37463ad162f0dd9ec41ed74e8cc22f3db2fff395ae15ebb7dd32ca44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5d4a6ce3ec7a89764899531ebad1cca

SHA1
b72e8cf00fc38659f49383c2b8359b969fa0f1b1

SHA256
7b0ad2d8768395b8f1a8b9f70b00d3434565554805241d804d8012db13fab626

SHA512
85c0ea038727a4d36db6d7cafae7011fd1dfb5d3c4fde69712dee867f9654361498636b31a7a19ba327a48066881e33f5fc43814020edbbbbd1a1854749b930a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b65a9f2e7f5d1ce74b99cc0ec192fd6

SHA1
a98d91aae1209cde5acaab5fb3b5f92ad391ffc8

SHA256
795d91c9711110ea1af6a2ac697231963aacda6e1613508f1230590ec6d07790

SHA512
a695de4da618748234cc5c346f69ad22270c4328c63e1cc05b17dffa4d94b4a6f7fc2085b005df6ff783b35f84c0a7e6af0c6d6340815e55efa83a324065c907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b13042e0b76dcc03d7643ba9b447230a

SHA1
fa2aba57e82bf0053ffab3594f724e8cadd6d8a9

SHA256
6d6261cc2d8ba88bd9768c60ddd52f3e6ceda70ad0e3edf0278c948e7c6d4a9b

SHA512
39648630b8d4756cbd401d5266592d26291421da45f679f6b1ce927698f18c1fbbd59856b3858f52b45faa994c78d135bb91d3e0e3bb970e207edefd439c1892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a12a078ec105b5c17e136f13cf2eba93

SHA1
7b1e8550740ded299974216a61ea5cd2d384dd6a

SHA256
e852e322e6816b2677c1242403a60f82aee0de0dbbb2f3a7fdbb1028e51e3255

SHA512
bcc8b5e398e37ef29377adb8032946ebe75b51dbcbaba2ff244f2bcf6621682654f0366e695ab702b7d07219bd350dd04d0051e0378c314bca60751d4ddf16f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd2b156a8b56a1e5998e00c885e1b9f9

SHA1
e1dbcf07aca37d954641adbc77941e86f41f99c7

SHA256
34c6343e1eed583d12e339c6cfb40608877539f52109c7fc7ed3c64230ccc090

SHA512
5d6dbe654479d5e5b1d2c2ce238506a353f0131dd7792d38ef1bc8a444557782bdff9d79082468a0c2f08944bc2e448564e42429ddd5d7a2b889a5e6ebd839be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7aa0ad44b9e36a86da0fb4a0ebd6ccda

SHA1
3e07245ba7b561ff5e863438700e205c8f1c63b8

SHA256
af8e058c63907bab8136052653daab72302a995463a583c80e8ce190426168ab

SHA512
8dbb6aee370749afd485a19d85eda6db5260ea137a14185bdf91e2f5ccd8c8bdaee7f7d19388c6026cb2010d096e2d06b0c2fb90df5f8ccef4a89f9c0481af98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
510b26b24838b418d974fac9f8c2c685

SHA1
f65e996b4c5320c6d84292d1c7c39018766e44e5

SHA256
746d36e6db0ae538e8c17f201f4331e364d8fe64601b6a1fe6cd1088a04a808e

SHA512
5068a03b1b1b1e26d433267157316fb7832e8ec234ebeb1d5a46bfc13835647b12976290c27b698b19bcb5fa3c43b2d32ba323ff2f4c9d25d37ad4dd301a6d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9772810d7876772cde9f3112f659d7cf

SHA1
ec330e0589287324dc4c6de0a9d7d566c8e682b9

SHA256
1c5b2a55e65fa71376e5dd65be74e10b41aeb1885c72cf3c5769eed61108bb36

SHA512
79776dd5e9e417fa5a4b53465f088b6a6d4aca8a07ee80489d66db9b1a84894c39bbf328759c32e8d2fa0061cbf9402998a34eeda658c0751ec68e8a18837912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
041713b92270afc1a402a451897a90df

SHA1
eb238a81aea07983d708a5553bb6ad5315e023fa

SHA256
51765cd65616f493cb9d158fc27ecf8b2f8431524b78052bfc28b8edc23a2dd0

SHA512
0a543ee7c50409c8d63340e0d718361b8f93884aa8265317582b68064d025d801fc6e6d656a5871b37b908ca9bf9857b0c5a5300bce3ff6018b012be5770b19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8987b211c1d22237f21be9426d0839ea

SHA1
2ff0244248cc408bf10a25d61ee557c84fd8f808

SHA256
30c3f804dcb18a849352500e151a5373220c7a48eeb9d7cff012a3c38500f334

SHA512
dff4250b27bdd6fec974887fd999a6c55fd45c68ddbf672b8e5ae2064b2e34e9ffcb1119c28c500a512563b94886e893e2f8253be27e029efdd5e5731802cd3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f497324240d371a4541f71b64c2b1a7

SHA1
79706ce24e9c6f5f08ece838d7ea65bb28293a89

SHA256
4f9c39bbe18c6a06d68fea15a4ebc87f7e99b998a258c545dce01fb9d2987ee3

SHA512
b55bdb500c795b6a5e9a80979f1ce294ef1c69298638b01e0eb9b9ee9edc75a03562934146194ab944552544879a9a3647511655c45a4de011b41f418635c9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19dd9b5a40495f8225b7938acb9e5c5d

SHA1
ff032010137f3db935c9d8d416f41a5cffda389f

SHA256
f53dbbf3fe90bd8f20c67246e126a3fd3e941f3bcc04eef3a6592c5d37b322ef

SHA512
8b6130641962f7920d14a11045c1fbbe7981aa06b5ef5da1269db47965dd8f1150d2d74a4885addb4901bffeb8f786e33049884b8754be687ad4b58a798ee84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0004a81bf76f91859782782bc57a3993

SHA1
9a326ae93059267a7cfa415f67fcaee486bc5c30

SHA256
d8dd908df85fe5e2dc6f5c63ea5803386ee96a37ff702130f86ef4b331e0675b

SHA512
67837a0adbcca15e9ba4e8b3a6031665f4fc8b60c8b6f916340717fc3c721308b21d5a2c02a8fb4745e6393b766a51c7b7ffe2d6b326479397f79e84a8041206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e6925bdd5c9a01b4c8d3b7d47be3af7

SHA1
b4d783edf5e4b2a8656beecc6af523c91e4c9935

SHA256
eb5d8610940a5be75ea75f416a26f4384b89b31251c28c52fc5676f0fb78d034

SHA512
adcc705597547dffeff53546b7498573052cd00f7efe0acc9fe0dad91a6aa07185ed08afeac1ee9c6b08a7cfee880f7bf7bd22869eadb54844bb355a857cc5c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
173fc25ca4f55d91738d9912c077f84f

SHA1
2f5a819218143c96388ea6d359b2156325120413

SHA256
5fbedbd7aa605826c22ea3b78afc14bb539eecb24f4c45c267c710d09303f8d1

SHA512
328e2dfba12c62951534f9acff4d312ddd2de108defe2c353e5533980c79da0813a26c1c60aa5591b34dd6db81e43748314688b4e8a28e3c3153c37b474d02a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9a3d473638bd679f44d3d77a91f12f7

SHA1
9e40813439845ab31833deae03f328db9993ecde

SHA256
95e976398c1f4d6b96f98ed88396b25512ddedf71ef13fee1dee370e6d1e63b3

SHA512
a2109ac2edb18f8177b14b028ed1094c0ce9b895baf662e709dd42a7b572b702da3b4eb3cb2b8b0d6f7a4538604a1d6c6d4b79dc7fd6a75b0b39edd095380574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f54adaa09d6f7d21f588204542f0fd36

SHA1
9521f3912d777725a4eeaa7b2950c516df7c6989

SHA256
2e70b4984a212592ef4b1fa54c06c945817ff52581300d580e54a0abe60fe822

SHA512
bb34b30bc46a54bcefe4e7a02c8ba3f5421200271dacb5f3fce8fd7b937b05d44f1f3877b4e0a0cd2b2b220e989ffd6b6aa7fd07c7d9870a041d2c43e8597ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2b4e7b70b53d55157a4a98a6693ee77

SHA1
5286fd49e8ba11b8285b30bc9fd58b3e03577de9

SHA256
cdb860ce5710e01ede034f4e2bc0a0412b8e21d4ef8773396eb50b519dc55936

SHA512
b0edbe1aa887157f31ece0f0958c2b23595e0cdc22bb38fd395d6df0d1a5baf1ee41de33629541415526272153a051574f0c78afae852e0623bfb545ada141e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b82efb429d61a56d4616dba6c7bd8c80

SHA1
a546867fd100b16c677beb78263e8722c8eb7a1c

SHA256
ac1d2e55383a7f425e35ac6eaa028f030d62013ac3d033c3e5cad11182dd156a

SHA512
0aad9ba4d7ec3cfdd4b59486111aeadc07294025f5f5194a85b6e2ee902f08cb51ba9b00c915193c68d3edc5805095e33160a4d24de00b69d8b93091191d689c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b14db8332f398329b2e54320ae64db31

SHA1
ac727a135c12b04eb00962041e8a2ac489e36bf1

SHA256
d3406d22d3a558426001721958f0591504273fb8bb5de9a71c84b65ec5264e3c

SHA512
c5b882c9e0df246b4d14adcaae2ad2e4fd081671d78dff8c6ca12cdbbec9ab6fbe06eb74703e89c06d92415e0e13b1a455116fa1a7b10f500f720926989c4da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e55f4bb032e54b982a5d6dbaad32921

SHA1
dcce405ce290d8da5fdff1e925795d0886e29d81

SHA256
e4cfe354cac9355a9c1afb192bd14300a9f474ff9420cee683ff5554ceb8fa4b

SHA512
66017316be7790e5dc787342d96c6db8554330e559a7c978207aa371871fc70af094cccaeeb0d7c5191b2d03332595519c8ef664a668620025335aa2cdc62882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
daa0a1a27f8737cedfb17fcd5ab346ec

SHA1
5d40388c5999d7b3d34359f642caaf949b6f06fe

SHA256
37e846366284c64990425a8f7e6925d6bdf1c473ebc5ec6d1ca1bc2acfa6b543

SHA512
560a844238d18aad7297a67d11fb41880f32d6d4bafaa87c9ecbe625c98bb38472c12cda7c71e259f6f01e010d3210a536faecc1acac90790284ddf9813d9159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bac96ae63d99937499315ab606af1a2c

SHA1
73efd78fc13afc87ca46a9e95a823c8057304e11

SHA256
6a40fb000fb056694a5746ef95cc3abe7448f8882510eb3fcba1eece6b366040

SHA512
7b3795bc86788e3c44e1f8964a1a234245daca3cb320dd7f01285b6e64664420b7f9c473938b4ce93fcfa10f6c9bdf1a09c857400849ed3ab48daf3cf0f489d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
393950abc8ced0cf8898f979f0d83059

SHA1
ef2cc494a548a6ceab8f871477e6034565487071

SHA256
51dc5a4ef82625eb5d5068bb445e3dcc7d4331a9949898e8ad133da2908f7824

SHA512
ab2e82af4a1b3241ea77f99b564f2cffc3f8f19d52ccc7fc5617f50aa8d7e5d805e53b38af50276231bf08b8dd1473c7db133b1f8f365c545948c701bee0e0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93074c632757d3c9042ef001a3f3f2d1

SHA1
059c36c12407143bdcbfa1016218c6f8ad36d619

SHA256
82a12c07fa54c422bca9a2c761b58c57f0c8d10d3a07571a09a4e6176064dfa1

SHA512
150e271c8fc60b5434fe81d848f12470646a6bc24f9875f2bd34706fe342659222ff2ca64b67877d685da8fe3cd222915b03aa1515008742cda98b5206e7e0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
5ab2dc51dbf8de941b630fe01f63fdd5

SHA1
3e967320f8084e972033a1e6b6dc5e7f584d22a0

SHA256
0c9b4c2ec3d26ccf99b25eae02ebc97123efee6182ef6bd9e4c14e825a15d1b6

SHA512
0fe23f021738502de9b707216b23bff3feb8b95bad5d04f1348be4ca1d1b408a3d9d9fcb27cb90255aca6e0becadfe26f6e643367d906275b5584fded61cf078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
e5dd649dfbe789dd0e9b7bd8f655d2fb

SHA1
3f8515b5e558ac28e66e5b24f264f938ec0e88b8

SHA256
eb3fb1dadad9097d01805a4669a06d04017322d6eafa0d88d137f6acb084725f

SHA512
71c9f5cb76d6a9e3f01c9235f4fcac017fd94636921cb3b37686528558085c75beeb9b9d29c3e82a761873c771059b8d6e15f554514112abef8b074ef0709fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21c8270d6906c1e159c1eb5f791a2272

SHA1
76a99f77cd63fc450e73b17f276fd24c7e79f6d0

SHA256
f5c84cd9d3478e2406a817427170fee8dae9e799ddc594b2022e840b85ba86c6

SHA512
015facbac6802cc879428086605f124abcb546a36d15563ae8c609746cee31043d86f9dac1a7d62a511ec2d47f3acf9c5101e5f9ec342be4e096b3d942a5383f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8552ff105e01e7e8b6090f5c1de952d2

SHA1
b427bbc15f0ad77086fc9e5f691ba8abaf871564

SHA256
4de9d7a8f7909cde81efcd3a1599a207307d47b83029d588517536bbb9c54dd4

SHA512
31cc562d9ba4e2d3248d566e000a2be73a1d0fafffbea633f68f02e11b4d99670ec3f06a1f268c953b8b36edba545b6ab8fb1dc581ea8b90acbc98ab0f2f0153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53ec8aa0ede9fab012f47cd1e02b1e43

SHA1
958593b0394cde6607304102cd4a92a395b1e316

SHA256
29df21882b87512d58996b3e8457760530822906934bb9efb8a5235244803070

SHA512
1936313452e3ce626b3d5459b8e1492cdd7f0f78e16825410bd185d41f623d8bdc687ec9398a4ee82c39bd64ecc7e1f443c62ffdfcc873545b607b5c26f09f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
8KB

MD5
fec046b0c5b33056993be2a61c2d1dc4

SHA1
9d6c5b9b0a75ba9440f197921ef4945e41be8171

SHA256
fc0995564ebbb0162c838e1f9ac2f7ee15598f143d0c5b244f263b0dc47c1f19

SHA512
e2ddbc47f1cd6a4774a4b1209e825ae6040c278b7ecd9957db6925fd55c91c56cbdaed8038d1b2b20c5da1fe7f4c1f4d2b34392f8ecdfaeb963aed8c6a8db335

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\bookmarkbackups\bookmarks-2024-09-15_11_fBUy23+Jk-9dDD+GcTri4Q==.jsonlz4

Filesize
1022B

MD5
fb28bc905213ed13302d7db3dc0f6d36

SHA1
a5aa6d9a1a4bd35a6127ff1618d2622b849e78fa

SHA256
a95766eb63f8816ec1d8e623069cc255eb5923d58d4ddef898c7baf433a63187

SHA512
9e86eda2f6ac42a57a8dbfe497d05159b3c2d2aab2a6d92e941fcbbab02cc58e1368b6f8af9d1b1d0cd8fd7df9691ceea07cbb565f4c34e3b1c51586c3214249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
12KB

MD5
910a89d830fa44544025694c51c04e3c

SHA1
e1013909827e24e8c40c89060d04c9e1ab880c13

SHA256
cb01c8a690e4c0e84f281e42355a4a508a4818d4523571a1747b547ed8d45617

SHA512
2db1730aa1de7b6de584638d97b464621f475cda70ca85f0a305e2a735a86b213665169ae76be6c8be30b2b637eb6a054a1e1dd804f0367342c4a116c09f7a24

Download Submit
\??\pipe\LOCAL\crashpad_3132_PXPUXJALLSZGGXLJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit