2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
599s
max time network
572s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe
Size

55KB
MD5

1d7d285f77ed5460fe9aada4c04dcfcf
SHA1

9c6e393d8b2eac432720518f8991c86ad8fa94b7
SHA256

048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059
SHA512

cfcd38cd8c12a80ad7d26442979bb5ac44541866810951eaf8d2fc709d1e9cb3cbe187065ff547717d3babe8abf9f98c2b04562dca992b63ff54c5465746f5e4
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDkANyCa:wwshK8yMexbW9vJVDkANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709133502565272"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exeidentity_helper.exe

pid	process
4088	msedge.exe
4088	msedge.exe
592	msedge.exe
592	msedge.exe
2336	chrome.exe
2336	chrome.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5388	identity_helper.exe
5388	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid process

592 msedge.exe
592 msedge.exe
2336 chrome.exe
2336 chrome.exe
2336 chrome.exe
592 msedge.exe
592 msedge.exe
592 msedge.exe
592 msedge.exe
592 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe
1100	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1100 firefox.exe

pid	process
1100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 592 wrote to memory of 2668	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 2668	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 556	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4088	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4088	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe
PID 592 wrote to memory of 4756	592	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe
"C:\Users\Admin\AppData\Local\Temp\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbda5746f8,0x7ffbda574708,0x7ffbda574718
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13360211992568125873,13025892456155460526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc8b1cc40,0x7ffbc8b1cc4c,0x7ffbc8b1cc58
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,11149496626254234178,15661236781475838549,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {646484ea-373a-4d57-bb92-0ace49b6956a} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" gpu
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d87e6f07-ab1c-4105-8f05-b01b808eda44} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" socket
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3052 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ec8cd8-f087-4a05-b5a3-3b5307d86c3c} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" tab
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3484 -childID 2 -isForBrowser -prefsHandle 3272 -prefMapHandle 3164 -prefsLen 21747 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {038575cd-8409-4f38-9f64-15daf56d760d} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 21747 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0647d954-69c0-4c82-a9db-48403cc242be} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" tab
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3892 -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3816 -prefsLen 21747 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa86ca78-72d9-4a4f-adbd-95f7c9e76939} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" tab
    3⤵
    PID:5404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7e84e75e1ceaa87df348f2e6f6d64ef1

SHA1
a866e98e59c665d32d70068bb105152cefe77d30

SHA256
011a11b13f1e938b284345ec8657acd11557205389e2c6314c9eba998bb32bf7

SHA512
bc5462493e9ee10bf819d524e567e1490d7e3e663bb27d0b3ff00b09ffa2010da6f29407e3577bf5965f332a75fbb1534ff5d17cf9814b525e2cc291d69cee71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ba5334473fd380041f72edeef34bac97

SHA1
0e7207fecfa1649159a7557f4fc59bfd8da9e9a7

SHA256
7db43a26e3442b9d17221c10ebee4ad88b6de34729bae3e89a698aebc1375ece

SHA512
d582aba8d3da1ea7b2b326eeec99048100815bb16b388f0d8ea72ad99165e84a33a4ad8c81698e0e5324e6846c643fce80fddb83edab5949f483e1851caa7a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dee7232423d1ade7f8364feb58c05e5e

SHA1
6a9bf4a186e64c5c89f483e9f4fe2d628aec468f

SHA256
eda773d46d036f28492c3399344fe9b1356b4ea9f7d17156aee17834c9e61673

SHA512
ef7c9f79b1e3f6c9c49bed9063b044620181f1e09a093d2a63655c8c12a5d2d73d8638d216411d7b05c8a4706b7c9188443ae97407a7e8ebb63e87d557659972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b09f2b9a133091a58697f04e1220ba8

SHA1
760cce15fda0b7dff0f0e4af3eef82275d811e65

SHA256
4d3495d3734d39d20b8d6312e7917f66b7757e7de8afade59f18d650123f5e64

SHA512
2b1b8183139fbc8972b9786a920dcf836b7ac7bc93c4495e4983306e1bf277d615e4ff74a56ec70b01f0a60f9eac13d019a0292d723c85ee56d3616c3f3e5489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a094f56f0915f07fafa6cdb7e9fc01d1

SHA1
2b73dd0914a062d6c017c0819a8430d7e856a46b

SHA256
ab323de0b4ebfee99b59bc54c4d3279105ff154fbded000fd26680fad41b461e

SHA512
3e35631dae36234d1b5546c2e16595d9d84afa10b74ea06b54cf38c14174d445d727b7283c7ca473293fbde88aed2c95f5a1ecbf14fad4510dbc2ff87595519b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81060556d6d092ed0c8f6f2d1722456b

SHA1
20acadaaa6f5def41d024f8031d11010fc638a49

SHA256
adb6cd79b2c2fdd363cc8dc447882ab2e7095b91bb4cbc1ad96058dee617d455

SHA512
8f51267b6bee3ae7b4cfdc263b6e86f3497eec4d78f5c55f1c8a9ba511697cdb56a8c6bb102221ddd1249c08a020322f76587fccafc6f1e249413ad1563bf6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7062654973cdc056e1ff6f2180f51f42

SHA1
b5d5c55d362ff88663c900dc768188a9fe41a4c4

SHA256
776efc739f8465022cc76c49dff27345f6488b7f7d249be12481f8aaa6c2c85c

SHA512
c8fd5030115b51817224b63a69c944729d1485b8f62ebdfb20d3335ddbf5493297f1f3d877cd8a77584296ae7fa2b07f42c96635791ebe88cf1a919e8fc340bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c61c82602edc161647815da44dd8fa10

SHA1
d54b9ddb8a5908c51a3274c7ac4aeebae432dc27

SHA256
b6bd77bb95068ba5bc33d0e62b08c6b62864c7bad6c8db92452844d33ab92978

SHA512
6785c0f234a2554acd332d11a9f3c6204e78c7f42978c530dba723fc1444e03be767b78ce8348193369295798113d4d6ce08b0a878f80abf2ddb450e464dbeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c49df30c129b77855028ba178c5a6270

SHA1
a40ce3bf03d8d432d499bf084df8ec2fff60f481

SHA256
ff6f6e5ed3530ccc5a4f3bce5b185f6a9d902170861c48598f92f8b3a56a9608

SHA512
38192e009e8232593ead6ebe8a43b8c25cbf9a84a11daf49e486beae599f6595ecc736e4e085b316487abcb116aad7bc67ddaf48200ef717b8e494d6801a814a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b33f3aeebbb48c1ee959086d09bec463

SHA1
1556137324e3316baa8bece9c3e313290f499305

SHA256
96beb2f9620216e7304da9dbfc7ee52a0a530c830b0c9bbe469d6dadf722bb23

SHA512
0fd67083971026fd25d631f3da3540f8ae38b89018ebc7e485d7e1bfd8ef7df4a5e99338d505cfd94bba36ce3ec19358b6b0b55737c1cbfd3beae222623af68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6d6e42def23cd66ece31713d6847c00

SHA1
e57d16e4cd70652274e10a76a76e0e0d49e63e78

SHA256
ce29dad4c1bb6b6716acde4c4bd542842eed1309c7b6933f90265ba59ecad8bc

SHA512
6df667015ea91067ba1a70eb9812d3679d50f28b0911ea03cd20328bb2a178463b73ef2985c1d5ef302f4baa320471d2024990920a76f0c05cfe215670861cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
669582460bda2c1a8e62731f37002dc9

SHA1
d644faf16d0ec514053a8f2dc0da6edb957cb114

SHA256
b1d3b576ffb3cfc17d1e9b8a32b34ef25d25f51df1c956b4d80c841445507b49

SHA512
8031879aa683f5303570cb583f556403a5919906c4a5fdf916b1e41ea9d93100f3b71534573ab04ab30dce7597942b77d618820d012c7c713115110985c885dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
823fa95be0d2dc148906ff59cb65019b

SHA1
8645f7fd125c30cce9c57d17bce9ea814a6c0941

SHA256
c898dd4ada750ea9825998d68e41a828d5882ff4e007572149ba5de21784315b

SHA512
b62461bda1e5c58ac387fdfca103a27962b29c99088daec03b0ca2fcd460ae956c3ec216b9f445fe43b81e4b3dcd67c8d2246fc16af2ce1f0626eda327d0cf8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af40239f0bc9fd68a9c1b2bbfb8dc41d

SHA1
bd6dab5a26991e21bb76d4b03478435447abb316

SHA256
936c98d4dd6b68c8933aef23964a35a60008709d2eb3c7027c53dc5bd4a2d1be

SHA512
3b6ac2d39ea9068b48137e9b0215273b08cb0ca32473608a0e20269cc80f2f07371df5b2338d369fc7178a4bec21f12451abdd3f930515e1bad5f227c789a3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fc7b186e9d35ce3bdc1bc691c18691d

SHA1
471267cbcbb6fc4938c9ef6613df3623bca9b1c4

SHA256
6828e3a5b71f8ded83ca0616b150f547568de0e4b62fb8f4f0dc8099002bd6a2

SHA512
59cd5e1026446dda01ebaf138d22bb81c362b5e3dc9d79b2082b4ec7e9e952b840bad4dc1b661feb9bb90ac2785faffb3170c105ddcd279fa4fad005e40a4551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9cb6587b973df74a66717ff6b6c66d5

SHA1
001c44f653417d2ab621aff5948577ddf521ade5

SHA256
ea9364094b5575d0729005f25f5070c1896c277376580be99220c5c8c7828e28

SHA512
836e3fdb886a63117a225b19e8ac071ab594d86814772747dcd8a2974342f3eaa6499f98417d098819d6581a3afafa6e1fa0d00aa5d04c090e6e165316595c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a652c8c93c3a9bd7cc10b00640603384

SHA1
88a9e22a584f562ec108e641edccdd4764b486f0

SHA256
2b7d89d3092591a6ccddcfe0634bcd609c7f75e5548108910fec3b6776695a15

SHA512
70dc99b801596d25975d84f95880935b5ff1a04371ace4c0f9efd852d3c3ff7e1257a39f385b83af4df574420fedc0da2e6fa5cf0161c86b9b42a033cf09af75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb005a6284bb6c65b09de2a75ebbc3a0

SHA1
4bcfb95fbfd115db8386091c9389570689ffd4d9

SHA256
34c2feca6ac3cac7d875f8c422256fb8f1edc7f8fc78f004f216c76f1335970a

SHA512
695a914200ae162a9fed22eb1b1bc3d7c06c124c3d98273e53b8ab8a3e2de23a5aa1a4db711a1f91de1f55e028d4938d8c32f7e99cdcda5e8daa38692b793637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2eb204659273a847b5e40436c99848e

SHA1
8651c113ed4b90e470a718a648f6ccc9ec055d7c

SHA256
f192caadf0dacff5c204fdf621e1aaffeea66e4e58c2d943740748cc943f3c1c

SHA512
db202aff4af0b60b8281440a8a7d42db891359bb707e6e23da3be81048d64d61108160524ebfcb76656ccdc9d8d548eba1f796fbeb211bdbeacbf62f5d64e3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b66f9d104a7646e5362e65ac8fb258ca

SHA1
37d46b5d2b2e667ca9e615beae2e47e2f474d92c

SHA256
55931bcd9c1256bce2bda61663bf717341e9a81f345afc866591222218814af1

SHA512
cf88df32c585cd4f1879559ae27a8aa8b007f00ec30e7460e5a10951bd1d3f075af11686eabf590087769945568dd693ea7ba297e6d95479e8e8aab872cd378a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b937f769be3306966a669933991a92bd

SHA1
00766e21f4e5a935fba5436ff354396a5caa2bf3

SHA256
ccb680251c4824e9d379ea09602402b529b0821048ccf2bc7fbb10724381e075

SHA512
bfe77a484fde07c5567b04590a9c47edc58430871501a57907b67fbee37a6212fb6718abf3169437c41cc528631f538795a44d7412396c00754c1de97a489d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
442e7ea01ea3ea661acd8f5ea552efe7

SHA1
c01a4b75802839a0662ca746315068cf29190ce7

SHA256
e0d9b015c761cc69c987ad3d5059f88dc15e8ad488d807f77006ea17af7281b4

SHA512
ea5e998fabaa4b2c8e2d9e9c64924f0d868d88d2299eace67155f46225df37ee0a06a054b13d7bb32609df96b0458978e56cc0f0290d87393eb7f6351c237d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7768edd1e3dfebb35ddc389bb57362f2

SHA1
052a5391f1b3f4a44d380f1d70ef8ebab8de186e

SHA256
bdfe6a6ce1a6be0223c495f9cc2928641beb984d8d38dbea5ec212cffb4f1d7f

SHA512
f8d0882b09ee32369744f3009805b8964cdde887920fd08193d7a35bd67c3c45ac28345ff0b82a9a20a2a6420b3f9359675ad8dcc2ac5e5416386f11c1c18d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31d4bee9769a3aaaf859fc5a90fc7663

SHA1
1815a6a7ea64890ef7006ad49fb0dac541c15c10

SHA256
f3de33158af3907738cd47c226c33e29295f23cbec735ea54be39d0aa2daf0e4

SHA512
e61e8ea0cc42fb01904c990bed65bf27b8b868d93fb07f85ee0f68025002726719b0ecb49163d0311af6a6f54049ae07d66f073c8459245ede3bace08fdb02f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82c5226583cd12de0ff1990a08a75f24

SHA1
0e877592ccab8da7d778801b63e2d33cad2bf199

SHA256
c22cdc9a660f47045b6093e47bbb50dc682e48982c5d2cd3f83aff6bb30f9ec4

SHA512
03701bce005743365545f25fb20289723c972555f3b59ea32fa0130689bd50340a3bfd96f013443f0f4e2a0449989b99cefa54d00554780375806250ca221c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e849bcd0ff3b669c464fa7412b8e8ad7

SHA1
628c53769bc4f04cd01a1ba56552db0fbe692f47

SHA256
1f3bb13c7721c7c084732d7f5c818b8ab8e5171cdccecec1a524508623c5450c

SHA512
3564cc40a7b5c8ad8029b11853ad794ec035003a4a4e22452cd215cd74ba3d5536b0576f568a77f80fba45bd7f3803ab94a7a9941905a3bd28382ae3569892cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cd6c9b4a06a20e2cbe685e99a59b92c

SHA1
44e1fc89a1ae8c3689e90dfc9afa7efc23139bfe

SHA256
1e47784e88e6667d1d0299cd025f8c094f8989621083e73241d5834cbb285ec5

SHA512
59236eb808beccc756eeb8e27f5680a239d2c46a8cf3b2a3af9dec904ffd56a988cfcfe5175e12a6e5977d29819cdb59f5b3a994aea86e47e082309b134ad8f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59841c324fecf397d4379a75211096eb

SHA1
5cb8ad21a50ba792b0648dde5deb7c5f3edc53fd

SHA256
eb72b3590fb03bf1040c46945b954490ed67303c7b0acb0b67b169562ff7bff8

SHA512
ba545fd2865880b332f75afa1a1525ad13e77240ad8b93b64e1970e62f74b92e496bd3251fd7d8484e85383b2d09e090b26b7abbc5089bb9e48f6460a404b738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2f549561a0135fc4892d0ac2b282a85

SHA1
22760fe8608665f56636c09a2fcae4f5cac37ed5

SHA256
b3f7332ad49a7cea1dd85f1a840acf484dbcc4394b20c10cca72ff9eedf9326a

SHA512
787e9f0dbe2973fafd881873ed18621754bb3de0cc2437c2bcab19b16de2e0da2ba55351c376628a88a05c960f244d4fc30e44ce4cae79c3367e88272393569a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
706acc9afceb1e8c98c089a86d472500

SHA1
07d0cc518f5d8dfced59834e0e25fc98a6e16dff

SHA256
775c7a1a460d769599459e4734ff930270208e6e88a62c9cc0677af8cb1a2f33

SHA512
f014161ac43a2622b4e86b2da3077e8cf5b840fc0330d034f89cd949c9f26527058ad65e43932ef8dc7c8cc168440858be0ef1f97d1e528e46623435cf5ff8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f0a090615ae61998605d2c0816760853

SHA1
7c01db709929ac455b0f5f7ed3a1caf103aef761

SHA256
90c00c249689b3beb12735da10489fb23d64a412c2a6e100e1572a2c2db9a36b

SHA512
d7bdd07311d2a3a6e5c2151b47c3d735784009748fbd20dd3574ef301da8849509a2d39f22842e9d472228757528fb5746aac3b9ef58d268b1c7e38363f2b5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
6e6d60c7937447324354d3f2d1935551

SHA1
24f4944ed5cab664811d9e78a6895be21ade6c2a

SHA256
dbb5c9fb02d12960c34a5dcca4757d9b97d9da49cb188da4a5c985fe1df494bb

SHA512
1b21df9509dd680edaa51cdbe192564dce0f243d983bcd424a2d900f145c52b8c17dbaaf28c9fab7670995ba9f4f29398460b8bd05e39c35e14a42afb1335c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
7d4a9d9df0789e2a469232725f9e2396

SHA1
7f0a376ee4f0d6fd4fd2bd5262df49e00619b85e

SHA256
b734b67465def0e9d29937b8f5edcbbe153106a8fc09c2449293c24dbb127c5c

SHA512
5a84f6172e309db7a180de5b7eea3c6121872c08ff819cb20a616697564055d24c3382a5d4a89813c4b55dfe12c4e972ae74d7aa02856131750fa5298f785a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f135f6f7c11bb892e00ee5425f8745e8

SHA1
d42bd4c4556b8178c582204b3fc0ed724acf5f57

SHA256
3be16c85c73f9b605b8ee695fc3f2e6a1073689c1204f57d9fc57b8f6da2a897

SHA512
0af16880306d52887b3ba84355e407a3716934664eebd41c9a5ae9c51ce71aceee662f66422a8de52d31c091cb8b16645381a1188f0b8f3d9a18028fb205fe50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6e33467fd9aa1696906dbc0acdfc4db

SHA1
4cc67070af3d303601775886cb1421185109afb6

SHA256
5354dc75e4c982a98ba977936392bd21560ef0bbda9ad536ade80e76c8154758

SHA512
db4e4dde95141af71bf42f73c63ba52318eba940a2f2f1ff990283edf85a65315d75fc97b7ef3cad1ceb3c2ccfeeefde6ca5ca7813b41b02903249c1913c5e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1697a33f6d45930605076df2c88017fa

SHA1
1aae8a592ec0dfc8b9abcba9df6711195e5e6719

SHA256
0e715cb2da23da869b5cd4c8c28b8ccfeb42b039e2d5a1f39aa0cbd47155584c

SHA512
d73fcfa26e2084b5feaad4a9988e6f7f32425adb263427241ea2ba891540e5970b20cc90b94ff86c5ac0f668c98b449176f57c014a22d88b26197358322ec618

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
8KB

MD5
d7750f9155ee3fd42ddaeb9799bf7347

SHA1
2fa7304025d8ffb28b0f12cb6a17e10b1f93ee14

SHA256
6365261cc003fe2a7dfed6c5002f07a0dc1922282947f9ef63b2892f658cb8ab

SHA512
894731c78daa2c7a6177b332a7e2b7edbc776ca5b0c380bf6df85346a85a9ce4c8e3f13df42a88dfa5a38f2c1ac6415ba9e266d748282a28e78ade26955839e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\bookmarkbackups\bookmarks-2024-09-15_11_uNm-M3VlkLyAUUDOcdm6Dg==.jsonlz4

Filesize
1015B

MD5
d8fa487910321381e19c303cb2579f92

SHA1
cdc0a8edfde2b40d3dc12db4565ba38e57308b65

SHA256
324baf2d9007b3f41730cb6c4905065f2f163370b1dcbdb06ad93614ea3684bd

SHA512
bdd5b01e976717ba2f29e5d18c46d37b97c635ac281eac6e08e1d31f5e53c60f90066e8899c0297b5c276d08ccafbc85322ab3facba0d7c88e758257b031677e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
12KB

MD5
3e716d313f4d9bbedbd2a5c20ef99e5b

SHA1
58a526507b625e7ef4a3ed2e8bd2f34bc4d46e07

SHA256
884be2c4203c1b05730c22f1c7a511332dd4f32c8998c8f967666f761fe276f9

SHA512
a49919c036dbb76419af7880a7183af08e9d0989db228aa9c7791a2bab664f0f5b413aa3c29722485a88ccedf15ffbd861abf81c28be287a4f7eba14821082a1

Download Submit
\??\pipe\LOCAL\crashpad_592_JUXKLABIQXWBUSLI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit