2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
599s
max time network
588s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe
Size

55KB
MD5

d28ba705f24c9e51564c46aefab26754
SHA1

0c6bb0d8f2611775b495a019c63f95b1377f2054
SHA256

0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
SHA512

441ea8ded89e2bc7630134e9da3a5cd25835133f2c869ff7f6540041225cf3486e380bc2e001a2359adcca0723fb8b80b349ff4b905dbb686c354783c4c68d4a
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDiANyCa:wwshK8yMexbW9vJVDiANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709133566444384"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exeidentity_helper.exe

pid	Process
4204	msedge.exe
4204	msedge.exe
3928	msedge.exe
3928	msedge.exe
2296	chrome.exe
2296	chrome.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
5460	chrome.exe
5460	chrome.exe
5460	chrome.exe
5460	chrome.exe
620	identity_helper.exe
620	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid	Process
3928	msedge.exe
3928	msedge.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
4936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 3928 wrote to memory of 3280	3928	msedge.exe	96
PID 3928 wrote to memory of 3280	3928	msedge.exe	96
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 5104	3928	msedge.exe	97
PID 3928 wrote to memory of 4204	3928	msedge.exe	98
PID 3928 wrote to memory of 4204	3928	msedge.exe	98
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99
PID 3928 wrote to memory of 4520	3928	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe
"C:\Users\Admin\AppData\Local\Temp\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85a446f8,0x7ffa85a44708,0x7ffa85a44718
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12761709472485141566,12951222589961463120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8328cc40,0x7ffa8328cc4c,0x7ffa8328cc58
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4840,i,16614444673517728742,14665647881305072400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f4e748c-dd1d-4baa-93c3-f81ef27b6463} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" gpu
    3⤵
    PID:2876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b431f427-2cd4-45ce-98d7-f5ffcda3d31b} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" socket
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3144 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45fe1c22-ae4c-476a-ac74-d570e9537810} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3460 -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3492 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b41f085-6098-4196-8698-734c11b2a5e6} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 3 -isForBrowser -prefsHandle 3644 -prefMapHandle 3652 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df35c08-3aa2-4b3a-9b21-ca8fd88de639} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3624 -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4ba96a-7300-442e-877e-84e7b3a94897} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab
    3⤵
    PID:5452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ac9ed3753f6114f1a7ed539fabd824b7

SHA1
5e4c3acfb9656a98cb557217a5b2199b140c91bd

SHA256
9664e20854bd76eb82d93080fb2c4c90698bc5dddd2efdf053f0e1b30c6d7248

SHA512
caad7d002d41b696fd71e3553c3b0c35a59dc5339e749244a17ecb8f82d26a2e4d50615df97d5f797bb237d53cc109b1da67373da34d5584c8f16f3e68fa02c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0ace6e1e8db086ab2829e32cc719b7e5

SHA1
c3bcc6242bba002aa4c39378a76e14b46067bfa3

SHA256
3aedcc7d5c485c3770bd70541fc7835108a9c279b9ecdba5c8c5c1298fc58682

SHA512
2924896d9e02b82d0222d8b5e50db863581fee06cc303db2d32280a48a2619d0796dfb0c2f4e340e67a4003af073287a2ff117727690e63600c16e1f724e994a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b057974c9f84796b02a7ff7b940405d0

SHA1
65f38c6c5f8443ef3871f14ac8259fbfb0c99ebc

SHA256
1f3d9c0b444a989cacb50946de32e2df1f0bf87e8ed07188f34bdd97ce49783a

SHA512
31d4b357d114a59a78bfa9ea169ea167d507542d2da350a5fca1c060c9701d36b6221cfbfaa25f62e37ee343f7c3fd57d5da235b8b73cde20ce5ec8c6c16647b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
42b1bfb872794ce27230739cf5e4cacf

SHA1
d2382cfdea42b6a479c6aeb4ca0d40c15836829d

SHA256
f2d4ab7416f948c9f2a8cb04f388e91473cc6f629e915a8d7e8b48833282ee85

SHA512
1c68d9dcdf68574248e69d8a93c5ba824b9693318fe506d867182a063b19087bb8a23aa4d52daaeba66798b20f9b51265847943e252b6df0ddb2ec37593b415b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06a87e529495f658f1e6704610cabb59

SHA1
c15a8fb1f7bbd58d09e0e807a1c92cfe8c41b37a

SHA256
a6b01906dbb2abd88c1b60a86b35a87e60617c4c9312e1eb3e21ecdd7016b6f2

SHA512
2e9c57a37e849e14fd2c54eb395b5796d18ef5d61c261bc15d7071aeddb41becc17e1b1a1b8a2c5facb36b4978ea016a6d379a6b53355abe5bc858f402c894df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
723d57f6d9c1ed5dd629c888da7b1d67

SHA1
9a0f4d95862ab9610d452f40925b945538f96969

SHA256
0a2b2fefe7680288816a307d3eb129c17bf49fa6cd060900864ce9ceecbd855d

SHA512
9062ab910244a4e657ac6b819a84ff6cd7f95db4563b73a2883f26a48a06882cbd8d6c2bc620c7428f0f5cc48d29348ad1e80576414bc32c1d58736eeef933dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16d9705dfe65b7d00c99d160b5b8472c

SHA1
bc2068c49d62e656ab334002659d0952117cbd98

SHA256
d328136c1198e59423321a0229f9b69506254954b9425bbec35425feb53290cf

SHA512
fea8214b151d212104fe5e77475e0598f5cc96df2cff2ed4df1830a8f1f251b8d018772fb4249db2a35ce4755b9b7eefd0adc169e90ff9b0ecc2577e0c82d442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
280a39dbab6b85646d5412f5c261b973

SHA1
b94aed1189e807e60a38133cfa3e5b3b2f166829

SHA256
a1d2ae5db3a278445f14038840e6a6c44f05b2f23415d342db44eada7658dc49

SHA512
e74aba4e2d90d4b2a9a97cea37a5e2a006cd1fd9600925d809717e63eb15167ae7b1e37ddf057b10fc7e8fe5afc165e9ef2612eb8cdead902e6a55a892492de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8623aa41b72e0fb66f46309b369110a

SHA1
6f7b92d5db15f41955c5a7b6855f5b7634e6b963

SHA256
25d0390a91ee3e6228c48ab96464539eddf4e7ca759258db0dbea90dab7b8c7f

SHA512
1f60973ae59783bdf382786f630443d768a8a1c8a120548e222f9f06885cd898eedc24fbc3889845ab7f87f317bca43a246de42721fa2603abdca60cee932f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48dfc8e1b57d0e4dabfcf6d438f2d706

SHA1
fed38a4f686d0495f676d26394246506969a98ad

SHA256
14b81a661447948bbc66b77eb11c03f5786fe16dfb3f4cf99c2045561045a31e

SHA512
e16464f7c365377f410c2f4d369d0eb116febed1b197c23f0eca7fc3a885d6370a45a685343e0aff9924a1efa4351451c4262d4053fa7bb708fa207e1e34ea81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbcb826c82633f0185436e6473a13425

SHA1
d1d7230c4df0946870b4075abb676e945151368a

SHA256
cecf1cf88a137d4f2ecc024b7a67f750c9984a0f4cf961d7e0263096d4255209

SHA512
955e220023840d8aacd37a616ccd1372bd3d9e7f8f9e040aba2f10cd3248aab16f495ab08cba071b2fe38caccb176f917afd1674442d42a15a14b609dbd00786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d80ffbf9dede0eb301f67738234c5f0a

SHA1
b9e8000992d9785fc0fe496ed5d28b4f68583fa4

SHA256
123b3c3ee730a7b62bdf6603d69bc970d598b87badc6834325810adc975cf373

SHA512
fcdd250b7b133f4a411e4a9648f1ff620c1d4b9202fb2d4c0a031c476fb6d0cf357db866d18a87717164ad467605171a18a23f34df8491cf1c482aae105407c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b316107f1cbbcd0b192b99067d325f43

SHA1
c65b9692a40d9abe70c0c87dd28c647c35059ebb

SHA256
3f1944fc0b838ff71cefff901c7e0669cbd40f5ce2ba4682e054faf60c43cb9f

SHA512
6890879212ee25fd1e0017fc3ea47842cd70ac3342d9de5629a0fc00bcbdcd5c18cb3806168cc9bd83b03c5cbc2c798869e254bf309141817351b54b8112bb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a2db97fd4a532bbb24afd3ca7a0d056

SHA1
d811fddad0ed40e5f521cb201388786126b7477c

SHA256
e9469665b503265b6888e27a59d299b20ea36fadd4320f563209497bbd97beb7

SHA512
0b8ebb258484a8e4e3b2e2dcd00df3f9e1e027f260840dad9e571c96e78c51d9ebc0e34d00ed4356b88af731859a29b527208b06d049d64314fc38c25b0d36ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31d4936330d72b7a9ec730c9fc9ee40a

SHA1
45af2c5c2183da878e9f05a9a8bbddc4e5ff2eed

SHA256
5c6293376d7bc3670850131985eecd7585638d8811ee7503e0efd76f0a2c713d

SHA512
9eaf3d3efa30c5bdd98fd985e6574e2c74110c47b6e8aced32cfddaffd40b3f10413c3ebe1a97f8342d929fd347fb0360957d396197a0e0d000b705643bf16d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
636bb325ef5eb02ca9e7f96b083c042c

SHA1
a68a6c5b41a587f5f25f2646bafcd434ab63acda

SHA256
7fc9204f4478f13d47211bee9b4f9c247a2501a59d54b76a166ea9d599a38928

SHA512
53cb5ea36a12358edc86fd93e168782d31e1b44b2e02b5ab09173ae664a99cd20491a5217e29af18d687c284d43e12906d4ef536e438b4fa9c8f3d47b74dd915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0628b383918161b4eef22ece9fa99294

SHA1
aa698df7333394058b593fbc9882a762cc946b1e

SHA256
545807303e6782e6017377dd926b268025dab607d116ba1f7385e581b15c57d7

SHA512
03caea719a6d66224a32de32681f4925a0c96c8e2d3eff1bb2c485eff984ff3f2b702798d2fd54ef517ff86d86c8083bc3590a66053dd0425f706562e0e16cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29a83be4f61d5c9ac18d93d3f22c683f

SHA1
83cd4d20c219fa0a9055f3cf22f2bf585bebbbad

SHA256
27d113997bdbbaf5103a891dbca3d92eef39193e99ba2265a562d0dc6c326a70

SHA512
f7e96a2c2368488b5ffdcce624ed178fe8917c29f58587f6768b08d167f91f9e4fbc91f1def57f1c42ba1229c85b7cc29a273a206b7264c7db4199db47273c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7478d67a9a676628faaca396f1440158

SHA1
4ad9e76d7c360804c58abc875d659a98313b4a1c

SHA256
5f6fbf27a6e22f054414f7493fe3ae2b84a305818efac0ac23b7730bb1951e50

SHA512
123a83d1cf606027f61c965163485c95bba9cb354d8da47d41b22c9682d05f4e38df546a5feeb1e9b2c2a67eea60b2d1c51d92acfd1b12c264f2b63120141f49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e90068266c20c30983ada95ad696a14e

SHA1
722eb2c98167aa0d71797778fdb658941ba16dab

SHA256
0107b94b76434ff329453f637b021067e8a979fa5b2719789ee66b8b85ec54a3

SHA512
5e2c18c7a63648431ef5dacab66d0cf9df8dca413b8ee22cd6a894cceea28634b5688ca7003a3a7a90049f5c43ee75817168e05a1ed4e46a3f5fa1ca865bd32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5b8c91f6003b48072eca29d5fb9621b

SHA1
d90e3bd23208e9f513faab1c39b7004477869906

SHA256
16b3b61dbe9e4850278e655f4ccd391c2656c3ba7756b84a1b51f06858c1e49c

SHA512
cb94a06ef15ea7f9b2bca56c3098cf8888ea4f734c9ff3c61ce3aa36da469693f5f3c037c50d46525831ea78597c45da4145af568eb3926e29e306e866d092ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07bdbec00b510322e7e1a74ce28ab835

SHA1
d2aa5566be871dcf66454c1e23aa7a4ddb1bcf1b

SHA256
f9fc6c4c52f3a8ae2eb6b6480bb573cc8c111002eeb90e66d3eaa35847c45f8f

SHA512
38eb3460d0ddf95f6a6420d204229b7be28cf471b49028466d58073a54d747b7ffad2c9a4e4b63f03f0f5c05ae11ba8f6fa332135c5ed37179bc2e430641d0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c2d21929649bb232c9ef8994e7a9401

SHA1
ae9bfd6ab300e3efb258e4c2e670ad3558e4800d

SHA256
7c415c801526fa300a55f7fe1ae282bf0e318734622ec958ac02bb2f45b71288

SHA512
b93045b5d5febe625439f61ee173e0b2216999577a4dfd380781388f96c195ece2b79fd7c2bb4e75dcc5e8f12956c8851036e4ac2948573cb939da9d11053e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42b0e49ddf6bb69ac6bfdb95810b42c7

SHA1
0f4119a3e75bf0c928d33815afd695cb715c7677

SHA256
8cc430b0e3fba7fe9c36d46a9bb36b2dea57760b189e737b65874272564032e7

SHA512
292af2034ab1eb980cd205a3dde584f298e35d0464c2e5fd4ce262a5c7cd1381c7cb61d8dd1eb9c3d3a3e8f9600ca221d716c8e384bbf05e2a64c8bb57343aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a77094948bf159438dcea68e34a1fa8b

SHA1
52950e15a70e4abf3f4e202621088fdd0a2812cf

SHA256
4e3bb977064f5240113700d76dea6afa2fa297a4d6242ccdf46f9aa3cb1388e4

SHA512
628cd9c766ec217d5101df0842bf803eee6034efda93d0166db7366c7a14cff5611f6f1fedf0b42f5b0aed114ca613309f4e9b400fb779f32eda768933cf73e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4748abde4cf501394fabd540182d759

SHA1
db68c3a292f7efcd77d2b8d0704c3c25b347158b

SHA256
607cfaa3b05f7271d727ae83dff31642e25e6d17b7520ebdc3ae52e7d53ca7a3

SHA512
f2c11a3b63efbb33eac5e9369fd4a1e564c3ea975dcce2df2abf37f1bf69b692f85ec652e5fbce38a6d6c681e399a1fb9248685816129abb2b4b64e4ea8ab522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c9902ae80d900d2c5de0263f512ea09

SHA1
f8761b1af36ed75bf2c4a1cf7673d30dddcd0b9f

SHA256
ecbf839af6db71d3a39698144d0d9bc88c22be29b4b7ebc0b30066456ad6a765

SHA512
141bc4ce83b2e346b617a5b065ced3e7916c0c3ce09ff3cb0fcfb76db35cdeed5119ecac9bc1c98260d292cfbb965182bfa55b933091904902eb91899997787e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbac7420ec8cfc5c5c7ab6efa3be77cb

SHA1
883d2d3ca03a69da03b8a9b7a59913f532935215

SHA256
611baa7ead4b64a21153fd709bc7d8381f10f2d040ca6170b54cbceb35530bbf

SHA512
c7e6f9aa8a5571526633e349a351d16e55c707cb520da2e944be6a08f6b8825225e2912b8a9749a2cb3367659009e251cc99821bf24e5b3cab18761f33662ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f89f7fa1073f18edd882fc3edd60b15

SHA1
8ab96aa532e97b44ca124d77c3eb96f6e049ba37

SHA256
f70904da9cd549406e4943ed5e2b826f2a10b8ba57aa47ea33a60f75b3200347

SHA512
c426249358ac13ce3a8fb81c70b3878f52e8bd30e2f99f1faade7b252bc69ce9bfc1bd018545e9f1fb2ae9140e25c4ece2cd71a0b76e5bce13a7b7daeceecbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7611aef8e9968a8eac864d5595aed1c7

SHA1
0d8ca454aa4a01b25f910ce5830a856fa04f13f4

SHA256
8546140e9b41ec8b7a0bd32a67752a24bb1dd7d228d3fb9ed63fa8989363cae9

SHA512
307adfafdd19c575488ee4d0cbf1ecd287b961fc621ac4aef656cd398d6222e1426d07ca1147ebce650016c77889213c81fe0ba4666b6ca93c3265ff930dc167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
f4ab29f63931fc5c801a2a90e8b10150

SHA1
a1ee3ae8504eec87815b8f36218ff71eb658cfbd

SHA256
66ad0ce9866314b992d5491c254cc62be3e15240d609ab4c96d614c322c68367

SHA512
b5939a6c48b715e1f4033c663c77815d9e0f218ea98062ec09bb9e8f1e6bfe46c0839e8f326671ee400bf18d96f09fd2a2db3433bc0e51c51b66a98f721a09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
c336cf5023fe558e50d07d046744821c

SHA1
652b883eb41581e1e00b0f77681dd4f1519b8158

SHA256
89b9ca8d0e7b8cfbf7745198cb91be84c9ed8d39c8c974524d1112aa7f12776b

SHA512
aa0385ff43dcf0b522005b7aeba6b87bb1043b98c9127f560717c6a8e62882bb8c2b229d0fa26aa94db69416b76bf5b3dbd580f346573e0fbd3a3822a7444793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd4860e325f092067198b449e5fefa2

SHA1
1705173b7f87671edb7afef4b4f5c3ca4b5be908

SHA256
30d2a260a531f476ebb754b8deca55b560f3d9a9f1d0c6d6433d54a71327c6d1

SHA512
8821207e825118667332ac63f9742d89c03c178cb74d77076709902381a9966dadf709b660995454bffed7ad29dcdcce1c3bf7b8b4edad8f374a325b0235ce97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abecbce36f27f484cada3559846321ec

SHA1
b7c8210e3f9cdd3db0a4de1ba5f28138c5e19c3c

SHA256
f7f57cd4bd27a502e06104dafb82061b15e1b2fa7edc7b8823eb54f7d7d2c4f9

SHA512
a30686a33e3814b3fe56324851dbea3ea0b5b4ba2ae302c4834896b1c061d40f564eb1ac882308fbabcdd9549f7418292252b11ab97ee680faed8a225fce5206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95986de743cd59eb253a4e7634b5e1e0

SHA1
62ac205ae67a6213615e5efc50b0bfceb9346709

SHA256
475aad22172ecec926003c43e21ac750c083658a27d74505d75346ead10db677

SHA512
e90d8431f7cd8811764983f2312b1ba4ecad15b6a0d91874d4d88eba25ac17223337c9f156ad1ead500a37972c151be2cb507a063bc2f107119b7375f5bd755d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
b778dd6eec845013d5f255bb76761e83

SHA1
45bb4ae1bfe387998eef7575e55e65e12e1b8199

SHA256
26b27b733ee05c8c4f9e10265622d34d29fb9eb3e665becb2a415296af91906f

SHA512
8dbc0dccf6d681822105002b4c875b3639c80942b6bbb252d9e8b4a52496db5fb588d323731d8c63b1cbbe36416a57d265bb1ad0de5325b073b3240979475a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\bookmarkbackups\bookmarks-2024-09-15_11_wUK5TEQYvTGYbASR1WCBIQ==.jsonlz4

Filesize
1005B

MD5
30a638f369cb0fbd95846ab9dfe99a6c

SHA1
186d7655cd86bc89362d38e2c4e82c3d8799c0bd

SHA256
24cd27348053b701020e7c4f3423cb6660f4b78cab4cfd7a6165558e660a3d2b

SHA512
e8486811137d2b99077e4c388a699df88c11a03e54c441845bb241b2ce0673be2098e2e39d0308c4ac89ad3e158ff48fd0b953ba8e46a08ee37833fea011500a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
be90242c9f9c7074d6ea4a86ae8eac47

SHA1
7fc5b3f4c03863cc73e784537a267addd191d786

SHA256
4c9391550b1b9dd194cd9d3b7c821588f9d9be68afb20b3202dd2eb63f751461

SHA512
ab6a3dfa8c6b5523338ea006ccd2ba23fcdab485c22452f81f0b2c55489650c8e4ef8a081050fdc384043e9c15900ca3c0dc6dca812f84e4db2ace3c25ef1c1a

Download Submit
\??\pipe\LOCAL\crashpad_3928_OAQJIIBURROYBVYL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit