2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
600s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe
Size

55KB
MD5

6844edfec32e4323ecfedc458f7d3b86
SHA1

465d756d89a18d40a2721e74d99b4df8dc9438a8
SHA256

2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc
SHA512

94b2fea769586a0216466f2474f1a1c61d81f10b2bba79c5e7c3f18c3126302a8cff680ef71421fa91d3a70ac3fb37fea44ceeb6800cb83e0515068647356b95
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDhVANyCa:wwshK8yMexbW9vJVD/ANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709133630089073"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exeidentity_helper.exe

pid	Process
4344	msedge.exe
4344	msedge.exe
4668	msedge.exe
4668	msedge.exe
1628	chrome.exe
1628	chrome.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
5260	identity_helper.exe
5260	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid	Process
4668	msedge.exe
4668	msedge.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
1264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4668 wrote to memory of 5024	4668	msedge.exe	96
PID 4668 wrote to memory of 5024	4668	msedge.exe	96
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4244	4668	msedge.exe	97
PID 4668 wrote to memory of 4344	4668	msedge.exe	98
PID 4668 wrote to memory of 4344	4668	msedge.exe	98
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99
PID 4668 wrote to memory of 4032	4668	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe
"C:\Users\Admin\AppData\Local\Temp\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe864a46f8,0x7ffe864a4708,0x7ffe864a4718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8257446602654131788,6880446259119862359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe84afcc40,0x7ffe84afcc4c,0x7ffe84afcc58
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4168,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4824,i,17472683210534188572,9713600999320434641,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28981c9c-284b-4eb3-97fd-bb2f35c7fdb8} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" gpu
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b22cb22-aebb-41c0-81d9-0e39abea287e} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" socket
    3⤵
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 3104 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dacfe6d9-78f1-4542-98bd-f6eea6890a69} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" tab
    3⤵
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3472 -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {982f1b6d-179a-47cc-92ae-29ba2c0c1d21} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3616 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c69f1fe-f05e-4d04-9d2f-31239dafb8d8} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0962ff49-99dd-4162-841f-435de46c9113} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" tab
    3⤵
    PID:5380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0002040791da1b90146d7d27a422a9d1

SHA1
41070cf7d80ccd705b747e51f2faa4a5a1775de5

SHA256
94c80a2c35a5e545f954fed42c1000ac846f460d9a89c76bbbb5996e06c0bdf7

SHA512
4e6d6db147de8307dc094f20e2074db92e100a968c0bd2d8d98427c264598b19c00274086c89674cc663c90fc43e4f7e872cf4d2fa1bfa63ce0896a443da83b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\88caba38-fce2-4397-92c1-40bc57ab5472.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cad0d00bd3c501dc871f729e2076116b

SHA1
1bcf89894363b65358f6f7f2b980fa8122a4b9cd

SHA256
6c5e259ca0bb8bbda405a8fb8875e14068e96f083b15390a114184c19e24c653

SHA512
0dd2f27879c862bf48ba78ab53adaa6db8acb967cafc6906ca055dec47a2bf48f0675c680166cd44e51e22a4a97f0a51bcbacd662f6d0d20858f495f9d2bac39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4f33f09a39772a2cf31bca0f64644e74

SHA1
bf9916b842919614fb652cbb86b11898a5b55cc2

SHA256
cadd77b35c11d1977e64a49f7ef9d74968fbe5d1cdbb4c81ed77de56b484d97f

SHA512
f8f999ebf34eec913a7797a58c769bfa007d1c3c9218487ab5ce7452c804ee831f4acd0c6603f856538078f8646fff17323f1ee11c04a0a1778f90aad828804c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
abe280a620b314f2f8cc78b376b03646

SHA1
84dadb80958cb9dbc8954169eb156ba7b31a8bd4

SHA256
611ac7565c0aa04361cded6f0bff27ecd23f37e81df535472fb2cef13480554e

SHA512
cd7376d91c6a6b823a87bdbf68fd3940e02e0e03bfc1fbc55c05661215dfc582d4fa69a4a2bfd7dbab979ce46cf1fb0ba4b39336a1f7a8f0618335ae2f0ab065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef77a2211ba9f01c32f65f600aa3c78d

SHA1
992e27575eec88eebbc6aa3c0bbace1d79c30258

SHA256
4b279d2c7790726ef619d8150f8b842704aba166f6ee9b1171e4b8113f1ec6ba

SHA512
8573c50333eb1670da89a65906838a53aa48240e6b863478486b47cd7fe5c7679156029a2c743a4c9ac56a403315931c9f496a155def9855dbe19487c189c781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e217f99bb077328f369349eca21356f

SHA1
6d645f9c35c9a9a9301fbd2823d3a202d353dcff

SHA256
a97b42efa4e56ce33329f9679de045adda9e6064941a51875f88252a3e182ad7

SHA512
bf12f6f26cb440e04153c2f140902db5cdef084dd8d2b4ea6bd08498c6466dc28255f497759d1d944b4285e633e30886b5bd7587426015e6b84fcc38da93557c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
caeeeeb8b910482448ac35c2c3c75aec

SHA1
84439c0c30963d7503dc8e0af7a0a00f7f99c719

SHA256
b7284f10c7986d6faf62b20197bd16a703fb8015c22c18b98d86c862a6882c79

SHA512
bbd84b0560559a9332f4b074382e42781b1c01caf0b56b3b7aa57be6efa18df94004243428eae90d57cd0880852f6dcd89d86e83db736fdc9a2d6b3bbdb3fe26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee1985068bbeb2145b988e87e242c057

SHA1
59bd6753e4caf5eda71bf1b6cef110d303a73dc4

SHA256
e15275edc2c345af89d0cd1318d8488fcebcc640f78a8b176878ec2d395e2270

SHA512
ef99d770ea50299fd9c7c9faf48f487642e8361fbbc4bf64e67d2050851462beeddfcffab11fc602b83e8f6e98b8cdc1568036a802a1342bb4db37371587fff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bd1f3f3b2f1bd97e15cc1d79ae27f82

SHA1
e7ec8431f341712b1fdf6c973cde896bce21ba0f

SHA256
84862f9f677b05a1b94731b84ef55c5d8cf02993a5a16051f80e332a12731008

SHA512
04257a8eb1ef5c65fcc7ceaeed4d1dff41374e33a3f20e68b9f7a9dc1723ade786b6dcb18237c2242ef917ca41d77e78285cf1c49b1c21bd543a4cf6df5b87c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
640dfe8d9dbb3db927ff81f30f17d58a

SHA1
26d3b63b7fda347f8c9e89429a2e56fa4855bb30

SHA256
30506aeada2629d016c9fbdf96fddcabc3146bbdf9dab06097dd9356089d67e8

SHA512
8991645a98d4b27f526e2074d9087c500d6fbd420b1bce4792a467e70cc48cdc2683b59c2503e661e75bd177aef78d67d42a76f73fc25cd1ee06632b0bc18a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
634fe0556aee082c1ef83eb8916c2dd1

SHA1
b3abf66f9759848d0f049c5d04ce3458b764f886

SHA256
caf34d270f8308014a71a8bbb270849d7f4db8299e9906f30b38a67ae55ce5e7

SHA512
923b5f4dd6e1a50cc3f8a9c30a1c3b9f18a2e8e373a55d19dae78d7e206b22449be52764086e1f763522e0c79e25261e9de24a29e4dabae8eaf8972f6b52eb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31f8d8445093250639d36db61255a232

SHA1
80461b42c10647567818aae5b98e225a49df03dc

SHA256
d0781656368e31dabea6990ce0a1edd826ac3f14fffe24a0768fa78f717f2425

SHA512
ac472a7e45338099067608e46742a60b39f4db7f7f64262238dbf2730fe13fb0429ec8c61106ae9d42a9f9308cef08c636f80d5c4930c0d4d82bcca178d06c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8df9c8ec2c07f0d27f07ed58da3f232c

SHA1
b981b40b500c67bd58a46b4ca82610ca22301522

SHA256
034ad5991f3fc2aa5f1d12dafe426ecf63bc1b169dd83103cf59e1237e2bd2b0

SHA512
ec64a120ac4eb6076b794bb03ab03de45bc12084c8ba0b23343a60f89ca35b88b91df04b29e91e95c71495c5d593b810bbb16576b9eed4e4e33f201191d2bfef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14cdaa052d9b95b8dfb45a78ad9385f4

SHA1
7aea281a25cc6e1854f0e7ec4da2d0ad84095203

SHA256
d4144e339685095df475b736dd6eb67eeae1b6c3135723ca5324ff4c81506d99

SHA512
5ea32ba41214467d137ecd72480dad5105031180d3b602ee4a257bef7151508018925a149cec90a35d79c31bab9247157a38a4679e4a82400e420ecc66b94e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
961613748e78ffa7b97b7b99a156b22f

SHA1
4d568940606a39420e6f7e04c715f02b5f6d0ddb

SHA256
dccc357e6cb30decf2e80da3e1845923632267c093bfe3df04646d0d13114049

SHA512
ca3e62326a19bd3592b56d81df8893bbbb33ceb5d73a9fb9cceab03dec3e66af5ff8a39d96c4ceca63ae3610ef77d56b7ed00ab6b09e942289a57fbd07ba6bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98fa492896705e6d84c9dccaef97c1b7

SHA1
bb6971f0eda1bef216926d1384f85eb947c83aa4

SHA256
084b0b15fd135647613e2c54207a4505c4d279b9247bc72d5bc340554e3fe588

SHA512
1c47512861c94ca968d60cb2c9dd4d9a11eff3da9a756728eb7f1e9e95233e5e3ebd88e7a12623f5494387a8d160e74e526f248e245edb4d79394b4a773169a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77498fa0faaf417f2f75dbf7c3ae494c

SHA1
f0dd136368e87e4c504bf3d8c831cd15a17335aa

SHA256
d98fffa51deb1157c24140ecff68cf0bdc668bd2f45511ffbc302e61995ce954

SHA512
5ade5e84603bfd11004290aedceca02ca81041396d6ff167f4345cb70af1059d6328aaafd1ab0b2507e12415c58c9153c4b83e45b9fdb7c2596e03c36f762be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3065cdb941562a44b2cad07e89e289a7

SHA1
c940b9e037a11e481f02e05cc71d95a55dc1b1a0

SHA256
787db4dac95df96f2649a459c52b454c08a773e3742a4b45a028260d9472f355

SHA512
43d1a39edcd2c459f0c387522e3494f80b604ade9597e22b949bc7f876ebd97d75635d617b179c499855952eccf91dcab74bf65414c33c725e09310399b70666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
083d18138db9c6901e0f1243c345ab33

SHA1
809d63cd290af01ff4067a400c7c5b4f29ff3e6a

SHA256
1f6b7f2d241b6b92020f1fc3bb06282eed4ecb8e4b4feed5409c3061a01efdef

SHA512
1880c79cd5720bc81ecb67076f8bb78c99436de213caea58329f06ed9274a55a76376bb933131c246bdc22ef8b7db643127535979e5bd0b24c00bd59b2d813ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0faa5877d45bc2ad75add7382cfd3338

SHA1
7e726b35aef53657b2ad3fbb564389dabddf8e32

SHA256
41de671aa8c288c01fedfdf09039f0120fba4a307249d5458c938c80955e0e48

SHA512
b0d16fd07839cd8ea169ca7f3f4a2ab61890fa9aab63eeae510d1beaa131c0c32dc53bc576dbdbeb8919be085d6a7832dde9c7ea41546d950440e32cdccdbf09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b24345c2abd803567046f19e2e6a3908

SHA1
18b72ef6b40220d29e34b8affc7224fd4281ff9b

SHA256
d1cf86a0a6e36cd2dbb9188da1a224a11c024ad255110445bf6374980e4d8531

SHA512
319a37ec5d75f107b00242f5e5bf009f80367655d3981e067b65be481e54d34250170de339b8d64fc44ec4cfa5e18f7cbe1a39d0d6613ab2bbbde0873c09aee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b08de392aea0e4bab4676da6bdad519b

SHA1
15c1d5efb4c3f054bffdf33c006a23751c2d08c3

SHA256
76a24197aeea9be60f6d8794c430eec3df98529e04ac929a57692367b6afc008

SHA512
478dec34cbcb2349a9abef1c1dc2b8a415fae2a543bb96741f9f97754565271fa0c396c1ca70d62ab5f66d45357c4798512584f9e710b4ce24611d106180a770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24b1b9473705156b327cdebf4bc11566

SHA1
2fde672459ad5e9a12c8a80e22d1987536b83cf3

SHA256
63052fa509b6860ab31e37c7371b28c1f520a39bbe5e78ccd4e6015943b76dd9

SHA512
1587dc8c9ab0cc81fd295cef0fc97ffbc4044ea207b7c2e161ad72f06c80ffeab5749c240d04426b92721435b39ea960a2c504ee7e3027f5bbd694370baeba69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af88968c33d94b688456c1a5dc682696

SHA1
9e72bf449db98d13d638b68d5501260f0c9a4e75

SHA256
31dd70336202ee77b1c0210e5cb079aea0386c162a4def97034dc30aa66cd2c1

SHA512
00477c388373e7f9a162dec6ee205703148e665dff9cf42dd1dfd95af662ebbfaf9d9a6a99c489f9d175ee5e52041a4845de58305ea93713d15bb9048c946f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a46437779d7e61fb29796bc575c89e6

SHA1
449d056934a9dd53ba56d12db6a771482f78993f

SHA256
7e61954b9ce84524c1ae5794d3e14e0be63852704b24c5538b648d0ea066ad58

SHA512
04da93b8d22c7f9d3f4dd8f78de902007eb7ef266eb3b02f82f5b00bd702fcc35592c9932a448f23de69ec8f007d5b3a980b0b89d47133795c9d04b04796f69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e44d97f610c1a2559cca875c8a3ac6ea

SHA1
cb4a4d1484aff7e1449ed0ea4973b10083645c94

SHA256
02c38b711d1f2bf836ea565ee5056c16872fa44f4bc837ae319ddb1654387a1e

SHA512
de8c1f5171f2d552fdad881f962515658824502ccaef277353203de957e0072ea7db97a432ebc41dcdfebec5f21fadff1511c26c16bea7d6469e0a79c8d4987e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aba24c7f1023c840f7189f7867bac42

SHA1
0596e5cdcb97b3ee8948293eafd68612241fd984

SHA256
94f6016e06833ae994ece29ee441709bd3f319bb747c1407663aec7615efbbd9

SHA512
bca48ae450876aa7e390e988af267000448ef0fb871f7741a53ba195cca61e58210268d3e42a2d162df9a640bcb83ff51ac9d1b1a39339dfdf0f276e340f62be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9e2c26e29801f9e1a9c55c157f5ee24

SHA1
726c447bfaf9c253e16e4ccd822f0a181d6c7f41

SHA256
7081f8d3df00bd96de0c3d2f846d7b414110552a03bb9b89ade8fb14d5f6aa43

SHA512
b6d306dc02dc2528987359b7e9e20f7bf52a2c0041401e2a5982ab0054ac12264b910ef4dc3d7e831c0dfedbe75b76c3061923dc63664294ee99588c22788558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5de875ef139cfa573d58171d49d807e6

SHA1
b00ff1fb8b0c25ed6e1a44bc674f5918bebd09fb

SHA256
7e2446c9b2cd9100b13837ec3a3f03da804ec84abf7cdea141a31af6448ff462

SHA512
5a564053cb771181cc99a47582e3bdaa3c748eb9ef709315240ae7ae20003ab844b7326fb0e9fe9a6fea6ec71647c30967d8a223a8965830adb9c772e2c1b04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
c02e0e3f8eba037e3d9422f88a21edb2

SHA1
80481e1fa394cbefcbbbbb638bd769d09adcf38f

SHA256
dc66b34963c9cb4ae4b34b699e5bfe0e1470068a8deafc57b73d44b4137ae6a8

SHA512
cc86eb3c7577b1f67fa1590b03243363e950a7b67383ce03a457eb97db927cf8c98030514f41b7d13b1acbb68842f90ab021bf2a7e3045824c23758b2ea77b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
afc6120d14d2cabb372fd256f4cc3a79

SHA1
9e1d25b4571b2fe705c15965b45bcab8dc3c02d8

SHA256
9b399056d4396458ad2d6b805cc160d38fba641339dd16fb64b2a84fa9817ce9

SHA512
f78749b578287a97a584734de93d5c15e3a3ea130e9279dddc7bfe3a20de69478bdd7ab713b42f09f0c08a2d7326855fc71a7894f7d4b75034a3af995a5d6209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2fdfad4abfe0e1a208053417f8c0c5b

SHA1
e3aa3a56aff59604c203d6e1cfa311f93551d8ed

SHA256
502588f66979a6f33c63d199ed4b60206db8966233baa03375003ed798cbd4f1

SHA512
43fc8da723ea411a9b2fe8386f2fd55696a8ccb8b4d0feb68fbbe1300adf76361132f7c898fbdb357532982d2173238d45322633f39f1baed8c747eb7399fbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a14966888680f2e011c6bf7e3cd9a6b

SHA1
a20d47e9a4331a5d27b334bbb76bfef7de8fbb40

SHA256
2c075f91ba2dc0e9f0d6251a11c08fa0ea94b71befbe468839f842952ae0c39a

SHA512
ca8159d2746831f1c23401a2ffffb5e2188f5279ba0f3110abee8136cf13158f63deb5955e5dc19d6d36f207edd891d40692adc117251763f35a400541c40be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e750f2e0fbdb15b55a875a29d80830be

SHA1
56275871a01fa721cbed91ff77c935562ec0aeeb

SHA256
238d9e8596e6147cb167967f5ddd8c35d97850ccaa604e85905fe7bcd3cb8af6

SHA512
0f052b956fb622cc136d71a872999b4b1cb643b83307d55759e5de63afdec87b7e30530773acc090393b6533a42ee1244217aad1e15e28d56aa57120f48b6c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
2dfa8bd5127ffc093b5c0e2a0e5c3203

SHA1
39d5f81a312415106c5fe46d53a745225e7d178c

SHA256
aa6fc731e0f7853e08776d8e96cd2e7ea8ab2f1293a954733aee71cb5bfe77ba

SHA512
5c26e507cea7a2ba5367e77efea33250174fb567a4137f845e15e00e83c6fe6aacf029cc3321464545ff75d9f1bbfd14a7861bd89a396c23c3661c8267d3b818

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\bookmarkbackups\bookmarks-2024-09-15_11_ipkVOmAVKYJEoAlLFdzI+Q==.jsonlz4

Filesize
1017B

MD5
29f34fac9b0487c56be1a75b601cf1c7

SHA1
529b3f5ca67e7b46c319232b5d0c822c9804ee21

SHA256
4431c1aa4e338efde3a7081f8fd99ab6d3fe1df636a2888d5c83f4bc550e90d1

SHA512
e065fe45c17ca8495eff4489eaca305538808d1688ee45532dd03d81bc3f14d894f2a69fa8e881093e9dc8268cabf76196bf05796bbd5b619cf7d5853c694afe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
12KB

MD5
f4f42c3b24905c48fbc71873463f2eeb

SHA1
ff09a44fddb4c39543f202ebb7d3ff950bcd257d

SHA256
59d2c74738fbd0c7cd4b67ada40d4721c7595a27f484ded700a19e588315a596

SHA512
8209f4496ae481c7730b24a5a9d56d86e5d1a5ddc6023557f5b8111e0d7c7e63634e0a405f8a796e7763711eaac6c9549b9830cb129a03f1d9c7b440a43e9070

Download Submit
\??\pipe\LOCAL\crashpad_4668_QGOWUGGAIHJIXQRG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit