2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
599s
max time network
589s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe
Size

55KB
MD5

92d3194f6c3511b40def1b3c8f86e585
SHA1

e9aaee23127a796285e3e227e4d92e3cf572c529
SHA256

263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693
SHA512

b5b8963dcbb9a26c8b6bb013c4f554162fa911dc929649ad62a1631cc1dcbba2ac3be7168f94afd7515ec3561e32ddf3ab9122c13cdd19e37b13f2ade7e2f79f
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDLANyCa:wwshK8yMexbW9vJVDLANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709135441852834"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

msedge.exemsedge.exechrome.exeidentity_helper.exemsedge.exechrome.exe

pid	process
3592	msedge.exe
3592	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
2944	chrome.exe
2944	chrome.exe
5328	identity_helper.exe
5328	identity_helper.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid process

380 msedge.exe
380 msedge.exe
2944 chrome.exe
2944 chrome.exe
2944 chrome.exe
380 msedge.exe
380 msedge.exe
380 msedge.exe
380 msedge.exe
380 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

532 firefox.exe

pid	process
532	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 380 wrote to memory of 4308	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4308	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2840	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 3592	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 3592	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4112	380	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe
"C:\Users\Admin\AppData\Local\Temp\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x104,0x138,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9466996805119571920,16930657251916313976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffcc5c6cc40,0x7ffcc5c6cc4c,0x7ffcc5c6cc58
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5112,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,15926994700877298667,16520094519257016831,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {714424a0-7ca5-44ee-8fae-90f6573d2fd6} 532 "\\.\pipe\gecko-crash-server-pipe.532" gpu
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d03183-f863-4c10-83ee-939c2a711b0a} 532 "\\.\pipe\gecko-crash-server-pipe.532" socket
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c013683-244a-43fc-bff7-05b717566bd2} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -childID 2 -isForBrowser -prefsHandle 4276 -prefMapHandle 4272 -prefsLen 22631 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03385c99-ab32-493e-aa9b-8332ac27d7f6} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -childID 3 -isForBrowser -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 22631 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d6d167-5424-475a-9358-0110e97a4cbc} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -childID 4 -isForBrowser -prefsHandle 4536 -prefMapHandle 4524 -prefsLen 22631 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb24e0f8-733c-44bf-aa02-9ad783b94d83} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
    3⤵
    PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:5304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bbe0007bab6b9d51e17f6ede19884edf

SHA1
cc5a883039b05e9e823a01377ba91ff855ae3a98

SHA256
7ebbaa6f3f2828c240edb92ecb0ecbb42dbc2a8a9f81b3ec7a3b15e4fc8027ed

SHA512
d7cd853defa0e002ab4b4f903f948214b6b7d030ef98797693c963f03f67dcfa2a8e1c015a6074848601336682f45ffb29b1a89ca30cede9b94de363589d0e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b14e93b3aac5b8498c3b694009bd4f4c

SHA1
d23902eb761ab4da8a17d4c332d028090d36c50d

SHA256
f888fbabb30d0e7e503a1ef5ff179c022818707caf18217bceb6ea139dc33f41

SHA512
e827ab6cabfee4b15cadee89a5b21676325c17d8118c68fdd825b6e76ce20451c5133593ca5eb6c2d45363071392d9e526982e2d3144773cd14b01a7cf752c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c7e04865da036cfad6baece62c8fc5e6

SHA1
a98e17721df3ea6c29e7d6cfe47407843a45b81c

SHA256
ca246c2e48e391423f502754432305f43e95cf3dcbf425d1053284edc16ed5ca

SHA512
5d0570b45ef5f9e4bb620c8d338c12e562f80e93be9a668131e7a47ed9d91db55b84a9424fd15c979fb94c81485f0258b72591c2c8aa009907d1a6fec0d9929e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad62ce378f440727c1e7b2c1b3528656

SHA1
a42b696fe5235d5780b1a7a0c8834be1b2b2ef73

SHA256
fe91a34073b0010a4b54487c0b36dcf48427a43e9327b30ba448aafef799a088

SHA512
ecefdbfb14295014cef3e9809528f9362194b56bc28d0323f578cc24aad020eaca7fd250408681bbf0b07057f9df53547e4134942cf642cdd2d9c43424c6d6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7bee964457efb39d4af7031d0aeae4b7

SHA1
11f27e9f366e7b87ccea9dcc41730cb4f9623d7f

SHA256
01dc20088ec7a381268a4fa9b089f2a31c8a35482be9b51f80a5e8eb3a8fdd1e

SHA512
650d2bf29015f5563bb7ceb571042ca7c69a33bada7f70474e7a3a62732a02159eb8adec7654dc4bd88e023603439085714e05db570117e7006ac96918fed33e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0de2bea37cb08b2eecb99b939d2bc2ec

SHA1
d107e78dc795f912d40e1ffd56bc15ade894308e

SHA256
0aa87ae67cddfdf1132945596836b1f58683f02ce55d7c4ac60ae8a5adbe283c

SHA512
a59806fe119d31ad5058e8f1bd22febce57218d607225f712d30f1aa18cdf490cc8fdda968b59e9230ac5e4a95a9548e93cc392bf2c67d792a4e46e82a261862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19cb4b3fa9ac6d32912e2ddfc4b14772

SHA1
22b8905953fa9a938dade2f0a080a436297af7c7

SHA256
a99f722380b3d79497c4ba31b7fe72188913bc636b9c9ea3b1244bac6b339243

SHA512
f739308350e70c294c6beb0cec385a6f59322639a87274f2351fc325f6fe2385f880135c7535d59cae0e1ec3b6dbbbcf7759adc25ad03bded7c11f6b3852d935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6b852a096492effbe23bf3f00b46d67

SHA1
102c1d1c3f8d79d875a4515035b2679cd1046d8b

SHA256
60064d3863de007aa50ec9984475eb88dd4d8ab7021910bf1cfef47d24dea869

SHA512
0ca9fe14a8892674bc8bfaf3081a9971d5c7e0ba1b85d7e0d49e52547157df50331c1d0c1c4355472e84491b90ada513989ba88595f7ec72dd06fd34bb0775fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aed3ffaf5b06be8c7cba400bc4ad032a

SHA1
0ddb8610e983716a00bcae5197de04d13322f20b

SHA256
dcf56dc70852ff844d2a98a98ef5fca7e7d3d6ebb32107cdc3fa6cd414bccfbb

SHA512
2a05914198cb3ba6a94358525955d7156b5fa4b44bf629596fa8428771ccb4800076a7201895bd2d40d82519d033563e60f6df5e81b0aedfb3ee80a3e168b0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a59090bc1ff98c8f8fc96bb01340753

SHA1
d1da6d40193520b69830d4bf791890900d457d59

SHA256
dfa8cc6c0ea26d2f9818c9fc5effa91c2fb1f013e96ae2c0fb9b4b785d9d06eb

SHA512
c08ecfe485da36032097a642112da04c7d047b8d795a632704c1980cd6ddc231bb6fc4849859e1cd58135c8f0cf5e6af9ded33abfef0d51326c922516ac7d041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffbd48ff89f31969fcafb8b1c6ae3d41

SHA1
e6370ab125f98f1603785954fe89cc91c460786e

SHA256
69ebcfd0ea06a01b5a78dc127519f4b3fd64132893f4b9743f542ce601d41198

SHA512
662280122f061d86b6ff21a8e7f135f3d1694f1cd3364fe47ff9fc9c9599c41b610bc3838be85211c8aab57573ee50b22dc508b5c51506e5d9ce09206db5f83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
248012c2136ad09a39d025e4a30d2f66

SHA1
9a50c88e073c5b658a178177cc935337aa510c82

SHA256
f274923178b72f3a237951318dee30a1c8d60c8631e70a14fe935e076468b9ee

SHA512
7a6f57899101b8ed91a99806c700d066a24c793f83ff01ddc486051ca55efc772a9de8f1d6d06d0885efe2085d502527a4998de6b0bc019be35779dbe5859afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88cb6470ba6947b6e021a9de80a509ce

SHA1
95dfe9d3011cb5a3d8da7ef26e509dbde2452eb0

SHA256
caa70c9998fbc7e759d59385fd077217a152829e1f10b8111ac9dccdc3ce87fb

SHA512
84ad9214d441c5bae86351556642a649b956978336a3360707de7a736bb4da78064eb4612608ff7ca0bb0e1326f65713779d845ec438a6cffac69ebbcf41dcdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f3330541fb0d777b4145e3d1188f0c0

SHA1
422bfd02d3eb8464f428de27adea2bea86812f07

SHA256
bee6571c8037d57fe80669495a1b9d02659e4e8a90edfe5c0f04738ff347ef20

SHA512
fadba7e93911b0e26778c9c26a76fb4de377331c67600a04ab981692c0410a62ec3664308249ff98f246bc0a4330f6e032ac03f99f2ed6f5573fb30a896fc8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f50e3c189a4af972a2f5431934c4c8b

SHA1
aa28ab9f3121e7f81939f9cb0f9f3b46c95ec337

SHA256
a901c4849ec8a2b9a879b45c5a4ea58359d1582ea51e4a612abc76992727f884

SHA512
14367448d7e7bf1cce42ef7cc3564727b17d0d3b6fbed0fd2bae67d35ff6b18d971d8f979e0d589dd47cbdf6a6b46fe6c822792813747499dcd68e543e914769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a860c3e011437681c449bdb8db47545

SHA1
0b6182775bb326a384f093017624b360f22d37ae

SHA256
a5daa99c3a1619e52950283b54ca270cdc033a0c3201117ccd9f7189de4d35f2

SHA512
5b2904a803630e4c143e047668c854fa0b69b31323bb74dfcaf51594271290773505009e52dcd5308b4e37a0b21743e4a1e5f8aa83468ef054f7e70f6430c0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
164d44f4048d3c27454898bd128dafe2

SHA1
387ffa9ef70ce0ee5d8c24507a2c33be2d02dd60

SHA256
75670380c015da99b8c21259405826248827a8acae4fe9d48e6ef0b212bbd6e1

SHA512
071ecb0b6795dbb2e863738546319046a02d2058c4fefa0c675a6ab98714f57e5627826d5131d1a675da72c7979d6657ca7fc91f4a10e30f683e5a0254eeb277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a32880d30bf937abfeaaca845391cfa

SHA1
5abcdb0050cea3e71492ddfb21d468efae1b76c3

SHA256
222a53792b4d4c77716fb34fa6b35f29245c14db875150f24d5877d8ca83d332

SHA512
8df7604d379fc280a44e80c49ead125f97d5354e73c57a0592ea70b7885408c61b652baef84544a61b0b8835d68c12ea6800437bca07758fa6d28660631afeca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70d20a01efed8dcdae730296d6f3392a

SHA1
a37884ffdbf14df3b4f7914fdd19bc9309c14994

SHA256
a6dc2ac3c08ce7831c6f8c0b4fc7141dbd94e1f27e9ec6633ce78cdc517bda24

SHA512
1ec65e2c654846ba52f9283c40adb85c24b3fd56eaecc448ec2552b2f7b66e263c980303c586fa903c430a9dfc6897512ad3baebf74be7a8cd423cb79f43e833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
889ed18da778353de5489a8aa32355fe

SHA1
860326dfefdcb07f0b6642d765be5e82bcd9eb61

SHA256
3bfe3afd2f63d16466bf14b227f62ac1598ae9eaf8e09d37541a24245638e901

SHA512
16f36ab3773c6dfc4dd1dd47e04d99c28b8471bfd83b4fe5d7a94ecc8cddfe7e2f1d4d638551480e138996e6cc0d18704c060f45549c8891269728c8603b698d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39a248d1b5e2201ee25190f8ae7682ce

SHA1
46d11675ae708c10f163a10e94dff80e51499dab

SHA256
9f74e38b35e01d20866f8aeff5b3d1e7a2c79bda1b75e5d65682ab9748e8c6fb

SHA512
e83a3bf92a8f575a738920cd719a1a0beb8a91d78689b95a3ef242bcdad7662dff620b902d12bcdf1bc244dd809a136c777cfa04f612f57efef6560eb94714d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
632b50157e1363a2c449d13f60d3426b

SHA1
7084bf37e91f488a32f8221acf6a3f6755daefb9

SHA256
8665dbff387009e32723f5b0ee7c554a9373a9d7e29cc7f16353fd14f55760f8

SHA512
fbb3d6600af9907e0429323dd21c720f12c2e90c3925889c2b5f2ea617726722f9838d03b5c9e5b19f7b60ba3cc2b441a944655d0f06dcb6936e5cd7a6874f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aad7b86079bbe1791ae1f715353ad73b

SHA1
bc08c925ec4e9cde4f626e3f83614d2b20af7d41

SHA256
f1c089c801a4af869a83bc3a643b452c4e84fc1f9eeeea1999f217bda9bc188b

SHA512
dcba57a96975be74c541d2549c38147cb8ead789adaad0816cd2bb009a575c4e6ecca89e5c88ccd4effa3c91f7ec740639fd399efa0512d4c74932fbe92cace1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf0d311bd5d28ca11017ab6b6853d4d8

SHA1
0366124b6007c94975bda0e3e4d3e7686b204113

SHA256
93eade7b2fbd66529534ee12657553aee4a5d8452f50e456b16b997b802b8359

SHA512
704fced7f4c22c24864c22d1c4283ecdf8d2c7f88f9526c7a500632a112159f9a742991d78889a3443f4bcac0623d05d36de523e8349625cac46069820306886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36b7414ddb3bbb1fa2f9703dee47b11b

SHA1
e8d121653e09dfe960d54ebe8f8ee25eb7693cda

SHA256
88e5501cba95d6c010b414afdbc3be725f11efd057a2dff2de5645fdcf3b21fa

SHA512
783bff2025ec74e11d6a62922275c7703c1ac4f3009c6ec56f88f67623437d4da4b311e806f25ea780fbf5c00d1297d704d21d75312720910578007a6d220923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bcdf1c75743372b7a6db6e9053d2882

SHA1
edd2c5050e019abe7f8d41e7e9e245a619949575

SHA256
41769b24737025ad05d7ee22a9b26bd4c856790c65da631bbcaaa61ee4b7ede3

SHA512
7928e859e27e71dd4659357e8164a2b4b8204f80a86457fc02428e18c82641e46ef91a2c32df6b2aa2418ea4cd90c38dd8c34ed806252a5f1fa86594019b2d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
168deff04c01003197a4c862a0fde1c0

SHA1
22bd45153a1b791d928c40fca196d9a891e7537c

SHA256
911359e6628d1a452a82094fc77e561cb940b8d6d8a6cc321ce215e619a3529d

SHA512
b80b3c3016c95cb9ff2804f449546315012245ef9848c1d6150d7225236ae88efc96c73eb0122fadec86484d8f97d8ee45e603e4470b732e7cc12b2a8a1b10e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e55e8aafea7d3649ea9cff4fdcdf6fad

SHA1
bb802ff4ea3977746885f0eacf349e6157d6bff5

SHA256
368f98c978d61e5517a7cc94d02ca78b897a151ce4ed817f34112869641c4d7b

SHA512
6885889081370532eeaa86f323fa3a421e87832fa1ec2e3d56773cead1ea4bbd399f0f042e232e62b1e5a8b9698ecb34774bfa4aa68d3e08adc3c95a66ca9d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f219d5ec27f6f0ccaa7e4e0e06dbdf89

SHA1
b02c7dafade997080e68836aeaa5784b104c5e18

SHA256
2db00eaee2475b6b20fe2b6e9f54a957103d6c30017c5d4c9925a61cba420e2f

SHA512
b2b70c4f2005ab8dacc8167e1106a45657455d11bf3d472a96e7bc3e6237902624cf0328ba1d6249869b6f6f43aef2d95e9a3a180d79c0f6ef910bc55d566800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
70f9c9592b5eccc1ee01842dd534000f

SHA1
61059449f8aa7a74ff60aa21eff6f15d206c50f9

SHA256
fb7a507290a5c07e2e80b6c13ed793d3cd151ff2b3dc234ff2cd178e36337a64

SHA512
71ac3c83b14873d9175bbff2aa65b606b13f1dee555fb8620c8ba223d39b1626dfc8e6eff187050aa7ab1d6d73e5c91c6d936e8d9e038017e9b083bfad7c800b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e9e79e367568fc543582d5f33dca3e2b

SHA1
4c21d65fe86866b99897a13550facd0e9f287714

SHA256
3d4a0efdd3304d15d39edf6e152840a78504312af13dd06ad960d81906982400

SHA512
8378d6c70b5546d4ec9d8fb1e3114d799b0abfb7d57c372d421dc5724b87a8ee9a2710ef7dba02ad496229fdbe74f01cb6dd9e3f7c1b35656b4be08aa7f80beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
1047ca4026e4c005c9ae6caf183b272c

SHA1
7845abbee55a0c334fecf929a403541309a21a56

SHA256
0696ff0c5cc6a743fcdb4b585f823103d33e63a3697adf6f3df204c27d20d64e

SHA512
179b00a9ed113ddcdf8817ae03fe4c638b236133135c091918f4c6b62be403d0111c9b64c7026140f979cff0b8be2dfb67fbf3d39386278bbe094901570032bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
459d39f4d0453d6a4a826418d41f85b4

SHA1
29d0f17c1fee317de9353a2ea3292930b866b4df

SHA256
3ae682ce94350bc72a2f56c0f77869f1751fe3b8f0954d71f1a54ab96e2d0f51

SHA512
61e7dffa1e9b0a96c550822e5be4708a78bd9f1cdc8829d9037fb91522deb6eaf92978c2c71969acad82a5639aa6c9bfe8cd30604d2df7ee2dd5aa21e668eb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e46d1c2a4e0002a957ec23132ba461b

SHA1
23481b6b8d47f682ca8018a8b7bebfb22f013f15

SHA256
70c9882a5cc8cc17b0a71ab80ca48fc4985f1385be104a7501f40d08be66ccf5

SHA512
86035101773e5516b45778bc43e735e5e4872fa4fd64b563865328d46ac8b013d5e896a83b2959d9814d2339bea7f783c4366df908fb6cf1087d56b85faca0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb6fa6ce1263065ab69973157911de9f

SHA1
84334088bbced87a61dc47548486c1c8162279c1

SHA256
f3effe0a20343aa6772b698f83a540fda1b6509cc88bb65075d2f8ec2768457f

SHA512
b8e8576454f2874516f0b3ad1bfdfffc42f8b03928635d3b61fbd57cf32c2e1fe2c5ab9b7fd24a50f0998aada908c382dac5fdbba24c6ec2eb4031e309555331

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
8KB

MD5
2003015970225d058c48ebbf7db41d80

SHA1
f0308616b78e198600806c89b58dc380f489823d

SHA256
1d61065d8b528eb5b234cc8c5ff918c0ff1d27c26698c7644fb2f19ab9741293

SHA512
d4e1ace7df914e0d895f5b03b4d0feeb27cfc4e455c4df633841c71a1d7feae5667623debc782014593ac158f10ada90ed38453019cb3218d2d8691186d7186a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\bookmarkbackups\bookmarks-2024-09-15_11_NdKGFPK+Z5vemh7B2Vnvqw==.jsonlz4

Filesize
1007B

MD5
99ca4c546a7cc4573921b02b245e1e0a

SHA1
4babaf3eb9461f122c603da803218820f9967cb0

SHA256
9541677c9c2dfdf524d823523308bcc9dab1750254bbee8c218654fc3582d642

SHA512
862a948b1b18d72d338bf82daeb027539c8624a5a44100afe35e618be879f36555e3162966b049d3d7af7e7c46f14064614ee8e0e99d9211e15bd9f0fe1c2a92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
debdb2e08a7b5cac83f88f3f8b096c98

SHA1
49bf1d7e7401b5e8986ffe9b03d02570470c265f

SHA256
efbbab5f33ce6410eaf04a24c7aee6ada76d23012633a4efec1e739f7b76e3da

SHA512
646b16b3f6fae4f5003b1b22b609813885166ae7b95479785d4848b0bfb8cd1ca7f90ce643f9a96d86b82dc30d8bba34f04a6f3b3fcc2d452006cb74059f0de0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
4ad8ef5796f52d052c6b583dd6319d9b

SHA1
163ded1be1a6c84b4dd9f8a081f9ad54a9ea6647

SHA256
e19584568036ff6e1a93936a8bb6f4d707df8e0ba9c47c6d7b8bd90f2091f8ab

SHA512
ddcca5d8174684dfa544e7378a626d02a08d9abc4a4df87235c5670070c47dd0db2bc244ca5ad50b48b19340ef1e2522edbbb7af4163a3f50832a005dbe2a351

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
12KB

MD5
b7d718089369c38c1681208c9e02ee95

SHA1
792c6c53b8215de38c67f9cca324b0de62290c1e

SHA256
392d314f6e3223512cddd37a5fe55a225ee8304998de2ca91355a6a61894ca1f

SHA512
8d892eb4844f0182d1f7bf7e3890739d2addf430514ec17ced27ae04916ac72254dfab01243448b0121156bbeef75614cb63ace0dd258a1bbaed0985a1347041

Download Submit
\??\pipe\LOCAL\crashpad_380_GTEAKMJLMMVMQCIO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit