d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403

Resubmissions

21-09-2024 16:31

240921-t1qvhasdmk 6

12-08-2024 10:22

25-07-2024 11:21

13-07-2024 10:18

11-07-2024 20:03

08-06-2024 18:41

25-05-2024 19:34

23-05-2024 17:58

Analysis

max time kernel
1195s
max time network
1199s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoIt-Extractor-net40-x64.exe
Size

1.2MB
MD5

205792ce0da5273baffa6aa5b87d3a88
SHA1

50439afe5c2bd328f68206d06d6c31190b3946c6
SHA256

d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
SHA512

186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
SSDEEP

24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

Processes:

flow	ioc
561	raw.githubusercontent.com
562	raw.githubusercontent.com
563	camo.githubusercontent.com
564	camo.githubusercontent.com
568	raw.githubusercontent.com
569	camo.githubusercontent.com
570	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714100453272321"	chrome.exe

Modifies registry class 2 IoCs

Processes:

firefox.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{0139B37D-28D9-4BCA-B7C5-2524180F95E6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3120 chrome.exe
3120 chrome.exe
Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

660
660
660
660
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3120 chrome.exe
3120 chrome.exe
3120 chrome.exe
3120 chrome.exe

pid	process
3120	chrome.exe
3120	chrome.exe

pid	process
660
660
660
660

pid	process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

firefox.exechrome.exe

pid	process
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of SendNotifyMessage 46 IoCs

Processes:

firefox.exechrome.exe

pid	process
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4520 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 3156 wrote to memory of 4520	3156	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 3440	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe
PID 4520 wrote to memory of 1892	4520	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe
"C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe"
1⤵
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f2a73e2-22e9-4822-af28-ed813d989ef5} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" gpu
    3⤵
    PID:3440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {005f9cb9-7626-4759-848b-dcee4f1323a3} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" socket
    3⤵
    - Checks processor information in registry
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2984 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd89c08d-aa7c-480f-94cf-17f6254c8c13} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4280 -childID 2 -isForBrowser -prefsHandle 4276 -prefMapHandle 4272 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93aa2a89-20ff-4c05-9c02-3caa7c3a5f65} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4832 -prefsLen 29144 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd8746d-925b-49b7-84f4-0e71de63b8a2} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" utility
    3⤵
    - Checks processor information in registry
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d1de08b-3d71-4f1e-a6e4-293785e8e6ef} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99be9c7e-17ff-4f00-88e6-c23355beb3b2} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ebaab2-606d-4655-aeb5-24a47475f645} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6080 -childID 6 -isForBrowser -prefsHandle 6072 -prefMapHandle 6068 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e1da2e8-358d-442f-b628-cc9a56d0d557} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
1⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffed754cc40,0x7ffed754cc4c,0x7ffed754cc58
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5176,i,6456000127975822240,9645835378887680355,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4344,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:1
1⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4848,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5464,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:1
1⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5612,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
1⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5740,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
1⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6236,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:1
1⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6372,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:1
1⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6528,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:1
1⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6080,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:8
1⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6700,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:1
1⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5516,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:1
1⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5764,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8
1⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6328,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:1
1⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6776,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:8
1⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6420,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
1⤵
- Modifies registry class
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7300,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:1
1⤵
PID:5640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x460
1⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6800,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
1⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7680,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=7712 /prefetch:1
1⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6576,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=7792 /prefetch:1
1⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6288,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:8
1⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=5856,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:1
1⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=7984,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
1⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3076,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8a21a9e31578154330ea63b188535946

SHA1
9052ceb1536327bba91b5fdaa9e12a9220d82693

SHA256
5ccddcadcfccd3edb0ba98781cd314ae2821ab2fa968dcaa336adf3ba5ae45b5

SHA512
51432a3323eae54020d2df8ffc8ab65a6e13d0f2ab31836ccb3d7e977d1f0e087c4558b5b17779ccb384e123b61a5e928b98bb19f39322b4b7e875733e58ec1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
83ee79e997b6bf4b1339efd74974d96d

SHA1
0c3c46298426c897268d57095043033ad9952a4b

SHA256
072659b4f6fe44305e91ebcc1d420bbad492550873b0f13a9a712dd33d1da256

SHA512
0e25c2f21099b57690c43ce609fbde47ecbce2ec4eda743122630db796372933a9509d0de7963c2321b8cd0c4643f5ca396d4d573a41cf323dc0b637f8caf1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ba4f538c3077b1cc457fde30a307eb5c

SHA1
7d39aab147b85c7d4733b071a2b62492eb692cd2

SHA256
4ad3d0d6a31a829568171499315ca0a73ec6b55d627454d25856dced6ca5cd63

SHA512
63c6391ef371b643f7a8d99831ad14b4770a4ecd987ce02a691963c46d56290e585c2037a54d68672f9a7dccd320e0c5b7b5d3d83645380259415e50c8589b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dcb4dde540ae245cd52ece2388e3e926

SHA1
f255de1c41e95c3aaefbfc9119b8c1cac9174704

SHA256
911003bb40984f7ca7f591ac56d4326d36599ac0e68d6093e3db16d8b0467d4f

SHA512
9de658ec3a5ff10e4d9ee5e2e3192d70f79707b4d0b2d76a32d5f0636cefa14f00450fdfa636b36ace951ad75103489743d3848dec93b5ca4ea520f7709eb52f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e36b66d3e5be5cd00f686cf9fcbba9b5

SHA1
ad3f18bb110ab0e7033f4239eba52879d1605b59

SHA256
b12bb5a691edc973d1674a2780ec8efd87bbedc76d84ec5a1edc1855e7abdada

SHA512
5722156c4291538a657d262e103ba5f08ec9405bb0c1d7b8e44506a6b1cdd7bcb90cb88a477b5ff1022918621997cbb7051b2550fc8ca8333707cc6870051f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db22d16709c0d76d3fa2e713c54b4162

SHA1
169e1ec15bb794c518a34c87b6b281753e39eb82

SHA256
73f03f5d6beb506cce15fcc31ef500ca17515ee77a943266684f8d21a9a88b48

SHA512
9d1765c16d68e1527d025a132fabe38679aead8b8445d785d6e13cd30660b67aad1575b0faf20a72d0e3d4e0dab8ca622a8870e2015dc086bdb980843d1bc244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
0a63d9d253cdd0d2085bf24fb33ad5cc

SHA1
72b20c3ea3d9eb6f0679402e9faf3aec9a1e3e0d

SHA256
586b17e971d5f25edafbb1c5abaa6b1d9f88545ba0910b5e240f60e70dc84ad0

SHA512
b5a4b20933e734d89fcbc91f6ea7eef2c7e22301053c710c2f19df32c93c7ef26cbdca24a85a2dbfbcab0a1c7c0bef6947d5080793005f0e5877066181569e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
04ef60d8731ba7d39297a58329bd8123

SHA1
9aef5a0df06b0da6779dfcec8a0affad52c316fd

SHA256
df2136a4c044c2b835992819daf5808a35d60aefbac86170a495f9639ed23dd5

SHA512
68186de7e42953a06fffd9e4905ee6aa6f5b5d284f3640e43eb640bc8166670dbb4d3576cc4a79e14d77270e9e776608fe785f6ffdf8784e1d1bc3f233e9cd67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
10ff0f09946eee50d4a8604339b169be

SHA1
61e4f2f94f6494d6247665d3ca35c5ca7c24f198

SHA256
76547c787ec47510f7502c8372b8f3186c475ade5adf435f93938f286bf0ddec

SHA512
c5db35c15e611063d355cb9c8a6bccd8f864cf0337c7fb4d7093c5057ed5ef74a08668e041cf8911bdeae7e49f65ca09906768bdcc7f962856e2e1c3b137899c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
12KB

MD5
95b98f92f18cb659402c2733ff541f0a

SHA1
a02c2df8fb90d0611c8ec0f11aaf28d9f0368def

SHA256
c5ecc4a77acc04d2d19041cfcf1d4391b120031be0ff14dc741191f389c8aa14

SHA512
1a5068101d5e46dbcf3d1d42959b6e806a399ac9e4d8e51f6de9cb139263b367691e8b7dcc9be84726e655d30d3a84178baee8d54d02770c77452a22e560fb3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
62a85af8d2c021cf4af59dfc9a323331

SHA1
e1a4508fcee19a194c1d068e68d7789e6cd42933

SHA256
cb64442d37ec351a54a23096ea06917f08178ce798287e4a5cbb0c08d4a630ef

SHA512
d65fd36410e38da6e30080cbc33085778b6fa5c11cadc4c3d84e1251630fca37307574d79fe384ee909444a77e9773d16c5db9e894b775c02c7433cc88a05ad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
caf050d1b30966413235a384c5957d6f

SHA1
cacbdecf0d49d78165a64ba7bf280e6b839427a4

SHA256
93ecd1a9108fdf1fa6a3dd114b2da24805c75964acc13d9b464c50abd349265c

SHA512
04f6a2ed41a45b28bba5744974d5122c66320af103cae4349717691782a4e933992c5d8095b09c3e02c0af42b515d201cd95e719bedafc15c704f652e69b092c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
e4d66f39b50376dd98b41a5c92ff35ab

SHA1
d3666489254a70c799288d4c6783deedc7303f8e

SHA256
2abf224a003fcd8e4b126c66da2431508b790734883a58b0eba858c2b02013b3

SHA512
51c22ff02de6a51d49118165c6a3f1b7a451acf9747a973ba39137a7f05e8672d2adf62f635cb4c6aaa1bee0f61566005958be5651d48d8fdb0ca0dffe589e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
bed199494338fbb1b4ed20c9564a7c72

SHA1
ea4139ff76989906136f9820a53f8b99b632a63e

SHA256
58f8a488687c962d94feb250438c242c9a556a41ce725bac51e13312c7df43f4

SHA512
055d528fe0f82166cdb2dc68e431ee2fb5cb1fe8a3768ffb1cc6bdd894fa97bd946ebc1a14f7cd85a7ebc9374e21060c8fd80200e842b4c68dc9c0f9d987c1ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\0169e4b0-b438-4142-9470-e818951cebb3

Filesize
671B

MD5
ac802b76384f07702f97de0f6c6cbb0c

SHA1
2baeb6782aa283f9d30b17f96fb7a579c18134b3

SHA256
f19b6210b0a71800f09bd95ec22b249743843b6a7f4cbeafb8656a158d9c186d

SHA512
e473507f8a73832f660b071ba48514d79e72e0a417cd35ba8871e38e3f300cb7da7b362f07faf60714c879dc5b5fb0ef7f03d82aeef211847adfb1b44c6cb6bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\4d1516d2-3dfd-4a32-a507-3fc45359b384

Filesize
4KB

MD5
fe959f5018185d49a0f7e8b6293e90f0

SHA1
016838ed4d4bec8d5f41f31e63d44de7a254694b

SHA256
7dcb379c3d7d85eebd65af2966cda3529a26036bda5f719c3556ac6b22b50b1c

SHA512
aa5bdca430c155b3c3bdeb31eecf5ead62aa98c1904f598a5b6de78d89fb3b1d4dcb005e52db772bc0588d0b79a6522931a0bea479216f03428c2409e548cb9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\bd099c36-b3a4-4b9a-8ce6-674aa91b9bf5

Filesize
982B

MD5
0fa84f6c072bf9e24c9bf1437f141c19

SHA1
e81ad30999f2fea4bd5240ffad153e3361dc70f5

SHA256
5231191658ee4caf6e7b69d7dd4986a0f0067b075f45a14914f6c414e45cd065

SHA512
a8ff8db96575cfcd1e8e68e72322420b136e0b49341d9a41ec21494f1c4cae9f8d462eeb683e1d3cbe9a164fc0037894d3b9ae00a4040e7b33d33097ae26ba52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\c2dd6c73-cc30-4655-9e2e-e797df995f14

Filesize
26KB

MD5
29cc93b1c3d0a3ae5000d3176f37332c

SHA1
aa602e188158ab4ac868a305a87c0ff5434f8d88

SHA256
3dcd32ab770ce27cfa2b1fa5a2ce8b691c288a9992451188a19994972c4991d5

SHA512
9cecbc104127a3157412a44e70f651622df22d7cab392a603fa680052f54b90a4fbee8e499a80adf927b5ab233e46ceea201ee133b498e21d16e9cad627323a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
dc284dab4331ff0d5ed3fb1dd929782a

SHA1
e10d6ebeb1dc33ad85703a79230e562f105279e4

SHA256
930825313edb412d885bb535e3ad7cc4f9eb8f76d848ed77563a037b3956f225

SHA512
a9e632e850f81946246d82a16347e40b22780a3ece2444f14eb7b6dbe1fe878fd31279d65bec752c8857641803652387fe57a02c4d7a5995c07b7728163e520c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
4f34b6eb3cdbf9ec84525141aea9be7c

SHA1
2ee33b14abb4fe147e1fdc25180e1e04f5565a9e

SHA256
e89fc5b13eb3757da347c5406e7f5912599ca868c6d8ea82a0711daf53829ccd

SHA512
9e3a1c9f3e69b69a377947393af9087d9c154559039419f16efbd7b67d03c4069b41105e62fafeaafa8e7ba181b12ea0dfcee4f08639319aacf59b9f2e7eee19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
63e691d65755920bbfb04bbd260b288b

SHA1
0e1023c605609a1bcfaf58b92221a89e99b02ac5

SHA256
af90b3ce7bc942debfe1665ff71fd4c9daddabca687e9f417577461f1ff13527

SHA512
f3edcdcfe9056f8e7b43981b86f3fcc55682add68104378e360a531465c88aeb8dcbdc00ca0f250649838a69e6f9d8bd8cab9e960ab5d1c8c3de456954e863c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
55cd6ffcbb9fff7bddb517406bb3a4d0

SHA1
f0c992432d412fc43c175355e852841733578025

SHA256
f227c665e2ba7d590e898b487a27bb16c5d4e932ef24bfe40e4903eddb801cf9

SHA512
94551c37f73c22a4eafc1f92cdae3425a732094f1d713ea74f7fd503b95a3a629bf0d7e702352f1a5c7840335c2dd0dd60c7808dbe4434576de013645944341e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7e93315c070e0416231ea7552b3f4938

SHA1
0229a086377dcb2e810fb1e62bc38aa93cff6f95

SHA256
3c08f521e75ee765b495ee5de95d7a8fed9a14797b931e7de9a0e49008111193

SHA512
fd56c43cdabb9ced3be4c2482bab93c57d9234a03e939c95b4d81a0f95dcde59150193d18e4f0054af61de64287f5a8c9ba86205cb85e17c1949a7a0154b3cc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
4a69c902af23e56e59f5a44cc35365a6

SHA1
de86d9eabeda9193cfc33d82cf42a12af79973dc

SHA256
e298bc2f7bbaee0313f8373b67a9246c090d26e7a63a97b2c4302ea518290240

SHA512
1fef74f91db188d32fc1911f51c07ae3849af0f5cfe330874c480ca7b4f60574d9a1fd0c946a957d793fbe99c70c6aa27df622c3f821848d587af5e699c3687a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
b986038f6cca4fe01133845cf69a5c1d

SHA1
c0028058b5388246b29d9979c17c6a508e21f8ae

SHA256
31a632d28b1b793a7f023c10f545e148c05145bb422a9b2cc04b30ffb17bbf36

SHA512
a99295093d8257b56e519703f62d3e53115ac7fd4991123a98a71c2355cba2d0d011256e0f97658aa3a043891846e2b002374fec6b514e72cb9c6bdc248fbe6f

Download Submit
\??\pipe\crashpad_3120_FQQZUAFLFJPNAKFT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2784-0-0x00007FFEC0003000-0x00007FFEC0005000-memory.dmp

Filesize
8KB

Download
memory/2784-372-0x00007FFEC0000000-0x00007FFEC0AC1000-memory.dmp

Filesize
10.8MB

Download
memory/2784-367-0x00007FFEC0003000-0x00007FFEC0005000-memory.dmp

Filesize
8KB

Download
memory/2784-3-0x00007FFEC0000000-0x00007FFEC0AC1000-memory.dmp

Filesize
10.8MB

Download
memory/2784-2-0x00007FFEC0000000-0x00007FFEC0AC1000-memory.dmp

Filesize
10.8MB

Download
memory/2784-1-0x0000000000CF0000-0x0000000000E2C000-memory.dmp

Filesize
1.2MB

Download