a27afbea3ab59a6766862c29f9d75e632d660124ece1dd0e8eec17dbb678904a

Analysis

max time kernel
301s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2024 18:11

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sample.html
Size

20KB
MD5

93ae068711fddac033745c00434407b3
SHA1

3f87ea1f2e1ce4b5cae8c6a0b89e81c56bfd6e3f
SHA256

a27afbea3ab59a6766862c29f9d75e632d660124ece1dd0e8eec17dbb678904a
SHA512

1dbc2f664d29c99041d1e3ce899b1c57f11bf048c5fd8b4858d9984b38c3b613ea620cff0c500dc44412bb156b2f89f16a450b3cb036bed605b5c178042922c7
SSDEEP

384:943wNwf8Sspa1ocy4T4lbGa+7vhpNZGvcdJPro2REu4Y0wM1OTfF1xCejiw:KwO0E1ocy48EaMJpNEvIJPrEu4Y0wM14

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-Installer-1.5.4.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	TLauncher-Installer-1.5.4.exe

Executes dropped EXE 2 IoCs

Processes:

TLauncher-Installer-1.5.4.exeirsetup.exe

pid process

2244 TLauncher-Installer-1.5.4.exe
5252 irsetup.exe
Loads dropped DLL 3 IoCs

Processes:

irsetup.exe

pid process

5252 irsetup.exe
5252 irsetup.exe
5252 irsetup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2244	TLauncher-Installer-1.5.4.exe
5252	irsetup.exe

pid	process
5252	irsetup.exe
5252	irsetup.exe
5252	irsetup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/5252-533-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral2/memory/5252-1241-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

TLauncher-Installer-1.5.4.exeirsetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.5.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745264571851309"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exechrome.exepowershell.exe

pid	process
1688	msedge.exe
1688	msedge.exe
2664	msedge.exe
2664	msedge.exe
2452	identity_helper.exe
2452	identity_helper.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
4376	chrome.exe
4376	chrome.exe
7424	msedge.exe
7424	msedge.exe
7736	chrome.exe
7736	chrome.exe
7736	chrome.exe
7736	chrome.exe
7964	powershell.exe
7964	powershell.exe
7964	powershell.exe

Suspicious behavior: LoadsDriver 14 IoCs

Processes:

pid

4
4
4
4
4
656
4
4
4
4
4
4
4
4

pid
4
4
4
4
4
656
4
4
4
4
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exechrome.exe

pid	process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

irsetup.exefirefox.exe

pid process

5252 irsetup.exe
5252 irsetup.exe
5252 irsetup.exe
5252 irsetup.exe
1316 firefox.exe

pid	process
5252	irsetup.exe
5252	irsetup.exe
5252	irsetup.exe
5252	irsetup.exe
1316	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2664 wrote to memory of 3636	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3636	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3424	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 1688	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 1688	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe
PID 2664 wrote to memory of 3380	2664	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e4a46f8,0x7ffd8e4a4708,0x7ffd8e4a4718
2⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10179319527582669060,18003725198556991408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
2⤵
PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8b52cc40,0x7ffd8b52cc4c,0x7ffd8b52cc58
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2560 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
2⤵
PID:5572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
2⤵
PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4056,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:8
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
2⤵
PID:5964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4072,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
2⤵
PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5252,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:5908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5524,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5692,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:8
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
PID:5772

C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe
"C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2244

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe" "__IRCT:3" "__IRTSS:25260914" "__IRSID:S-1-5-21-1045960512-3948844814-3059691613-1000"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5072,i,13881695776321277766,1082104739585371709,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffd8b52cc40,0x7ffd8b52cc4c,0x7ffd8b52cc58
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65c4fe48-e0fa-4ea4-92e0-99c6ed5340ac} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" gpu
3⤵
PID:3580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db914b8c-6c67-4ecc-915f-6c2f2dc7afb0} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" socket
3⤵
- Checks processor information in registry
PID:3024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 1532 -prefMapHandle 2820 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06549b5e-edde-4d2c-bf3e-e7c6bd174abb} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" tab
3⤵
PID:1088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3532 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ab7b82-7fab-4932-ae24-0d8621807c3a} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" tab
3⤵
PID:1488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4436 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9481108-0406-409f-b2ec-59ed02bc195e} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" utility
3⤵
- Checks processor information in registry
PID:6640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5128 -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5116 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cdb97c5-b4cf-4a39-b7c0-b4f375259a64} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" tab
3⤵
PID:7056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fd3c611-4190-4a4c-81e1-34fc72cf2472} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" tab
3⤵
PID:5436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40268562-b2a2-4dc7-b57b-95b0ac1e11a1} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" tab
3⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulteb1aa2e5h20e8h4020had9bh963dba0f341e
1⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd8e4a46f8,0x7ffd8e4a4708,0x7ffd8e4a4718
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1440,13076293225471458022,14776285210749894409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:7416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,13076293225471458022,14776285210749894409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7424

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\158e068df11748f799922f5697f6aee0 /t 5400 /p 5252
1⤵
PID:8076

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5548

C:\Windows\system32\wininit.exe
wininit
2⤵
PID:7876

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:7964

C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
2⤵
PID:7784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e930267525529064c3cccf82f7f630d

SHA1
9cdf349a8e5e2759aeeb73063a414730c40a5341

SHA256
1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac

SHA512
dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ecb639309dc29b71d5a0c21d437285dd

SHA1
c61d914e14351103b34ff8c77e880743899bdd20

SHA256
4b724cabb851152af0438b27a5ff01d8fff384460ad8a39e682ed58d58fda37f

SHA512
2590e29ab9215754ecb9b21ceb7275fafc65b904b4fe5af5e34bbef5a07b8471f58eae9d65e036cd40e9bf295a786c13ed4c9b2227eccbbffec5513b6fa011a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
87ea60bceb0944552e5f532263968a01

SHA1
2282bc1f76819ab83c536f8208a935749061bca5

SHA256
538f07e911731fdc5517fabe730aa1b7514e579a4391ad8e36b9ebba4d4d9908

SHA512
c72bcc20a3764394e2368043d4087f95b4c5ba53cbb28362de11d47e69f4c5802ae7ae11e22a2a54eeb8557b9cbdf70a810f728ef2a3104c30ab92fa1f499016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\351d7b97-6f7c-4e31-b8ee-0ee8f17d75cb.tmp

Filesize
5KB

MD5
1c3ad7672f666ed5a7eafdff51c5f6a7

SHA1
e252951257412615da8efa30cae0c79ac95b911d

SHA256
9b58bf97bdeda61384ba2382b0b68196319f4f9b5ac1106b7751604f218010be

SHA512
fff0a8237ff0b6199603276f33e7a736867f26461662489a180b36f57045313ac9e46357cdb83ade3e85008051c14951fd42cdbfd78323571f8dbc46aa12cac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02792aa7df8c36649d41d1753627bf02

SHA1
4166c7543be25e05deb56d2261ca91adba3dfd46

SHA256
d1e87ac2490b9b5e9f2beb5b340a8fa11b8be1e87d0c8cefc92f1ccf2a3b6d84

SHA512
a9ebc5e8437e98bb4f67c32774e1638d2f5fba56d3ad6039e7047eeb55942d1804d5cfb6bd224d54d3e433e91b189757a9463cbbdef53429820e28a69145bcb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
6f3f42e1962b778ea99e9eceb3e080a9

SHA1
58654c2db9d24ced543603178143db7db10dc978

SHA256
bd6d636b6e6a3f44042b80068e806e0fa188180dc484f9d398e47cc77aaa6c45

SHA512
d1cd4e247c6e9f58f30567568f2183d508179810523e463abd17242ec26b1b92d53ea70913f220afeb08bd1a0a5fc1f983ed4d9f6e2260ba7e2cbaacbe8e6885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75b0ff389360e65b01931b5c72b27cce

SHA1
77d26fee52ababdb945a31d1cd0922b7c2f7ec92

SHA256
890d50ec9059ab5f2c7742c74ded0a725f4d1f2323d6cf84afc6763c28ba87c6

SHA512
8e3ab1efef3b11cb5a608b0b57a10d0662867b309e1a1ee4258b0e901654dd58e9df5fbfec6704b8e7675a86f66009b98ef5d16412ebac9b9892922fe8a18942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
826bc5f64f1e2353374425ef0bee3dc4

SHA1
f3df964b25071ffa98f09ab365e517ae0094db01

SHA256
c6fb92edc64ef41e52a859f5200267156293125082d8b096d3b325c913e648c6

SHA512
01d744942ac9da2601638420999e1ba58c606457907ed4c12e423793a56dc74d1981443b6f7c3807b1b2f1ab0d51a1bae1dad1a42d2b4ec31258160f46552812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87ea455917c45f0604aba04e07b876af

SHA1
8310e895bbe4bfc46ab4fe9573927d0cd61d1fda

SHA256
c7d00b20c980c15b5197a44269de7949773f73d1e3caf933c7efae779c963e16

SHA512
8278720491a80e3383045f997bf966db8672f1fb94f34bd98e518ccb4cb8faf2578aa680a2f40259218e7c9e73c099146f6725055bac07884365e00aaaab77aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec48b05e285c3cbd87c767b2ce91ef01

SHA1
2740700276d7f400c891d9715e102de393b1f193

SHA256
6a3f37a8c6325159d08ba26e435bda78392c33d2c5cf9cbfe308fbbab6ba0549

SHA512
96d3445c3137e9d79ce98e186672cfc2035ce4e093a790ab468ad545075bb05ec97e911f0a6162615b106a43575870292d4de4c0bfd10d8ea1dba08531e3671a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fa945cd21e32198e7a593d6c6ff086c

SHA1
e2303b810e873a759e96b42a1069c71d4d0e2483

SHA256
240e5263e98ce2d917ee4503f61e2f3bfabeab873f752f0b50fb1ca97ed2753b

SHA512
9a50dd106684064fe05a125437607e990f42d662b45233fa0a295d61bcce1727f6e9745aceeeff72a0b988e865b1047b730eab5e98a73cbf5d009ef0bb8b3e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9170c15572e70c7fcb643995d788dc6e

SHA1
99a3af4c4295fcb801f5c6dd85c7e7aecc5800ea

SHA256
8077f2a9cf29ec756d6ed3a6e755db3a88abf9a843467ee6b431bd741da81503

SHA512
72f59216c1a50dcf678159141ed21aa1daee22b03cae9e5f3e72475a47af302355edc29b59bb2652eea4c1c6e7bb7557d18985215603e5a36eaaa9615701f251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f1621d7fb1c88535181042bc324ec4f

SHA1
873e004ec39ff75221d2fa71958abe0424603a61

SHA256
cbcfca36372824ae492cd21aed0d90f8c10612703925f4c337b40df577578a41

SHA512
e37c7095c5ef636298a468df322486f897a0e4c90486fa719acf870697b4eea0a01553a27539fc9fb5fdbbf633be57597e941c6531e4241fe4247a427647588d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d94fbe0d13f000f239bb8d43c61e3f6

SHA1
9451781ead30ea3f384067681c30867714ccdc43

SHA256
04a3e1b85c17f4e72b8eb39765f340d89c7ef47c44b3c9ff28f46ad26c5be410

SHA512
10c9a4c5894c5ddcde8177cbecbd1a2fbcc36f4384cd75969f9c718a666da3dc3d3752c8583e40d39f31bbf4dacd21cb389fd82e6dcd61ee6b9afc4cb26ca927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21a2df55a77973ba7ca2554bb02e8abd

SHA1
20e7b890b82ef1cae1ceeae52231e57d0f944fd0

SHA256
26ce277b9aa73ca889938f32ff01487eb760e7e88d742e36b1f61d4f82e422e6

SHA512
089ddbc22b253043bff176a90cc5156fe209da480109e928b21c55d56cc4a5853b5dad4f429e895d6a62912df9b5c1562e9c211b4935401eb2c29126970b2ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8159a6454b269c8e64de336182678e71

SHA1
8ab2e4bd5c9e6575f443ed564e6175048e9e867f

SHA256
8f98c985749b418e4070fb7c4103b823983776e59cefae57c4978b794457106c

SHA512
b033fc5f87ad735a409a3442c26941987f9547e7297d33af3dccc67deff6206f75e1a2cb6916302c020c39e2c132c99df2b8270b8070b3ab773b1df376a32682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fcc3205d544e97d6fa21a9564024e76

SHA1
f9eda9e1478b1e45975cf0133dc64b7126d4147c

SHA256
61a331b9c1b3a6ce6e77ba26380f7987b1694a21cf5709db68777cecdd61bad9

SHA512
3b974c182b41e97f9b3ce547c75ba0f0446235b8908e4530d245f8dd32d2cac499a25e03e953998184e62317b9b99086aa40ef9bd633542abf9ba8e156fd0451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96daad362d73b818dfcd7dc0712b9fc4

SHA1
a801a266c6554259a1e2c5d8aa4dc9e924cde00d

SHA256
f4abb0d8c68a8cb584d8c64d39a748b4e10e45d6c411f3f5581678c6ce98c4b2

SHA512
288829199c56160f81f666e84edb66e21df323b6861ac89e51ccee6b3888d55d83c3a5d5e65c60b5c29e02a7a9cad4777809146dfdfc77995c51d331cd6d3216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0f284caed3db58a572feaffd6602e1b

SHA1
a6c2f133dacd2333f047c105ce2a1f691bf40ba8

SHA256
f643f9e4c67915c741afa6373e01d7ececcaf54387bb46ab6b7eee81c56db604

SHA512
3ebe31e9eee990b6792a88599d20a57971cd91a5d912315470951a6321f45b474192bce76f64dda124591331ecf7df7dae07a0004c8158fd85eb9667317a7b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a8a2944e532ed3df65c8bcab295438e

SHA1
dfd9f5eaadc136403b81de037eaf9585de1175b0

SHA256
46f65a285f92bfa100d1bd50cf3fbb3609440ae8b13e16f20178d1c082a41895

SHA512
bdb3937f51f90541687bcfd129bbb9780f93837c522d0b5f5406ed98bca1e7f5d99afd8a3869de8f2c07b080ec674413a1ee6610305627e397b404d625866663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
983798d72898707befac3c5fad5fd473

SHA1
d04cb891f7217953428efa47cad293bcf4ae683e

SHA256
2d8248b2a868682400c71bfee32619d2aaded5f697c3d6d4db187eece504085f

SHA512
f061b3e0c6045fd64da888ef7caf5ccbcba925e60573ced7068b10416b9a71726641e7cbb3e4a13f8452c286a1436b2c9ce20b2e2bf267dea0911228950c8cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2225dd62a71b8b4878ae8011d1a996e6

SHA1
3226ce3e9098d578604352117c13a9527b0eaaed

SHA256
5ad4ea3c40a0d39ff0231eea8d1e660c6b47c6c75651acbd3eabd28e21373b28

SHA512
5be6e64671cd1b0bdc6d30c2761e579cad35605bad16ef4b42ebed6776f4736c777321a9b580bf0d00ac581fb17bcf987207ed56cf4e475103ccbb54a7679979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
b92051c7646834edbd14919d346e778c

SHA1
f22dd43c4a8725cfa67bb9de367284cd5b8c3231

SHA256
c5e221797e219315aca4f1ffaa426e8af0b024febc8d3d2024d0985fa3e0bd92

SHA512
f46da9f2dc94593504f233890dba18bcbd8f298c132f98774e90154e1da2eedf304bdcc79695bf7031e4c043cf0b95e8e9ca411a6abc7dcd5752c3b1837beac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
acf9c54d17ba490936ce63b6179eb769

SHA1
1c304383bc91c12a382bb19ecfcc7213b06d227e

SHA256
db77b2536d6e277fcfc1eaf3d5ed15a4a23e6e4c917a4168010a68c8cbc560b5

SHA512
596bb45ce23f7f66bb3cab31f643345fb64fb488e8032d3690ef550b1e107abc6a1177712153344b964cfa0a464de038a5b88a6e3a582f5bbffb875e06a6bcc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d1e684551e2229f6229da4b8cbcdef14

SHA1
a91329301158c693c6cea6543dfb7f78726105f7

SHA256
4aa441d057384a99d45371e6b278d88fdef58a8577c07e2967bb9a92ed440ec5

SHA512
844d50ad318a4a7525e088cd13b29fb5dc91c0f20eff75ee17dbbc77bf9a773d5472f2a09407eb0275693194d4dcdf6856fc6f59e14cdac465a36fd69176685e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
397B

MD5
6730683a567442c09bcda4ca1dd2aed4

SHA1
837a8d532302543e0456041eed1a02269e10d80b

SHA256
57e2d9daf0cd453f414c4a4d86fb73f8d89a6bb7ca6e0ef8c8727ea3480d7c45

SHA512
e7996643fd5f750c1e7a7efd465be8a86603faffb47016a14e7e2ad4279a61f276335155cd675da90257a493bb9e8a03369a8f3564a32b2403c80a5cc129db92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33036520b86c1752df28e90e536b5ebf

SHA1
f761de7033b0ff973825b27d89b2a99e21e1bf15

SHA256
b07bc24b871f60a6b940b0a7ef2bace2d8f06c2456c2474a2567829b1345f6bb

SHA512
a444bf93dfc800fd9fceca246cf64c87d6286897a8e1bc393c6975f3b16faec8ee68a7e8b096bcf64dd8698140ae383c58daa8cbf3ec8911b9dd08ac7784a496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006ad3a4708a559e4495c27fff205578

SHA1
b1069519604cb991ecfde37a9e7af3c242f0c9b7

SHA256
0ad5774e57ee9730d355a916963d08c97c5be3d98403265974d7169aebed7056

SHA512
cb92b2d7e75aeb90500948675cf70028d70bc70662d4da4f73bbacedff0dd46436a8e505b113a615cb4acfc43f29b453ae96bce1d8368ef2bb61d861a0a225b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e490a23a9dc1909ad772c8c7b31d12d

SHA1
4f775bf1ad03bb1e817c9d9096b8fb3213ac5393

SHA256
4cd937d27684cfcb02076506e58069e8b2d46efe491cbbcbc2ee047f688d8628

SHA512
40490929c4cb829e24d5552f7e8659334630c9f88f613e75ee44c9362a8733b2a0aa86d3adee7bd5495c22cd1c2a83977d390051a90a786fb3bf5e3122d75989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a0e8c3cd8e537c5f04f24d17877f7bd

SHA1
f94f87ccf234e132c450a20f54b453800bb8d1fb

SHA256
9ae18cb9357084ae151f9bb6ef87384acfcb9f1457cfe039a5517c9a88740dba

SHA512
2ebdc1e1a5d15e50bb09ebda3ab26cb4594a93d4c6a5c64307bbcfd75c2260a5da81a278f4523ce5cb33bb6f2c3979d1a9499dcd2bdcc925f8f70fd59c1e95b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b9d3f75d04129a8513a50957e229ac8

SHA1
e6000256927f7c4628e2feb4b3a85c4fc5c88f12

SHA256
8923e60784d54841a3ab0cf5504723b3aebafffbb9a635c5cb786faf8b8fde4b

SHA512
0bb839b3ae612d31ef0c3312df2fdd3c164a9da6a1864d381c6393dba3a65ef3b632982b54861569aa35642665f5a67633725e471bf45171a67a55b00bc12979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2544f27aed6b3ed070fa931c86d23dcb

SHA1
36879909cc627a7e045457258acf5c6d0e72e017

SHA256
361605ec460d080e3147563cc5c2a966bfcb69a2c8b1a013f88b44a8f778b99d

SHA512
e329727df3ce79725fae6bac23a6a358e91fb1e3214453f4e750513f36eba948f80a19eeef1961f7ab9c1dab3010f47d57b9ed0541e7cd08b15be5cc9325c5a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
27d8ed92e997f8d3266a8c159b98f70e

SHA1
7f3f7b4afb58d8ac317c89fdb28aef5ae9866b0e

SHA256
1975c9cb88b351cc53150e2754662ad1689844bb4f76cb671832912b5f53cbee

SHA512
92a322313aa3469e4b386d0c48491a9fccafad66d2b0c071ca4977fec2724d1f0cc17f2ae0c9cffd6bd409fa4bed83f6b58b0ddaa34cea5555b6a5e354137a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ds0gypoo.eaf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
0b689a412150e3e6b39c6ec69146504e

SHA1
b690cecdb4217d05947f46eb3720fd3c10f0ebd2

SHA256
ee52474483d6f29d606aa7061d3c3b958d95c9c940bfab7578c75403be59d656

SHA512
e978b873cef32a8d6a8e692cf12728bbf8089b7af67ccd972eeeab69f88a3abecc5aa1b51dcae35e28ad01152ab7c978cc4df2e9580db438bc179dc5ea9f115e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
010db5ec60b96edcc64757d287ad475f

SHA1
0b4035ae6e0bf71eccee24e8b68bb2ae62c6aecd

SHA256
8e2dbd5d61c04744fe8073c165eb864aadc444083ccb0d5f3b67a23db37d4e6a

SHA512
3b7a746d88aed63e75771b77d78f03366d5ade3fa07ac06e2c0539259e454f75052981d34730b90b45bae9ed256f26c8002a17d6b4da21c6030ac23b0a85352c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\6632f90d-dd9f-4794-8454-6464095af5e6

Filesize
671B

MD5
9438e6f1bdfe68c571b30500a2e34b03

SHA1
0c5a7e15291a6e6ad64256183d0a40262ef18e09

SHA256
2e622ec7ff2b8b6052f62346fffa191695822fdaf7b443e25eee7ca4edc46a1f

SHA512
451a88639b1cf27b95a2171ba3424d3ee46a740a29ad3040b44177e0f6e88c4802524c2bbd665078d88a62339c1949a863c27fdbc814ec6a1a94f21dac0275d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\acf23280-9ce9-4edc-85ec-9465345435ab

Filesize
982B

MD5
c1451b02ce73b70d078465dc5455b906

SHA1
f6ca5864b5ef10f37a6b8382c653434ec7b83ad3

SHA256
e784913bd5183ae31a2ef4094eb716e75d1eb9e6881e7f1ad261151d88799e2e

SHA512
0502f9928844a8daafdd00c4ecb246476b6e9c89b97b4630f9dcd95cc4eb143c5dcdca650d474cb919d15518df9b6855020bbfc584ae912b335683690fd8fddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\aeee75fa-9b5e-4913-a95d-04109687d335

Filesize
31KB

MD5
242a92856ea1871014d4bc40b16241c2

SHA1
6bd2e6feedf77ecc6393f65b78d6fa9b061d0b60

SHA256
8571129e1a01a00b3da66fe91da33906ded0b9c35f0d16547209751f00c1a734

SHA512
181ad73b2bf430e9e664ab98ad7a545fa83db099171a01a6bd07409944958d2aec6b4b0b4e55bfe6f9629f63ec770d04f5caf80f3ee303ab0f7a2e678b471527

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
11KB

MD5
7f6c51b40f87f02525f16ea52fb0c079

SHA1
0836206d0766b13f15c58a4653957b17b6ec772e

SHA256
35a53551c5daafba92f6a0f42d86edb5a411f450a6db1775b6afbd6ab2439abc

SHA512
cb4195887bbf26446143829756e648487603f4a9f5d511e2711e9338307a28de4723afb8dfc83d21d59dcdcd07e207ee400a891af9c6bdf2f8977d0d5821b3b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
2e9caffbf4807fcb7151c6d7ade5be62

SHA1
3b6d641530e18b012b4743e64992b47a301d6d41

SHA256
f2be4a1089196debf70a33e4c48254008b3a2ebffdd671d1e718cca07310cf04

SHA512
88f34bd99fbfab556b00d9fd83694ce280401704e0850f0c0a56a544988f3e175f3b914c2bbf9f18a9b8e966c4faba13f40d51214502f3c33992313f58881a6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 838479.crdownload

Filesize
24.1MB

MD5
18f27581ee61474a5661fb3625022df0

SHA1
265d21bff7bb85d42a7eb2779a75c6e1468a9a79

SHA256
f59628d7b563e099c5769b93df66123bd2274ef43e262337b1dc0e41785faf45

SHA512
99dc67916fb4dc1c1ab93a98455f1db3cb3d23fb5b42f7cbf7f8f6c098ace89abd75cffb0059548409068bb7ea738584b817c9c694e724f7d7afabe487f3cc5c

Download Submit
\??\pipe\LOCAL\crashpad_2664_KWMXWXILULPBCUXZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5252-533-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/5252-1243-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5252-1241-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/5252-1212-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/7964-1720-0x000001AF6DDB0000-0x000001AF6DDD2000-memory.dmp

Filesize
136KB

Download
memory/7964-1721-0x000001AF6E2C0000-0x000001AF6E304000-memory.dmp

Filesize
272KB

Download
memory/7964-1722-0x000001AF6E390000-0x000001AF6E406000-memory.dmp

Filesize
472KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads