f93f6a2c789a94527f8cdf8fb88237bc97c6ebb6daf4a7cad897baffa6be08d0

Analysis

max time kernel
631s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-01-2025 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2025-01-06 07.01.21.png
Size

58KB
MD5

1a97c8ee601b0561332dce2dd3ac5e3b
SHA1

20c0eba44e1aaf3b167c52282d3891b6ff121db9
SHA256

f93f6a2c789a94527f8cdf8fb88237bc97c6ebb6daf4a7cad897baffa6be08d0
SHA512

f09c43711893b020e117de43f390a3a00a107576889015fab854917d52c8ef3adb64f932be34300752b3c8800021b57ec9e4dea81f77c7a8e990d675ae489828
SSDEEP

768:7nKmvDBCmjtq5NQFip0FZw+IViP98KycNn7t15LlAqzYdtZ2+wNLUo8gNagPSjbM:7rDBJqeix+IVyn9t15LqYv53Rubbw

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806474056200769"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 240 wrote to memory of 3056	240	firefox.exe	80
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 3060	3056	firefox.exe	81
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82
PID 3056 wrote to memory of 1832	3056	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2025-01-06 07.01.21.png"
1⤵
PID:4768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd107eb6-eda7-4f4c-af5a-c353870a5ec6} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" gpu
    3⤵
    PID:3060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67b6c876-b507-41e7-9f92-b94052a910eb} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" socket
    3⤵
    - Checks processor information in registry
    PID:1832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3064 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7bda913-f728-4b1a-872d-8c8f9344929e} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
    3⤵
    PID:3348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cb4de9-2615-406b-8a90-49ebcf226b5d} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
    3⤵
    PID:4404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0e8998e-6748-4711-b5ae-6bc7a36fb621} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" utility
    3⤵
    - Checks processor information in registry
    PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5296 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eed7d3e6-c048-4db6-b1b5-a239c5463d41} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5340 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eaaf898-c667-4f18-a9c6-5ee4b72d96a9} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5740 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {495d0525-0cf5-42f1-9c9c-cb9b86071f6a} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
    3⤵
    PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec176cc40,0x7ffec176cc4c,0x7ffec176cc58
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4304 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5220,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5072
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6d88e4698,0x7ff6d88e46a4,0x7ff6d88e46b0
    3⤵
    - Drops file in Windows directory
    PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5024,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5436,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5464,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5424,i,17324967548666384714,8910458571851932987,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec176cc40,0x7ffec176cc4c,0x7ffec176cc58
  2⤵
  PID:2372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
063a70c56c872342bb34d646b997ad7f

SHA1
57ba2bf64c76fdae2fa1b8f5f69239ddb39331f9

SHA256
c2d22be07eaf720a45f0d118c4676a6402ef7e4e60f64b88ea38d2e9854e24e1

SHA512
28c3854e631425fdec1d81c1eeb1b744925f380a2bab584432ca86e5bd3e28f37b9906311bfb5385411506598f3c3fca063e9321bf02949137a5e216c6240344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8834393a-3ee3-4e3a-9943-d7dc2d69328e.tmp

Filesize
649B

MD5
a2861d62e6435644e81d06dd9241a945

SHA1
9039b55d8c9c8ec3ba7c2c826956d2a524ffc0c3

SHA256
e9471a282d82c9baee4ac499c1753cb034c9a4f0c9d75e4fdd5e6276c220e398

SHA512
728ba2f2771ac67d4685050e154f73e5d66233cf5e96923bb5592755093a9daeb303d99a97d53164671a71b440dd38b28ca7bfad22ed69533641bda62bca318e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e0dcb34d168a2f810286e7de2e4ffb95

SHA1
952e80407456d91bce5f49b7936b857b504be5af

SHA256
b9f5f700a0cfdf1f7009ba70c7d61b10c7a1c1131f04f0f5fbb4dcd4a81e1f6c

SHA512
10a3a096e73b0f7746acb9a29218fed4301794485a0b49f2b999823c6a58cbd3e1ea46d65886ffadb8a11bc4aea6573b4390ce150df93a62cacf5a4f84dfd19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9fe98a6ed15a39bfd64752d7e60e20eb

SHA1
594c92a524571c07eccd6eaed0201578cba833ed

SHA256
7ab78e9efae10f0b98ea685504c6f04d0a36c5490c934f49441a4ce0dabc47fd

SHA512
2ba1a31c6f99abd9da00b2fe665550c80484e3e9f2b6577e1d7bc0979840fa25039c2e4d488d207de2aff098a40812d2146e4e87bb120e1f020df84556abd209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f2aa06026034337b33af3f60989f2de9

SHA1
7b908f24798eb37bc94a2cc5d4e72e52aac942ee

SHA256
b96238b26a088985f9ce95f3958959b51689611ddbe774e19d8d3af7a5bf6736

SHA512
7097debd221510f3c1ee251d021b0ea1f51cf403553961c6c7b5ce993b327545112198d07e1b96664fc73f99685ef18d693198e8cd8c855eeb98626299923b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
59651bf91eefff8204c3c9c8ad7e5882

SHA1
a6d3e4b8695588a303b1d01699e9c129bcb58df7

SHA256
15c273836f83a9fc353bf0008965f841aad68207fcf6d42e403d023b634924e6

SHA512
0702f2025a190d52c55a3895e1248ee1eb5f649f171f06b7997dcd9e0015c1fa5b6c5bafdce30a39e7dc5691272fa4179fa16a93553da6804da3bf25107f43aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
96b73854a549636272e42d4dba761ca0

SHA1
b2f8e334a7c2391f7dcc3f9de0aca8698fde85e5

SHA256
1f7abf50a8b1f820fa4c5d8fe4297ea8979db5ced7692f542ce8ad2172736951

SHA512
8ff2570261de1ad6e619eea37ddf983b485ad2d3a432510b8f37175e6419a11c869e0f290eaece894474336358e010df8d878d7a5945c927783657418dee8f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f66a64183bee9deee712f63946983412

SHA1
4143e78592366061847692d5d2b345506d57094d

SHA256
bda21d38a50adb645b2bf57755500dae9c8a9c4716aca34ffd26572c46298393

SHA512
012bf69f7c21bea4f088daf25dc2c164f616b808dddd780a92a4761a148b46562c3ff91b9c6307498da4627aee4b6180d89c6c425ec33ebf0e99b148693a2a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f4960928fdb9c559725416994f821ae1

SHA1
014c31059c4293a9fc39f69afabf1e636f5cbd13

SHA256
25fe68efecc0adb995c219d1cb7e485334f09e43c8486bc4eff186021106179b

SHA512
d9ada999cc7d8e1cc4e98f19ac15c0f1dc88ffd8550b816c815d0a6e48077642e168230ec685f7c11411728087f3771df2fe6bce201178a984a47805886d6eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6ea324b6f3f5fdeda16f5fc54c7319aa

SHA1
ccf7ad99b2c9b0270971d6201757e409779ea6da

SHA256
b69438ce363ee1ab30ca8d40551cf63cd471bcb4cbea96b0f564e48fe2525bd6

SHA512
6a2df3e5ba84c9258a4c4a158f36187eef17a7d0f2313587251476bed3320ba95f02c50bafb0b09b63cee210548e2e6e828b4e441c307cb70f1020727bacc62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1eee523c91a54f4613664fe68715477a

SHA1
81caff8a2f421617ff58179fbf61d5c362cb7b5a

SHA256
78fe2daaae57cfce4933ef9c9aa5d9f4d365cf1eeb4c3e9075c49b7dc3016dd9

SHA512
1edb695c6827ba0c31f06e76b222a04e1da3df6880e70ad8f06921036a138c8156657177009661516c36d8cb354e328f3275dc861a79b2033ea3be192f9964b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4cdc9039456925b28dd72ce51f39ea1c

SHA1
1ac2eeb19798ba57bc01f42bd7035e3974acdef3

SHA256
6768ec989e293f185843710dc1c0e4c9dbebcd799356da16adb6261f3986f2d2

SHA512
596a03c201a4db2c359b9b5620cfad343e80a058e25777a4f5a04985d1344b2bcd5bd3014dcb2629e4522f5ca56404cb86784741a567b75ae3b832caf4df9e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ad7798aaa3a78647db807af817f76b75

SHA1
506e88affd8dfc90befa6946140d8d50ab2158c4

SHA256
c301ab21d98f2e4a2d74923c5f2919875657e41281427a3ba4f408d9d6bdb851

SHA512
9cc7ef0651776c79e705e09a38fd1fa65407c4cbf55042d5ca2ebc17b0b42594969d5f7f311a2aa3ebac22f2134c44032c8677f7115ebd183f3345c47dae9aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
f8c5a3d9422160f1c1481a0c4edf3f9d

SHA1
594dbc9f8c3f63a484e0aa18cde36c4e519b4d90

SHA256
f068da899c6a1e4faf6e17413f25553605ee8bf089c65afc2a9304953d98123c

SHA512
406aa476855be1c8da6061d0ed7a4306234f11666b30b2a1d2ebcab2fdde19d9bcf160679d658e1f9ff879c208e2729cc30c51f2d443e411f48f36cfcea16ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f1bac1338b40cc5eb0035b75a7bf3fc

SHA1
5286ec9aa73117ba7b2e38b4cc38ab7017499df4

SHA256
14ec66823a593762e21a98244da7dd48d6c42f6274558724859affc493f56635

SHA512
b2dec898f78bdce8c852b7ef0fa792ba78da3608a7d98fd45dfac290868becaa50710045785db3c5819f879a71a9c55845b1146bd6ce179c0edfe73f45adb76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4c6880c36247b2687cae77068239ac3

SHA1
3cdc4df03d9fb93129ac0b431a226d5774d3613b

SHA256
977629d06b0df2160e3270966bac3a941607bf4c5500ec0d8ad017299a79d698

SHA512
b92a755df34cfbb7cf9cc2ab796222f0c3084d1592cfdeda74b1fb6a245960e6b03f991a030733b35cf9d6aafa69f4c79bde400498a5344fbf509da833587b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40a927957e6b65785ce9b2894f96ba8b

SHA1
8ab960b56b36e87a71f4e110c6a24e0d2986c9b4

SHA256
7c20849ceec2a5ca58f6c1db162eb6e33e178ba34739fc9db69e4af317b032a1

SHA512
a1c0b17ac20c3c84b5cc5ef24d69c7b9cc523752a8a7100bbe51b6fe2925c2c878cbb62937561a88089c682e6b7433204f1bdae9fd8aba4226bda2352b4ef260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ada482896ede6a751b04a4e0dfa84028

SHA1
7ecf33714d8f74566d7f21b241334765895dd9a7

SHA256
99f16833ccc88ee737bb078ca991a3a91f1a9c96c9eead35816b0403450b3192

SHA512
77dce0cfcf0c5d60971f5c8f8595d66848b081a49d3e5bac145949157d2675227045aebb6b0918ee98ae03a895b64012b60dd14f7a1447f5bb3e0fe1a6c2d297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38b4a0a774aed00593bc2eb75e83856c

SHA1
47c46eda6a5328c20b6f15fb48d6984d30143bc1

SHA256
e989d95d4a998ff24a10737d6eb8a771bcb0d3d8fc2900c1bb6fc35d105bb4c4

SHA512
76dd2390d32e2a2d7a51cf61c9b45758fe8a7e71d547b18401a669b04d4391f765e450a4bc23fa5d79eae47b51fb48865aeccc42e67336e4e11f73638c54cda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bd41f2adbae745625b19ccaf5596bbd

SHA1
e4dd4ab4fb24d79af8dee7285fb2fd41b4afd923

SHA256
fb434618fdb37798e698ae4d2e8456210835cfbe9f42d890de2d4ce7ae4f34cb

SHA512
217fef3d7ebdad22795003a576811dea2ea698a7f9e45ba4f0575122cae15bf5c63f557315d3f0ad576f5bffe618a206c7397a0588bdf4177fa4d301fa299d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fdfc7353256a018b909e07bea05f30b3

SHA1
5060c58e2936ca7f6bd99080e4ebd0255bdeee3f

SHA256
ddbd873c20f0dc3c07b8de5677d2f8fce617b738f26acc996a3a24b426c8c45e

SHA512
9173361e8e5ca9c7e62e89d027ed6cda67c34d1f495bcfeaed6679aa40603884a6807e4fc9b1687097e3e8dc89534f595346cf0e705e4777f148678af65745ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b55a654aa03e5cfee190300d7c08e43

SHA1
6d47d7c4eb245fd014ae1db849f782665a132035

SHA256
f637d4c2f4e5e1583a4c6e4d9a7c15f4923ed573a4bb29621c5e234ac69e9ba4

SHA512
060e32ebb2eb1cfd93022e5f630b3005038f40b9afcd059b28333bffab1193bb81c9b97248142ff7d051b85aa1ab9ef5bbf1efe48774444bd6824c2345de1b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd901c65867b7d760672b2f90cdc06a3

SHA1
ebd4be5fd81276cc53639417d547e773fac376a1

SHA256
e55d2d8ca4f587a16ec01c627d5bcd39c3259ec4d17e40851d02a16c4e9ad02e

SHA512
0434c0513d40fa6aea2fb524edb2d6971e2d226fc829683d90e1c40ecbcfc0b65c5570c0a6d40b70e841b24e320b3c2c4b0a83bfaa778602957ab0aa9f979a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8489e999f39d942ab1df738b6ade234c

SHA1
d9f41a7de111cb70b5da98c725db3588bfb99b2a

SHA256
0988d58523b90719a286107c10bedf8f1e808193fa2d573cc3e105cd994c5474

SHA512
231fee352ee912792268fd7b565730876a6f5c9e8a2bb6ed579a7ddd7db3c862223c7b8c664b7a2fbff62c724357a8da2c66437cd7c03bfb2a0e70d71bb69eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
137e91219ea3db0eda2d54a4824a2af8

SHA1
d7ba0a4e056958c5f33a6d4e48117c7fafd4262b

SHA256
b1ec3d5a52c9cb596716751fffba31f791cb4395d28fe71eae14ff523cf61c76

SHA512
b293259c1d7a1602a42dc9e67f2ebf5ae733a7c9d4e680176f996c8f4ea60040b310ceebcaaa9e6c5be20d09ef73c6412432dbbc0284978f2d5d12fbe15e8a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d690fffd6d4aa2d03e466ade79c56da9

SHA1
67ef4e06cd55e901ce252311d0fee273df0acb93

SHA256
49310dd85257b289b4eea46a5739ac3956d448acf882666604d07f2b70de1d10

SHA512
078352605d4d5ad9ef20869a65f61a34115cc0237eb70629ea37ee5352c98ea5e1865c2a01e4ae9c13e3ad3afe9806249681e908bfd0662ad71ac6974bedea58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5aa82c1ad31610190f741f3df92b0462

SHA1
c7f88560d5015ae66b9e227e8ee01a6adada7f42

SHA256
488969c51f8eedb10dd3b50510a36cd2d36364da8b58333769222c7bcbd10532

SHA512
388648dd75cf589c76c21e14da107e39224bbc291bee77fa5d0d4f349b5198cf981a5c9dc586e49d8a65bf32970c2224d50765eb5297c4d6becb117e6e2f700c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
50bbdf0f7856e4333bf3a203a6ba16eb

SHA1
bb7a782c098e558d92f0e563170a74b603d59669

SHA256
90ee443d11e7aac7efc9395c9dc12ddfcb5d5b0a918571b3028b5fadf268e5f9

SHA512
0fedc395c76d765de550f2aee9cae15ab51f735255efb8815addbe3f59dba82513b71801b4f32f8fe08c81c000e1006861cf187832873b9ea9d21eb52277d714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f93eb3312caa484facc139cda56d96fa

SHA1
85f7714a5d23b4d6e374fff40118ddfaa7a41ca7

SHA256
a01861bd2c96e1766b59bea6fba340c20ea053b516a4aefe223a475fa6c8dde3

SHA512
bb7ef3c40b8a365113097979417dff03884fa3bd1348c78b9278a04806488de07463448026a46b7893dfb6727947e14b6e2e7d10bf640257c898814469f4e690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
64f5a22155cb75c54ede7989d5b57185

SHA1
93a2eb268223e6f385640f46ed0b3dbb48adf6a3

SHA256
1c998b644500ec285aa8510242a7eaec0c7dceaa4e12c57bbe810bfdbe4f5209

SHA512
6674558495ec29741741f1d4b03622005306168a434c2073f8db0df7616a925c1f86ad58c8cbe727b23eb088ec2db0f32596616ff8538506823199ef74eb9ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ff3626a14899f495c830f2434667c927

SHA1
102a0ded71067b2ad0abc65c14b54df187ecc65b

SHA256
d5c09b13f3613d628a4ffbed04cb5bf1d3c7fa1c7a3b1b4dbc63d73ca170810a

SHA512
9dcdc9e75463c22ac341e8588327384667532aa1751ef1a87b16906e14038f630ddc0c52bb9f1d9d603f1824ed41fedc88f4dda17908a59e9da37c1859f209a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
a0d0f78991611263ad12e9ddaf460484

SHA1
bce1ffdcd1c77d2fe22887b47f0cdb6256342b26

SHA256
f743789899b7b5bdad60a6cdd5bd43f7c2e08f8e852754bdb99967ffd267bf40

SHA512
93bc66f131f04304542994703896ba258026197510d7cd2a0401647735a9d8f10cbb4137a666e137618a11a1243512789eeb5a2322efbb43fe098e212a49cc7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4664_332850540\4b313373-d91d-475b-adcc-3a57851a133c.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4664_332850540\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3d7b8bd4549a7648f71240afee58aea1

SHA1
549fcc308234564dc1ea445144adccbaed6c45ea

SHA256
5cfa1dfe7686d18e9fd7f8b1df9b0ec6c1f3f57b382707c7dc0a6a0c6a751442

SHA512
d16e259c68494144a1c2faea307a67e1037df177b1156de087b157a31fc5ecf8619842d71bcd8176e3ab359aaeb173408dbe4f456cd7e33fa1beffd972d420c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0e44e173ed03af57d5bad518e48ee4ca

SHA1
1ccde36d0b20a29c0289864c69d8658bbb32e305

SHA256
b69b0cd922534db031330ab7e6b1593ff2a24f9b88882999937f9885f0c124be

SHA512
67bb99075aa694608c892c9f7a9e3351d38c0bec4767de0c78ec928c26d4b1aa6d84b4dbed7114de5ead71a63791773ada8aa4804b07e897adcd5c71791fb490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8dd5daa439174b2b13b1ea97efe0e4f6

SHA1
981aa42fa5b060d6c1172abbc09812562ffd0165

SHA256
0850a3c592484a20f50229f5f8030bdb2fcfb08cf58f23e7458b2d327ea2d527

SHA512
9b918da730d30467893733ffaac34ac2849dabf404c141e18b9ae2173f811aa8b54eb445b7bd9370aa57cdc5cc759c6c818f7771fb5d9906967698a0375942a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\0c59cfa6-fe0a-4af5-b3e7-73c84e60f6ea

Filesize
24KB

MD5
11ea09ae752212d716bee98633b456ed

SHA1
2ffad2af062fb96614d73c8f4ee4095df1b84ef0

SHA256
ff5bc24b6aaf2f02aadb5c0691ab37be8932c631bf80c8309d3809e585a22a91

SHA512
cdbebf7ec4126521a7dcbf51f4f3a04ae28d8431f5a705b03525bf58c31f8a17d156e53ebde04555662f0ab52885b11d5b99b0d862634d927da80f57ca703d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\1908e518-6651-423a-bdb2-6242ccfad57f

Filesize
982B

MD5
3b37000e4dba5fb627a8eca316726e55

SHA1
344ce7d3f7e837c2463b92e18d798ad7f8af7f87

SHA256
9b927dc8c70f360fc7fa7313474073f3363abb82c899973f56ab29a024c2190e

SHA512
4651b4d73a9d48c37be75fe475ef6a6c4095bddd45c4dcee54dcb214b6eca62a409147aa7f7f9d25b8be9f230f767d0f690a3bf0bdddd4e11489ea9f4a736b99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\398c7f2b-7220-46de-a6ed-f7a242e151a4

Filesize
671B

MD5
f396da2dabb3ad7254c0c759d1562c35

SHA1
db20e81732d6091f3d7c4c9e64fc5a9bd0038c54

SHA256
b3a3aa8dec0a531308f81a833f51073e7f97d7c1fe143dbe2d40c2d38b07d91d

SHA512
384dadc4071f79fa765daf7d5c7c79be1cab48be11fec7a73a92a9dc71e39e3b830873d5f64ffe791310fcd354b516c6b47d547f1a808fe6cc9547b457c3c895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs-1.js

Filesize
10KB

MD5
bf637b025fbc19a228cecdd0f4f202f8

SHA1
06b247478ba17140f29012c6226068f62e9e79ab

SHA256
e38f784c2be051910c77e6cc8a264902f31009b9d4e8930078ac6167979f0a88

SHA512
8de04e862facf770eb3fee93b2207e3ca7aceff8aa5a2d9eaf83a93fb0898db8e5795204c88d97deb1ae51fa98ae29ac5ca78430a2e25cacc379df26949baf81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs.js

Filesize
10KB

MD5
2c2e36167b3a9908bc1ef3b29601c579

SHA1
ed3f2212e3c95bbd7bab3e8e5bc34788fc16e856

SHA256
cb3f548b4e31ce6f27c254a12044573e383c86cf2ff681d7c8c0ef0962a25d52

SHA512
d65da1b74c88cda4f9f4b554cb79e6bab9dc852b966130d0ab328882fead9d015d32ba26b4f6521e0eb4cb2dd371844620d8f1aaaeea5ba87c3368db5336ab8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs.js

Filesize
11KB

MD5
92d8150363fc9229550dba9f5231fad6

SHA1
14c54235e54d3d5e26aecd3cbcfbb1d1c9dc477b

SHA256
368d1da13f35e0562b5d8c10ba7020994e2e00e7448458cf6b9f46eb1d9217fd

SHA512
f7dfc5896759760d0cb755c8a923c4f5399e9aada44c3b8bc415e6718258873bf50857959dce9432dba197e47648b5dc6a96da8114f7aec5e883bd89d9a57160

Download Submit