1796582128f0d742620ffebf0319e9feeb40dbd762f3240a51e26d1c4da50cf1

Analysis

max time kernel
1559s
max time network
1560s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.ps1
Size

15B
MD5

447f0c15c2f52ee6a45ae1ade96a7814
SHA1

f313f8cd41d8e7e5509bf499fd3ebebf6745e24b
SHA256

1796582128f0d742620ffebf0319e9feeb40dbd762f3240a51e26d1c4da50cf1
SHA512

def62c90a5817aad12b396188ee19e8e1ae3d29d7f541b4bb62e434d503a628390e10ef536f1fc0a2bdab7b8195cc035a5f343f304f49427c9f35cb8a31087a7

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

1180 powershell.exe

pid	process
1180	powershell.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

powershell.exechrome.exe

pid process

1180 powershell.exe
2744 chrome.exe
2744 chrome.exe
2744 chrome.exe
2744 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_Classes\Local Settings	firefox.exe

pid	process
1180	powershell.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1180	powershell.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2204	firefox.exe
2204	firefox.exe
2204	firefox.exe
2204	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2204	firefox.exe
2204	firefox.exe
2204	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2744 wrote to memory of 2772	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2772	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2772	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2540	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2556	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2556	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2556	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2616	2744	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\script.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ec9758,0x7fef6ec9768,0x7fef6ec9778
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:2
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:2
2⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3320 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140117688,0x140117698,0x1401176a8
3⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3792 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3308 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2512 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2076 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2808 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1672 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1112 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2572 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1280,i,7475565716813532864,6302136771934125069,131072 /prefetch:8
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.0.1559736785\1069659041" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1244 -prefsLen 20809 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c001c0-11a7-4400-b702-4d1cb0a94298} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 1328 10df9e58 gpu
3⤵
PID:2160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.1.32972254\839751703" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 20890 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e5a10ea-4071-494f-84f7-2c74649806ed} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 1532 e6fb58 socket
3⤵
- Checks processor information in registry
PID:2780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.2.1291448964\356484934" -childID 1 -isForBrowser -prefsHandle 2032 -prefMapHandle 2028 -prefsLen 20927 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5ffa4a3-91ca-47bf-b33e-3025eb8f80a9} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 2044 1a86d258 tab
3⤵
PID:2996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.3.581426220\1465167770" -childID 2 -isForBrowser -prefsHandle 552 -prefMapHandle 736 -prefsLen 26177 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccdcebbf-3f34-4796-a58a-0609fb4648c2} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 2408 e62b58 tab
3⤵
PID:2924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.4.1081128828\1893288710" -childID 3 -isForBrowser -prefsHandle 736 -prefMapHandle 2444 -prefsLen 26177 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead3ba0f-bcb3-4e4e-8226-74965f221fc0} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 2840 1c799158 tab
3⤵
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.5.905069976\812009448" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0808849f-6309-43c5-9866-25463abc5445} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 3888 1c79af58 tab
3⤵
PID:2704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.6.116934851\1120940400" -childID 5 -isForBrowser -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7eae20-e73e-4212-8459-65d9ffaddb3b} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 3984 1f2bca58 tab
3⤵
PID:2904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.7.283980272\595153181" -childID 6 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f095b2a-cf44-49bd-9b04-ae6d3f223405} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 4164 1f2bd658 tab
3⤵
PID:2884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.8.1462215964\1736195503" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4512 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a7bee5-7538-4785-9b3a-f9d538317a2d} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 4524 21775958 tab
3⤵
PID:2592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2b2f0b39a3c6d317a5cfe8c265c2c71b

SHA1
28781cbd694fa4c0257ffba5effecb4d1b5acee8

SHA256
9bc4bec5f7d77c5db2114847a76bcde378bf8e0bc6a0c9475d1895a4367ca303

SHA512
ba6889f7aceb5e8224a8557974871c29d06ffb91e8cb12baf7e77db1d6e77cbb83881704bc1e17ae6dfd36f1bee68d389f2eaafd1070b214e62b2a213858dffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\878d2777-1567-4289-9635-ed9aa93d3ab0.tmp
Filesize
302KB

MD5
d573f3fc2fa86279352e228d5a8dc640

SHA1
622f3cd985d0bc370660b7931e55b40b71e789f5

SHA256
08de8ebcaee67d31c75765dcf15ae455baaa6b169e3de31f9a619b891bfb0f54

SHA512
77ef909cc3d22ee60f8f79b9e21fa6636b0b6c35a6db3dd34649f5c4431e523cbcff3278e867cc8b95cb49d6185c7043a83b10de71f1743cbc2fa3ec3a6b9fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3eabc94b90c35993_0
Filesize
280B

MD5
b890365af5a4bfb39138e70ba5220136

SHA1
c125a95419091b7e5b82d2e490ed0eb3015b4949

SHA256
e156d242b3db401c1256e8487d1fdc388fa777f7217b3637c4d8da7ab0660046

SHA512
a9c4f2fa5b04cd9d66dab27fa02a78d4abf4e95e5a9976d9e3e3521028de42504da6ff97d9409fabd447d39d78aaa2ea6cc3f279a8caa7a7d6e76d7ec37c1151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2597e20463d59e5_0
Filesize
19KB

MD5
29c6ca32e0c5680b72ec1d30d082575c

SHA1
4e2207c01bff37c13ef100d1f6c542e6aedb73cc

SHA256
9f9c4381e544ba4a0ab1a8d6f31406ed8436848200dabfff4d7c52bfcdb1605d

SHA512
5811bbed44a0192845b46ee0d5928fea763f6c4128aec2194ad5c2eeccc1e6fe2f36878d2827073ad41c2a9d8953a7deabe7cceb8885c88b147fa512b2196bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7442fbf9fc2d4979768c526c1dea3b86

SHA1
a8337230c52e09518ed464780a2974d5a8658064

SHA256
b38b8cdb0c53e580bea30eb4b006b072c4067ef3f12f1c07a13255d0502aa969

SHA512
cc12bb17d8313081e653517d737a131ab90678e7cf0582a828eecce7920b1327e4f44e99c3e86f0d9629dd84f76323961c8d3368477e06053e870c5b68182de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
78fa8c19ce9a1b09085cd0039fef0910

SHA1
11e8aa9e4f5b33fe4117201dd32ffffe94d0e7c0

SHA256
f01cb3fdb55077acc67f48a842b2d6780ea747aebea2b782274346533c1ce33d

SHA512
3ed52b4635edcadc3fd6045456babb357522a7233fd7f3b39cf206b93e5e786f8b55bdf127a76900eda70ad9851196a4399694a0d7e3f0366b8a5a951edf9a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
2fa0c4e05567e5bc5cf85d74898b42e9

SHA1
43eb764808ba33fb1b88596619a8e0f35ec4c2b9

SHA256
35728793a3a6b1cd2aceae2297d23fa01f3e8dad9d3b9821caed81ddb77adb6b

SHA512
b215d60152fb33582b513d67d9acc681907aa7db3ad0d7bd69b532b30c7f118974b8df561c1e8baaa5ea2fb9e6749924965ec77f5e4fda279bb363a97b57c568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
6026afcb47d8f3d403431823ce148866

SHA1
0d004df3bdd20911415014652fc575eb9ab806b8

SHA256
e790dda2dc952cd1800612bd621960ee4d3e8a785bd1b0e93aa08408ebd25a7a

SHA512
9cc8a214e4dc5723f16026317eca6554a936150aa0cd7a067e57b299550f0705887be79df26cb9ed43c5a2090449228834504e007b974e3d6f178d16f431fcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b58c4148f6e5581c093f796fe4de20b9

SHA1
91721a2b3051d56cae89242a88e0a9b5c2c59f75

SHA256
6216e494013ecf03b10c112de04b3a8e7e6162666bcc8fa89e65506e9c1d2882

SHA512
1df628e873ae3442da8a8470550b325a78ab5f82f6e34b0163b478f7448c40d28651aa80c7546605038bcdebbfc202b0a9a5bbc084431aba80a433a22da83115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
158a4fca0aa74021c62513c6ef783df8

SHA1
2e39b82ba121df245cfd01a09271b3bdcd442805

SHA256
ec318b011aa0c688910081cee413e5fd62f573fc89910c3d729c72cc65e6b8f4

SHA512
8c4b10208f2a7fce68c0d7ab1f5227ff41df9cdc4a699a1e7c59ab627b46a42bbba0dbfacf14c640be5bc1419724d883d28b4f0d593414b720a325d1493e6a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c54ff62ebf57db045e3e05ccd5fb7d81

SHA1
bdaf0886e232b9b17418b780b58f3975f4b2d474

SHA256
bf03115e10cd3e8c34dc104fa07c4ee66d3af3e2eac1e874b9d2be8675984e58

SHA512
7ecf3f881ba446c9e458a08ea1c20ef8ede1dcd2e5bae6389cf2a4687ead2f6f3f3d148958cd5a82387f387d75ad1fd29a028bcc3092794ff42e9eec8e2b05b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
5cecbba5d3628828c14f399e288ffef0

SHA1
9eed5209f8dc00b5e1a234db718d3577dbbfbefa

SHA256
5f21c4d5e9790e87d1ac503aca50867a6db24b44333cad676db25cc83a4e2b92

SHA512
5b094f5b3c501315c1df7fa8929a09bcc74f67c220a446c1668a478bd859aa6601df861dea5273fe86ba5d0b3980adc79f4f9bc0d9c315bd8350b1184235106f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
200B

MD5
a812b85647c70bbebcbacc77266465d0

SHA1
da2b90dfed3bd480df61193fef6b0d62df8ee50f

SHA256
d6a829e87f2be44ff4056c712ef942bb628d7a00539f199eee560850666e0eec

SHA512
75d8c5bb0077c962f33518bdb4fa699e8b39a281de663589dc4710da93c619ef21bda5f4d71079bdbb3f66521b22ce2c74edcb2f14658a2978fafc6fbb987d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
200B

MD5
824037a3b028088a37dd9d43d8795668

SHA1
d07edebbb8f4beb8c2fd47af40b4eb1550d5c70d

SHA256
27758331a9c62f370745a0f560824d59788a548e882a77cecc1781ecab9770ca

SHA512
409fcfaba4f154d51de3a6a3d774b8f3d5fa179158ed749e311c801d4bf63c0280867275332eb4007f73b60726016835f8440f6498eae49e33c81f09bae184f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
200B

MD5
090db48525b6e35fe053aa15ee1c3ed8

SHA1
d6abc519a15eb63d099060f3f456aec161939882

SHA256
edaf8025ed0da2e32a641bd5f7843e515f42bb1d0e35dcbb4b51dc560ddc37f7

SHA512
7f57c1f523c9b7ef0f8dca617f6ccecf5173e2830d105181dd3c91b6df18b05c38819a52fce65149dfe9fc688f4acc9801a15c257fb57e1a77b309706904fc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1613fcd5c739bf5a5dc82ebca0d0def0

SHA1
f0beb2d4d1a2ecafb6ff5d3c725d98dcc68e14bd

SHA256
055af7deb5efc51b19d91ee286a3de9b3c84d081522f678de48d877b9e76cb0a

SHA512
d82ffb44b4e8916abcd68e7b27bbda0831697e3067efcebeaf3f56e4c93750127f7d642feb740b2a3b0cecce59548ff642f46a6533871c55e1403a4ef88792b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b4b977049691530b318f4013eb0247a9

SHA1
3c5af9e630647d22b5d9f41da59b8435624279b5

SHA256
8c1398c1c59f7d7f7f4783d243f3a49d755eb0fe258007fa691e5f56da14404f

SHA512
d0002a729daf02023bfc0aa29c061a397c080ec118e9d690e1111dc183ef0fba0faca1bb0c257d223c8178956ab12fecb35fe43c779e62005079504b82cf7746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1bfec431487f66cff0d5fc9f2dd25802

SHA1
060f4e6b5f70718ff0ca8065bafa59706ab10439

SHA256
3871d0894e32001286a5556876499a17038af6acb8bc827c72b60fdc2b496c27

SHA512
224aab1998bf1d7f6fdb91c36e18113a25357fe35793546b82329d627644d74317b692823e62c089601676b93c8ad2b35b063ef2d69e61ae4072520338a0297c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
48b156a61fe8faeda4898902a8634fcb

SHA1
b9277c570aeabcef2966a04d00e8d7d20ccbbdb3

SHA256
1ce2d66ad6c80992d168a9f4bd0983ce34029e0c8dfd1f92b052d402d14b6e40

SHA512
4c4a4bcb17e9222642110348c374a8f33a2b90037613a4b5f6e8753fbd18dce608f7181e577ea3a1cb34c292e4a25f09f2d2a69275a5178072b7829003e75123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ff9c6539f834d5f83e9c1da3819c07a6

SHA1
9fca3848819876f66d607e00b2a92b4ab8b233b8

SHA256
360038507aa8127c9a2687a38807e0aa3e87948bcab16658edc44e52a9b12b1d

SHA512
8a5ce62b8ede2780fc3e376e6319a34b2cefde688c828f2f0163ddfa410ff519a9284ff5decee265671b84b494ce36b52308bafc25ad744c2e9672f47be2fed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1158fc993ae6c194d625f3592b2add94

SHA1
4dc517974e8928bdfdaa8af061a3a2050510c999

SHA256
d9de705f31bc055d11ef6770d5973cf02afd03a3d848840dde98e57986d737d2

SHA512
bf7520fdc00c47f0d9aaa368b79c9dc8713f31c6b16ca916707741a47c1018247e6a52c1ba153ba9497999ede81bf9d7ad510d9cd997b38914ae575ad07c90bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
302KB

MD5
e1bb0145a0536feb0eb5086e8920cf7a

SHA1
67815a4e8c827eec63f08c58f6de542ba5e8d529

SHA256
7773ea0acdbc6f64a0fcbd5e464a93920ca3fc47c74fa913cefbba0ee72a9d68

SHA512
cf0b91175861187ecc92f23b42bf5727dce0a1671dc43da4595b56254ed99734181b9e01b75100e510911a6eae5ed54870f81ad107581f6d1c75e153dd97c306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
302KB

MD5
0cee2d4de0496c44a9599553077561bf

SHA1
ebfafcb88b63eaec016fc15fcaafd267898b51ef

SHA256
558ac0d1ab92be906c46e6e9421e08e564ff3b947b85b5d8537768aed0aaa163

SHA512
716880a1d19806f3710afc68f2787f1332115bcebede3553deefefdd0375a8bcaaa07f9118bf16c93ac5e38b64d1333400b5c1828e550b2d15eae7a3a187fd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
302KB

MD5
bd4b5e7a428f2980ee714631f829a93c

SHA1
25e8801f0d1f1504db66496647e4ce27ccf5e568

SHA256
c69b0c0a307c232a9d108b6824ba23024bfba76cf92c2180ebf6e2b22ccf464d

SHA512
837ce16509274c535b7bad1fd107766b5d651a7a0fa136b022f08429bb4a61b9d5ece96894a5bccac273b5ec3b545573d7bab9ade8c10b96f92d8c2efdbd5fd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jts25bp.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
9a34a122d91eb894b63b4ab942b1e93b

SHA1
df57818d39daa0716983ac5d02085a1eb27949aa

SHA256
972b18b44a9ca0eabd8062b3032ba7eb9523e2b6bb9b4846136a06ce391a495e

SHA512
e73795a9ff8c3a9f113987481e95dded47141c1bbc5a7a8d35ee4cf528289c90fcb572cc6f250de0b478c0ae439a0c145de0f280b9d188e8a4e6441ea578de1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jts25bp.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A8.tmp
Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F0.tmp
Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\datareporting\glean\db\data.safe.bin
Filesize
1KB

MD5
59edd033af941a2b0233972eaa9f9f61

SHA1
b9a1f18389cd6ace8b5d163d11cec1f6167901ab

SHA256
a12135f10f59316f13580d2016184f0d1672c9d8cea9939fc4c3d95b68d7dd1a

SHA512
5a4211dd127f33aa731569b76efb0950e1249d48db64a356226601d12ced05ebc2cc4f8857d55c38055738338382e60fe2e12377eb26eab549ffda519491bff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
14a5f06262faeadd7ed3fad9de9ef4fc

SHA1
772987f1af7f75a4fc88649e6b1b70c0ff17f8df

SHA256
4568c30cd38da18e05e7748d08ffb9d8caa5d1f822efc4ac922ec7498bfb91ac

SHA512
4751749b1b18db8b01b51f6b21354ceb7c1894e16a45c09cef596baf9e1f436ae8365c7abcd8348283f17c6c24c3fcc32f6fcd03571fe5f31f710b4c58f9a87d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\datareporting\glean\pending_pings\50d60b38-2a39-4341-81b7-e6b80e2f5fc8
Filesize
11KB

MD5
ca0e3edc33911b185b76ac36817deed4

SHA1
bd4b920ccc5c1afa86af950c7e39f224c087887e

SHA256
a1488893fac0c75ae86196a9daabe47ba901ad62ad7ee89c2f0d58c85ed2241b

SHA512
f88bae99e4ace876e03f57c3d28924e52f8fb442fa45217f2718664acfcd2480216bdcfc6b8be83080acddb5b1eeedea39328663be2e81fb72b14d57515d13e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\datareporting\glean\pending_pings\dcedf804-4f9d-4321-ac09-df5aef16e5e5
Filesize
745B

MD5
f291edd8a7cdbb50207953f7d62c7305

SHA1
8b947a4ee41cf55a89465d51440aacf0054f921d

SHA256
59dfcbd7811005dc0e2f7a016eae475946395712aca86a2328234950c5919e09

SHA512
51c1b6ee98062117fc2a745580142b659842ec7d27d93a91b3e9884086f32c7625bcf3e5602d7bb257c7ed987b4dc07df74015e8e7ea20876de99be82e9eda75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\prefs-1.js
Filesize
6KB

MD5
188c86ab6e011e3bad2bec2729cfe6cf

SHA1
e68285c0b06f6b3b1a608479f374fabc2df0e274

SHA256
a7619c3731235d3fbb6d55ec05d4f6007b57902074861813db750b6880be250c

SHA512
56615de9726b08f10b05b3a4a9f397f754f04c005347cba04adef25876b465a3719ca32fb99b599556049eb1b8612299e41c4bf855c3f0c8ee4c65bf3617abfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\prefs.js
Filesize
6KB

MD5
e3f762393ce4d30e977740c8513f4624

SHA1
e6032a0e1c4377b88772fa7bbf5b91a42ec0a175

SHA256
1ce03bdbd72deeef09a435532fd73d7b1742c5548fd7f0f5bd8e2aaad1dae211

SHA512
795f008ae53cbcc159aa27cfe9d89c7ec683b01f560e4ac1fdec116a652743657efeb850e2f136a4f73c9102827f3614b8594fdb64cfae8ce4b81998411961d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
8e2ce82d1cafc26c16680e7d0df72068

SHA1
b2a8326beb82ce0bc366684db23b93d58408c34f

SHA256
98c678990f6c58762c9cefa03dcd2f141011f1ec68cbf0578151e51c6d0c2ddd

SHA512
a47980bb2fac290a30a8ef794ce3a9169269496f207fd3cab73bbbfebd0c522c3676c472c3c0a8d0adbd2c673ed1179292a3515d4c7eb9d4214a617cc2c3af9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jts25bp.default-release\sessionstore.jsonlz4
Filesize
3KB

MD5
7fe08d01dfc2ab453b8a56fb75eb07de

SHA1
797a3b0def07edf9fa0fb8e58e47c00a94544ac5

SHA256
7faff3704596635878488771eba3e6c08d0e511648754be5242e47c5587da729

SHA512
c73fdc58508e2f59a37a14108dc691f4cd5371a2cbf9965efb348306bdb4179a90aa0061e4812d6664a46e3ccfff262615764a84317398ed2320643226622993

Download Submit
\??\pipe\crashpad_2744_JFWQUULRTTGEUYXV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1180-12-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

Filesize
32KB

Download
memory/1180-5-0x000000001B660000-0x000000001B942000-memory.dmp

Filesize
2.9MB

Download
memory/1180-7-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-4-0x000007FEF5C8E000-0x000007FEF5C8F000-memory.dmp

Filesize
4KB

Download
memory/1180-9-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-10-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-11-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-8-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download