7b949d61b308ca11a5d433de3bbdebe7b76bf8a375aded7c31822a1eb5efe37b

Analysis

max time kernel
88s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2023, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vegas140.exe
Size

35.4MB
MD5

61a6504afa3857a24cadc59adaf29198
SHA1

96c8786cf70cbe2952557ef8510b23818d72f324
SHA256

7b949d61b308ca11a5d433de3bbdebe7b76bf8a375aded7c31822a1eb5efe37b
SHA512

823eed4690761cd09711d94698e2118abcddbc77a3d306f159bf970e84933db99e26855b1fb3736568a6a2d120d3f6bbb453e0d0dd4949c7e6ac905fbe796b52
SSDEEP

393216:XAFP62ivR47AzUVUY8MollL3wMUYWVyBnOBonXV3FM/UIKHSRJeYmY29HD2L4ys7:Xe/bEDD2L6Vsg5

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238379294236830"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	5864	firefox.exe
Token: SeDebugPrivilege	5864	firefox.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
5864	firefox.exe
5864	firefox.exe
5864	firefox.exe
5864	firefox.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
5864	firefox.exe
5864	firefox.exe
5864	firefox.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2076	firefox.exe
5864	firefox.exe
5864	firefox.exe
5864	firefox.exe
5864	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 5068 wrote to memory of 2076	5068	firefox.exe	103
PID 2076 wrote to memory of 1344	2076	firefox.exe	105
PID 2076 wrote to memory of 1344	2076	firefox.exe	105
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 4848	2076	firefox.exe	106
PID 2076 wrote to memory of 3564	2076	firefox.exe	107
PID 2076 wrote to memory of 3564	2076	firefox.exe	107
PID 2076 wrote to memory of 3564	2076	firefox.exe	107

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\vegas140.exe
"C:\Users\Admin\AppData\Local\Temp\vegas140.exe"
1⤵
PID:4216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.0.1734887797\555199659" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {101bfc54-8e59-411d-9370-34a3a2748d5b} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 1944 25012116558 gpu
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.1.1224395552\797652831" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebd95c2e-76a2-4c34-b002-10e7616f2bbd} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 2332 2500416f858 socket
    3⤵
    - Checks processor information in registry
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.2.834996487\1216619717" -childID 1 -isForBrowser -prefsHandle 3216 -prefMapHandle 3232 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b78624-7a8f-4a54-8e5c-9ee535e8ddc1} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 3140 25014e14258 tab
    3⤵
    PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.3.143225238\1902494534" -childID 2 -isForBrowser -prefsHandle 1672 -prefMapHandle 1244 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf1fc4c-b4fe-4689-a7bc-2964cc0e42ec} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 2680 25004169f58 tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.4.1826351070\1584406557" -childID 3 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bf4da0a-7fce-4ea6-b93c-df0ef744172c} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 4148 2500415b258 tab
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.7.1778582281\1349827045" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75ee8534-ffb9-44a7-9038-1e6c8ff61c70} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5236 250176bac58 tab
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.6.1650634904\134846760" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebea8252-cff1-433f-b433-54a093915a42} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5036 250176bb558 tab
    3⤵
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.5.513259698\792043062" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ddb186e-6450-4dff-a8f0-6d5db7c1b350} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 4868 250174ab858 tab
    3⤵
    PID:4092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5844
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.0.1210390308\738439985" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c25086da-86c5-40ee-9628-ebc903270802} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 1912 1db6ed10858 gpu
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.1.1710335000\898566829" -parentBuildID 20221007134813 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 20926 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a9fc5b5-e4f1-4481-bb4c-4c69e131ca1a} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 2308 1db6d837c58 socket
    3⤵
    - Checks processor information in registry
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.2.1851757133\1179472271" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 21074 -prefMapSize 232727 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9904d380-2186-41f9-80e5-e8edfa86f2f9} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 2872 1db71c16e58 tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.3.818694161\1283199644" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 25686 -prefMapSize 232727 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83298f65-0aff-44ef-a984-44d6579f8c10} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 3516 1db61468458 tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.6.2072124443\2118198112" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff04938-ea55-4168-85bc-f957b3efcac1} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 5092 1db74b68f58 tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.5.1313772192\148505195" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4920 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61f16c64-35fb-49f1-80cb-cdf90e580e7e} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 4908 1db74b69558 tab
    3⤵
    PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5864.4.53933303\2101355189" -childID 3 -isForBrowser -prefsHandle 4760 -prefMapHandle 4748 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e2d267-53b2-4b30-bfa3-c6f8b3bcc6fa} 5864 "\\.\pipe\gecko-crash-server-pipe.5864" 4772 1db7063d258 tab
    3⤵
    PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1c019758,0x7ffd1c019768,0x7ffd1c019778
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4680 --field-trial-handle=1812,i,16682015309334474740,7071424737254172363,131072 /prefetch:1
  2⤵
  PID:5400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1dfed844-25f4-4491-b759-e40f1b3bcefd.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e56bc40e73eecc40f20312459756109f

SHA1
2a257f87ef2e84beee5cf8ef9d9177ce73d53af0

SHA256
65b5068dc888d4037eb7eab545af5ff146476af4b4e6906ae0b4395c3c9c6e18

SHA512
8c6f59ff7749a97fc893bfec50e4b88aacd4a389e03e14897540a65db3ef092024e06aaa745129467f09c8c8920b684704a234d8e1e0edce2c605703111ec502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb86d459a536d9daba4e9873ceb0c6c1

SHA1
f088b03dea5966bc52c9fbfb2d10f036eb0b64c7

SHA256
f5511f6070da4a06c4c8139af4050aa17a604990d79706d9ed6b331434a23113

SHA512
a2760f76acf94f310824ba1befc37bf7d11d6194cd23865b2242783563501c0935bf52c23902d5bc5072548993e1b756c9d805d6c32eb293bd15b2ab14028535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ff778476edbe84bf5e762f66fff53652

SHA1
6a74f808ae1fc8caa6e5a719ce1938ba1587cb2e

SHA256
6f23c21a4764f8e497b391b59622cc49d8d03e7f9ba75b3bf5a288d31eaaa66c

SHA512
4046097dd384705503d4208a177d285db37dcd5ba7a556dab5da8bdfd4438c83a7ee2a73194befbb7262b5ec6b73bff34fbebd17765d979fa7944c3fd7f91e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9cf054dd8cebbf94089d29ed67072f47

SHA1
c07c6e3afdb3effd0cb1680a6e4815aac0ce953c

SHA256
fba38ff1181e1eb9bf8db7b34260a21d5ec1899d81ad68d9a355206647f9278a

SHA512
aae40783122520b51c319914b17c23278f7557d21dd45f8ea951087749d625ed1ba0c2210b2dc246cd9fcc54364d51c1b960706c43b2ec4ddc9a8cfe9a94166b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c265d534ba9ed16f19fc97e5ac1e7f7

SHA1
51b924c04a094a4d519a6514435b72501edb3a4a

SHA256
1a6a781406c72ca2978ceed1fb9ae624a160a9aae2b9d2bb28d2bd15520c0f00

SHA512
1fee4a05059ab0cd64576a5783531fb4f0fc7e21b89a96b89d7f0cb619354f3383ce3cd84f8f293dc0d116abd513b365bfd03ef7b464fa1458070d7792a5cd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
badef9b7f281919b9d3c109f8bc98d69

SHA1
54290676e8dd2c09a21fdef37e23fbb9f33c47e7

SHA256
564f9f5afd4e84e70b2b7b71a602cc9f5a78e6888d894a98a5a4779ac436dc02

SHA512
93b1dcaad19cef9f1fd428b19346cb3435510ab8cc24193b4633c798eb26f6ea1c05e4c6b08b5dd033b3aee35c7d0b479f35eca2bff65b4da2695211b734aefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
13dcaeab398f574f2511449380904d4d

SHA1
c38b513d28201e8ed50f93a04dfabc1c928e5985

SHA256
cb329db4fd83dd8b515cec6e9c6fd3967e624e89898407843d6fbf6992858848

SHA512
8f121e10e8ebdca9e55f3f0763499fda9c7f71375ec031786c0fb554a477ee7a0cd0e556ab90c777cab891cdee7ea62d8ae64534c504f0b9c7e95b4eff47bf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
c7390f6d9096c29b7c2f29f7ed1d4c8a

SHA1
36a72857e4aa189680b5bbb75457d4d1f7e4f84f

SHA256
8b90476de59561f38caa1f45bdd8dd0ae08845e84c75c7ceb7100a2e6e5aa2cc

SHA512
b1a0ef7734813b3e0e64ac39a7afacb2c273356e65403c71aea028e4061ec20a27e9c5ad71a20eff09c6a9609dba663378694436d5363c6d4ef133f26e7d705a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json

Filesize
144KB

MD5
5d41fd8b99a050e40bcf55df98f158e7

SHA1
4b255ba29edc8c9a504176c4cd2a6195186b7958

SHA256
8d2ae286a9f3b85949f38b1ef2b6149ed7bae6de90744e055f0c9230e24cd920

SHA512
967a4eb52303de8b7b8b67cf055b00b56c335ad7d8bb71cbfdbbe36f093deeb57b14d13e593250d29793cd614da5f96eeeb1286aa2eb9b156447d73589a3b854

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
87a1f74d5c26539aef0425710a7a11df

SHA1
f47cb6ebf1512ed861d440909fe543226476e41c

SHA256
b564137c7c23d3cd148ba4b8b4089c7ccb87ce1e6ae4064f7e82d51b339da9cc

SHA512
cb26694af044e237b26edaa81e5c8097f06ce8ce04fc18ec1f36a78ea954212300ffb180fd23b6f037f711aa6070c233d3266e1e5b33137ee1d7e069cd7e8b66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
db904c7c36b84e809b423ed989786461

SHA1
808f4cfc6c851f63b179e2da584cbbfe6f44c3d3

SHA256
bdb18a3370b9d5d0c4bf84e9f8541cce35adc525295cb439dda3b03baa57f912

SHA512
45ef790d3e1fc371ccbafee7e49e4dd2936263552f71bea3a4f6d13ba17bc2b7f486d992a42898f64bcb4aca125857c00bb2a5494dda476439f6ce87155a0c28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
35e5806323d3e4fa2413137a58689ddb

SHA1
7603532b6d0bc7b019177264cb7e4f8c5a2f4cae

SHA256
2196646c06d5af86255397658fcf6dd3f6a15187fdb0c8541eec86dedac85189

SHA512
d9bb3ec8e4ceb3b9b972f7f1b902c00ad7c53b0fe06be24cd47942f9f381002b6bec605fe48794101b74a00b189fd9412325a318c2daf21ac5ba280fe07c73e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
5ce6bf314389334d68e10487e4c322d2

SHA1
3745bb71d8b8dbe39d7c66781d5c2d53ff52fd8d

SHA256
4ef7409a5c8109ccb0d41e0fcd43d44fa5bee921c2c4ae1da6066af4de2ee0c3

SHA512
e56c31e074f5a25d43083eabc16ee573dae9002d435bc4d8e1b14e3a2afc01f72ae07904fb0fdd896222f7988b24b8fcf2b19683fd6616c248bd6ac206b8c8ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
9d4a6953dcdb6bc76bb4523e28c1e64c

SHA1
8f350669c7bf36b3a1c1572c6d3b907307eb916c

SHA256
6b4071a104a33f8cfb5c8f21053a830e667ebe8630c73d453be6b0af27e1a140

SHA512
866e8c4f6551e5d0e4da9746860a0a5e7a05182e5e22cf955a63eede957fbda439740b84b18f9928280f961603dd89843957b615f00b8494553d923656ffd469

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache-child.bin

Filesize
464KB

MD5
60e9d00650df9831eff9d069fa289bd6

SHA1
eb2a4ab8c870896d5bdbfbe9a772639e0cf23e3d

SHA256
8b488a49787359a85eda28a1965baa865a72270cac1368543ae88ecbc2785fd0

SHA512
4390fe1e31df54e60f5f762534c5156285358cc3cceed50aab22335f01918ef3bd33bad76770a546ca0f60ce79f439bdf168363a250932859187b6ef5f031101

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
1ea56f29609adc69cb50d5575f042fbd

SHA1
8a55e78df858294c17bb04d4b04500ca98246da6

SHA256
ca34f6a2fa201c20d6b0f2645aeb6621a5bd90b19b7a59ad0928a70d0e92c967

SHA512
93f5f3b49363983782b50ed631e253337426bc54f32ec33a5630955b14f19d5b0e776709052b4b3e5cc15cc02fa3b0de60097c9ff3d91d3190e69ff49dbc784a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\startupCache.8.little

Filesize
1.9MB

MD5
83f6aa133328faae09d17ef315adea89

SHA1
62a359960fcdba911ac152f224fc3c47bdf43a79

SHA256
05bc7d12a8aff8d0438073c780c053683e9a3afe1c72de695df330db0d3b45c9

SHA512
b39292b97978bfd3542299d4b4077148eea7d7230e3dac3f3c3e06d28ebdf0f34005a1069c085197e51e1fa15fc41ba51acaa5ba1ecf58b53a0e730f48781ea2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
5394972177fa21b937d99749d0c5ec56

SHA1
a1e0556009c1a6dcf6bbec21eb24bd2297334547

SHA256
8af93017f2c6c80fb45d37a8e91bc467986b0f65035fa449ca940e6334204822

SHA512
25d6d070bb669c4dba49dc2d9e171272b8f2d63e3fbe81e717942e82c655daa718f0f4dc154c079d815cc8a1f14c49bdd861baed13b344349bb0e0a2cb211789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
dcbe1eae1b320ce71f9ad8d95716a977

SHA1
f00dbbcd9fb8baa25bc4a771a3284d598850a0b9

SHA256
41565e5fa34dd07b79a75ed9d513365ed73632de392083e346e56db2a8d543e0

SHA512
d66805b114b6130852635a481d419217215c8088d197785c0a613974c30cb8e5ba572d579cd98e0a265d9edba20b3889f4c43277fd6bc819108f1b8d3699db11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\session-state.json

Filesize
161B

MD5
6042b533fbaf1d5d8cf13564db206256

SHA1
a8bd9c77d39c74d24af5a989ad5f950e73ed1867

SHA256
ecd08479361001440ea71d2386c6afcbf834ba05cb4088d82c692f24ce51569c

SHA512
7f453b4626d5bf42c6ecb38b4642a40ab1e54da8605ea36a2acef95d188f9984181958c23be292b804c40d6bfe329fda63750ac4c90b3664ddb5227c4598a6e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
53cb9c172fb07916f88f6965338281f5

SHA1
96d736b8115a70e05ba631eb1995cabbdca1fc50

SHA256
d32ee34e92b142b12a4823c24b057f11b671995c9f32553d79374db6fa02eda5

SHA512
1e7017e06f951b316a5771562f67c2067ff35f56eeb59013340dbd0f6444a48e71d8e4034bca825b7c76d2802ec53803c5574f99e7cccfa25fb5023ab6544241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
147dc274b0d019a0a0797ed04a9ca356

SHA1
2a87cac72bc4f9bd7061b14e034bdf55bbb07862

SHA256
9ee9f9a88523e0f7cf24b477dd9aee14c1996bb2ff42c1ddb0f7904a5417ef68

SHA512
24ff2c65fabe3e8588f9ec7d1169d7a074ef09d6a96101b69143cae4b3221fec15a0ddc790f2a2156273d235183db842a56cde96c4d20d112b023ad91e4cc7e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
c36d8a709f79c0f570a2e8394e81cdb2

SHA1
4294fcb3caca9cd34b927f058dffd823407437a2

SHA256
8cd8151d74c5b6ab3724e049524bd9fae551d6a0c16a982f32bb52dad0ab39d5

SHA512
7ce1cd571ac70b44100a2ea24b937a70fd00d5cfee06ee516f72e32afa46c5a38dfc80a37e0332387193809b414de0d211af4c8c89e26cd5985cf924c0369d15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
63f8c7eff765622f9bf0124da5a938b0

SHA1
3af11dbad8b245b4098e084638ff44da154e3bba

SHA256
154e823fbd57f5bcc72cd17b1d03cdd1b507672c5cb73ee4c09775b52b860c5f

SHA512
95837e44752c05024c0660b20c02b0b6237b399066027bc444ec57fe30a42592727260640e3358ef83b9a86de7ce58e81f0cdb68d3b70d670587a708d55f7885

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
9bf383b9003c7d431cf6fe157c9d6d9f

SHA1
727f5224a267477f2b32630b5fe9147ef5c2caeb

SHA256
1aa8fdbd20a6731d521ba28059e2289f8adfd0f3cb8613a677f2b98dbb6e3970

SHA512
f371c9a50997c74b158f2722f2b024713fb7f1f5df6606cb85e5c195862288d7f0c5833d8c51ec136a11221f45617c9edbda43e2cdda04c1f64c6a9c34c9c267

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
418B

MD5
1b6a40068dd721d44a662e3e5fd8b8f6

SHA1
c27aa3f4d1c7df6879a01643aa131e2d2fddf7bf

SHA256
c7f604ec75faa2bdaad52a20751097d5436997da43292b15d426609eac68658b

SHA512
19c924eebf1be6e307d1a841d343711a28ca232895dd55aba1f034c827e53cb848f6047f7ffeca7fa67ac8d837df2c15aa4ee12a59ea9c101afbcad5f16bc0e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813

Filesize
901B

MD5
b57e61b115fc41cd9735ff5cf8c9ce5e

SHA1
227311836d8917be8942bfc4adcc8cec94155104

SHA256
fb62d083f5d44a2a40d1fa1637327dc15758cf6c921f749a1cd9a63fe0b56ae0

SHA512
b44a3544a636388523cd6a9974911f78b4e56ed5f8876653dad8ae7b8858e6c7382902f7d89045e62d4b6727024bbed8fdfecab65d3f54ee2704109ceef888ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4

Filesize
460B

MD5
705ab7f034a8ce52a8049c17c5c1a1c2

SHA1
f2d72a9e4a697e305a5f8be440475a8a52baf026

SHA256
13de1a0ca9447c7dbfa13f07872de0e9b084fc2ad61daee309a3de07857c6b42

SHA512
3465636300ebb4cb1b8a2b3a613eb754a7e2312a57f760cb1b2d1e4f0ac3d9213516928963eea6dca005b0c05b5692f6626d7f2fad474c37a802eebe32729da4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4

Filesize
901B

MD5
b57e61b115fc41cd9735ff5cf8c9ce5e

SHA1
227311836d8917be8942bfc4adcc8cec94155104

SHA256
fb62d083f5d44a2a40d1fa1637327dc15758cf6c921f749a1cd9a63fe0b56ae0

SHA512
b44a3544a636388523cd6a9974911f78b4e56ed5f8876653dad8ae7b8858e6c7382902f7d89045e62d4b6727024bbed8fdfecab65d3f54ee2704109ceef888ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4

Filesize
901B

MD5
b57e61b115fc41cd9735ff5cf8c9ce5e

SHA1
227311836d8917be8942bfc4adcc8cec94155104

SHA256
fb62d083f5d44a2a40d1fa1637327dc15758cf6c921f749a1cd9a63fe0b56ae0

SHA512
b44a3544a636388523cd6a9974911f78b4e56ed5f8876653dad8ae7b8858e6c7382902f7d89045e62d4b6727024bbed8fdfecab65d3f54ee2704109ceef888ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
75fab68a20fdbe5b1cc5e6a00f3fca1f

SHA1
f0db5f0233447ee7144f7892a5fde8cbce71e708

SHA256
72f94567d83fb54b49f2a18765ad9776a98af353b05fc241f7c062d940e55cbb

SHA512
fb4f175704367136ed72caba687364474471a47c6366c2efe9be17e444cf465c70dff37bc49339f76f66bc8508a7edfefab63ed13c8bb35334bc3cb77e9dc798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
4181a424441b4980439e3963f867a141

SHA1
0ec909dbb8ceefc0ce3f97c3716fa1361914a09b

SHA256
0d7de6a1124bc975509e75860ec2dea807e3245232488fa2208fb53399b8eeda

SHA512
113eabd860d965d0999363694a2ff89251ce96d95fd7aac945cd1634401b7706f5171e52edaf44192f9ebfd615f5e45b818ac7167385d07579a238b7909ade82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit