Resubmissions
31-03-2023 19:44
230331-yf17ysec4y 831-03-2023 19:41
230331-yeb7fach44 831-03-2023 19:38
230331-ycpdzsch33 8Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
31-03-2023 19:41
General
-
Target
ClassicShellSetup_4_3_1.exe
-
Size
6.9MB
-
MD5
230d1965a035bc4c894941caa3d19a32
-
SHA1
317604eba6e94e8777741d577b0ef160a0af3258
-
SHA256
942c7ee37303c962628555e196eb35f4465bb45d204600dd2518dd20ddebe5e2
-
SHA512
00ac51bdf37bde44668e5cf20854f67df1b222959f8876e2fc3d05814cdb7b11c728411e5ce04187c7fb9c7939cab56cffaa3a8f02bf0a17437dcf7af51755a4
-
SSDEEP
196608:1fCy8wAafvB9W95jcOqihiDXHzk2w5gzOAiZiU8sXo:Uy8wAafEjnqzkt//s
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 31 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ClassicShellSetup_4_3_1.exe"C:\Users\Admin\AppData\Local\Temp\ClassicShellSetup_4_3_1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe /i "C:\ProgramData\ClassicShellSetup64_4_3_1.msi"2⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.0.758528428\438228414" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77bdcf54-42e8-4af1-a5a9-04abe57cec0e} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1736 20d30907258 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.1.1768362694\183690869" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20891 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a23c5423-dba8-44ff-b4a6-dc83232853f4} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2088 20d2f603258 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.2.2027582754\1695258272" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2648 -prefsLen 20974 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e83be8aa-5de5-45b1-845e-1c726842548d} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2964 20d336d4d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.3.375725128\62083173" -childID 2 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {044e57aa-e111-4df3-869e-5522c01a8f6e} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1092 20d3462d558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.4.1114257286\848436825" -childID 3 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20953be4-a60b-4ac8-802d-a1963b7c8320} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3976 20d34e74d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.5.1360526253\2061940569" -childID 4 -isForBrowser -prefsHandle 5020 -prefMapHandle 5016 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c605ea48-3021-4583-860e-b78c71c5adbd} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5028 20d311fcd58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.7.1645177281\1808868730" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad5f230-2c31-4431-bbd5-ed25a4a4aad4} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5196 20d35a3de58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.6.718553337\1188253808" -childID 5 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3522a6c0-6102-4d7c-bfcc-dfdf62b79904} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4624 20d3274eb58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.8.761191110\1826211478" -childID 7 -isForBrowser -prefsHandle 2856 -prefMapHandle 4644 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abddbf5f-da81-455f-823e-b04880ea9e50} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1528 20d357dc558 tab3⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\RevokeFind.bat" "1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3a81⤵
-
C:\Windows\System32\xpsrchvw.exe"C:\Windows\System32\xpsrchvw.exe" "C:\Users\Admin\Downloads\TestClose.edrwx"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffa61f89758,0x7ffa61f89768,0x7ffa61f897782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4656 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3012 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4472 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1748,i,13773273406846084908,12503506795302936572,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\ClassicShellSetup64_4_3_1.msiFilesize
4.8MB
MD50606a9a7e1157a08c1098718575edd6b
SHA144737e63cf3565d34a6a36fd6365ec92429fb3c7
SHA256347d8e65f200ea8c4eb9752f56b62d14af4370ecf7f13657a806fa1433fbffcf
SHA512d46c9829ed2b67a37429723af09f46e11d0d7b61cf5b398ca1daa2ef061c5b4de68ec89a95bd8a612ccd87899ff07bd802cc12fc8d1e0e5746ddbbdd7b0ef4ca
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029Filesize
43KB
MD5193c07799ef4af4292f9f8b8682edd54
SHA1ee8e6ce7dc29116d258fdbbfde6bc11e5b5aaa52
SHA2567746303b0fb2db13e42a9f820ca92fe974e0e2da27576fa09202ef6cdbc482df
SHA512d5f15744696e5ff65d301eac9073e82b586fe7182434a946edfe2cd28155019980c9c0ded60ada9475d7edb078ddc43df2c6cbfca06bbd73f52f3e6914bb3a3d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032Filesize
19KB
MD5ca7fbbfd120e3e329633044190bbf134
SHA1d17f81e03dd827554ddd207ea081fb46b3415445
SHA256847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
SHA512ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a95da3facb37d2d00ed8ee8cef49bfc6
SHA123c16aec9157acac895147132140a4573e015f1e
SHA256a3bfa3513b430cb03550a8598c2e441753b7f947feb773691b2d70866251cb23
SHA512edf467b711409d1eed1721ded6bb2462414efe14dc1e4c3615eefa4d8ae338b4267db4128d52faf750d960b1094d7187ddd7817bf640fc910cedd41140685d11
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD535843898c44efc0e137deacedbcab94d
SHA17959ae82d774a5a404053c93b6cde2542cd5720b
SHA2564832aa246c84a460e049b4a9012942e7ef90f80ef06fcd2132cb7141798741f2
SHA512a300d9f00e8030fae8a13637da6df55219b4840036c874de1b0b24c0e08e477752dbf826fef1fa97795aa67c228891d2ac1e665351adedff106b5f4b651271ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD520365ccc8ebd21a08d7a5eec83548da4
SHA162470385fae2067a9f1ac2cdfec6f964d81badfd
SHA2562832e381a8ba0bf782514e3de610414e8ace4acf5b8dcb55f74bc5d75dca9cae
SHA512bed5d0b8b7f2097b080aa1a7c1a1e44787b5fc5af1b4bd7d2bfb5aa9c39ac3a5693219c790c03694f0f7b59478fa0ab91ff71dcdf4668d558c389025d62d4e87
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59646ff745f86c926fa89f0baf0cb0727
SHA1633ed796f207f528e9a4efac5d8af8b708df9094
SHA256d18226ab203e41c71f51b2f6810b504e14b089a430d8656770497a4d82087f02
SHA5123c975905447e8e325874ea60abc6c7ce65e7d9125003e6ca7e14a1fcb422ba93ebc92901bac52c5ffe110865d6f69b1e24c1fd5dc4ae11c77eef49a37292bc2a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD57c615acb052711b21b4f9c1ff6a21e80
SHA1d20e76542fe2a29011710e351ced8ffff0b202d9
SHA256edf8515f0079ab640ef8f8817ece40db70fb8e94f26fce58e689a172164a8e8b
SHA512a46fa45da00cf8beb534024f848b173b045a3d98f637b4c5e71fa181a758c2c1fc3ea4c1bac04bcdd48c3b992303efb6074c0e1739070dc7b16358ea335f841d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD58ab69061bf4b3f47ac499a8d9338da80
SHA156ab5b69fc58238015359085a87c9fbcae4417f7
SHA2566e3bbe3f29c04e017a23c6e1a6620eaafb7e2bd9ceb8529230ff4af9b352a879
SHA512637d4158a53356b36b3b84f68f507b1580fbcd68a6bf555901e792e5a5a25031e036cddf6972f2623771cee27594526d0016d47a6af3607d77e4eba2b43e0011
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
12KB
MD554fe76dec85a5853e51b81faf4044fdd
SHA117e21eafb2bba062a899f4a5c42975a90ba0f881
SHA256bd3bb2a6f4ece175683432ba60ac24f915c76319f2121f0f9175e50dd949e829
SHA512ff8717f25febf2a3dd1904022f386315a61b84f035c2429d5cd9d7a9ac81a089871ec264a849cc41cfa67450e38b22d222de5fb91b9b8d2d341d5152ee2d8872
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5704ea855c845847c24f09f22cba38634
SHA1a5de9050ff1b7bbe29b481405d0c1b432fc28f71
SHA256ca1d597e2e8f0ac3a88114099516ded657debc49ba9823bbe2385ce4722d4723
SHA5127f8890a0e0c473ccbe080bc9bbd7d3aa4b90196da4e36c854e54273476f5a869b68942b9aba93398c643d75973d14f9cfdf68b9d34e3d0c974358d744382b8c1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5c971e71d517058a3ad0243c6462fda96
SHA1bdee6af2dc9e6a5fe068144070dc388535c6dea4
SHA256c8240fb1c690528ab9ca78183933582d7457dbfbca873e44bb662a943915b11f
SHA512ac379110c3b7264aed3dde2eafd0c7398a127bfeb37fb8fbfc7c4726f5c79ddda3d016e6105435885b2f04d601b9e620cbcf836409c6f7d525be2786acf32142
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmpFilesize
148KB
MD5677a0ff99a50ed98a7eea11bd0895941
SHA1c1e8a5a0d3bee909a2d0e4397450be1048b7c895
SHA2565f25d360a551f2dc7b48bef03f9394c7079ed98e1e36c72b98a22b69c878e674
SHA5123e9f804d68b9cc63204a4d79bce94d4de319d769ac1154a272202a95752fa0fe55ad5acbf8168f10190e908d6024df756557055429d7c37ad3ac549b3087b8e5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.jsFilesize
6KB
MD5cdb5a91b7898f75f98e448e80b41dba6
SHA1c749651f98e32a2320d2e52fd467fd6217660535
SHA256ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc
SHA512b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5aaf81da58be71062529de284e4cf73d9
SHA15c44bb3c005db08f3397d4b113eb1e362ef243d6
SHA256246d4bf45717e9f987e5801d988237bf49810b828ded547cd17ad67699c140c2
SHA512f47b0ce8935a5a5e6f925a056b6915945ad868bfc8246fcf622b38c52f3732a73417626aca0be11fd9fa69c8afd02753bb64fe597e85e665607e89cdc8c156f2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD505489ee85134077cdf30433025fec99f
SHA143cd648b2a2029c07f0d8ec63e52dcd3d7f505fe
SHA2560c7e9854827fcece0e00876471d10ba058d601640cca55c6b765a7b214bf552b
SHA512bc029ea7128b7f910a183dbf901531da5144f5786c9c4cbab8589cf4fb91cf59d94be87428a0eef641d814c3f2485748072779ba0c104d89b6ec2c09e92c2af2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore.jsonlz4Filesize
970B
MD500d85de85b538cc63e62935070101a28
SHA1d442cbf6382157a286ba42a68f1563e79e813ac2
SHA256ead8ccf20a7204692170f514da970a5c7ca15e26555b451e0e0b7c4031e203a9
SHA5121856e9069bdee74451b34912fdf1b51a6df8e6af2272de99115300dafdc9c327de8ff95d039f7da8f9ba28972b2e04650a39bf125bed8251b37c10b2a33f4baf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD552da1dfd2d332db7747b41aeeb44affe
SHA14976876da3e75020785b34ffec0ba6032557d309
SHA256d1869cd469726183b4cd85c3d7fb5a97f6466ac10e939c772b0c3f0763864b2b
SHA5128fbac1777be44f61dea963e08f1d658ee2179b1353254de877d38ed4d5ff1de7f4f661f221ff224ee859f169766342687ec0691ce1ed63216d9bd0f7ee0fcd0f
-
memory/3852-667-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-949-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-952-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-951-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-950-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-681-0x00007FFA3C4D0000-0x00007FFA3C4E0000-memory.dmpFilesize
64KB
-
memory/3852-676-0x00007FFA3C4D0000-0x00007FFA3C4E0000-memory.dmpFilesize
64KB
-
memory/3852-669-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-668-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB
-
memory/3852-666-0x00007FFA3FF30000-0x00007FFA3FF40000-memory.dmpFilesize
64KB