hxxp://pushimg[.]com

Analysis

max time kernel
209s
max time network
209s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/04/2024, 13:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://pushimg.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583540456104832"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
680	firefox.exe
680	firefox.exe
680	firefox.exe
680	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
680	firefox.exe
680	firefox.exe
680	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
680	firefox.exe
680	firefox.exe
680	firefox.exe
680	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2304	1448	chrome.exe	73
PID 1448 wrote to memory of 2304	1448	chrome.exe	73
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 4632	1448	chrome.exe	75
PID 1448 wrote to memory of 652	1448	chrome.exe	76
PID 1448 wrote to memory of 652	1448	chrome.exe	76
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77
PID 1448 wrote to memory of 3176	1448	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pushimg.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeab689758,0x7ffeab689768,0x7ffeab689778
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2616 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2624 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4304 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3968 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5000 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2748 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4252 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5124 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5824 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5056 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5764 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5704 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5152 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1572 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4136 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3128 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5084 --field-trial-handle=1784,i,2668074080036624750,14249436643226141096,131072 /prefetch:1
  2⤵
  PID:4144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:200
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.0.1511336625\237732118" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356fd087-06cb-4232-a49d-83b3bce78cdf} 680 "\\.\pipe\gecko-crash-server-pipe.680" 1796 1ec48ec1158 gpu
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.1.437220625\468011878" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6bec2e9-9774-4210-9c43-0f4209f3f1f0} 680 "\\.\pipe\gecko-crash-server-pipe.680" 2148 1ec36b72858 socket
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.2.1418163314\951420772" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {544e2c67-1306-48fd-b618-01b3b6ff4f09} 680 "\\.\pipe\gecko-crash-server-pipe.680" 2864 1ec4d19be58 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.3.894379320\375200790" -childID 2 -isForBrowser -prefsHandle 3020 -prefMapHandle 3128 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {484481ce-4836-4396-ac30-d7069c4e32b3} 680 "\\.\pipe\gecko-crash-server-pipe.680" 3356 1ec4b5e2058 tab
    3⤵
    PID:2932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.4.1907081007\1464765953" -childID 3 -isForBrowser -prefsHandle 4224 -prefMapHandle 4236 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d438821-7390-4606-b373-c3402a3ac9a0} 680 "\\.\pipe\gecko-crash-server-pipe.680" 4312 1ec4ebdf758 tab
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.5.1466824195\1774519211" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4a1785-2bbc-4a33-8b18-88e4b93b8345} 680 "\\.\pipe\gecko-crash-server-pipe.680" 4876 1ec4f2e8858 tab
    3⤵
    PID:3512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.6.941878961\1555826857" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a68923-74fd-441d-a8de-3145f31994e4} 680 "\\.\pipe\gecko-crash-server-pipe.680" 5004 1ec4f673a58 tab
    3⤵
    PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.7.1498970285\275994526" -childID 6 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b78532f5-d258-4155-8fed-1550778a2b9d} 680 "\\.\pipe\gecko-crash-server-pipe.680" 5192 1ec4f672858 tab
    3⤵
    PID:3536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="680.8.1943009641\1148533020" -childID 7 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a3a0ea2-7f17-46c0-af34-1b2062e7e563} 680 "\\.\pipe\gecko-crash-server-pipe.680" 5224 1ec506bc558 tab
    3⤵
    PID:5156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
65cc56ee372407267bb718be014b5c7e

SHA1
d2a379e7254093cf07859200822a1b5a403252d1

SHA256
1e8af84e04568d31b125c187e718afc0434f250feae50d0756718223bd9d6041

SHA512
b75f4a096e9d058a51b92e5d014660b13b018616f17f721cd66366a8a91cd1a1c5933b0ab886a6454dfff6b12e3bfc35076d554be8fc0c8870e9fc10e3eb7ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
7ecf510784a454e4658bdbe3016d8147

SHA1
e984e168f1c7dc671af0320a727257a811e12b8b

SHA256
e439971c6b8d335367d5d215eca8f3efdda435f6bd8ff98efc64fa365a9126ed

SHA512
ad248cfa8ac2c10ff93d9baedd822dc54abf19ced28896eb68810d609e7cb532d7596744fd08cadac941051fcfd4ad33ffa0a57066c466cc4d93fa845608b98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
897eba576bf1d06e6e0f2714992b4c5f

SHA1
40e4cf67c875c3a61fa63a36d415cf87e3867544

SHA256
7bfcb32198f718e9eed34efff807d27a5c11709124de2a1d5976fc78a7cef97f

SHA512
aebcb9e04bb506b1bb2b6239936b5f753fa68e1114eab552b580bbdce13962733636b3d1bc05ef88422361eabbcd087987367e803c4c93f2e668e223fcc63189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e55cf6b79333f8aac70f0e5b731b6344

SHA1
827d7f81455ece33533ca7376c0fa6bed71fdb33

SHA256
c264ea74fb566b90e2b88ee79de872796d5b75df9539f3a06fd2632f3d8e6a40

SHA512
f7188078cf19f84814f327c6ac8d4ed1675bfafd78deef9ea0138ac9fbfbe1cb369ea06f5fd90057124131c33953d30500ebf4b90193605c3a338212d60f42de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5ccfecc76606a1769b1b6508dfc066a1

SHA1
d40b5acd5e447779f660cc27f00cbd63d9ea6215

SHA256
58e2f1c72e5720faeb9dc30bc1ecf907e31e2dadba312ca179114a422eb6140b

SHA512
1462180b8f797970ef3444bf4a5da6f9f27ee752d742060cac0b15ea224b3fabedd858736aa06ec925c325df1f1231648852d168c2456d5e64452be03236b76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a559483c7a842d29b94d20a95c42217d

SHA1
cfbe1044324d19661e15b6ea7d1c76ca5f188ca5

SHA256
b559db07528b9ead045b2953da32831a74691114ce2046e3d0402f759e0b75ef

SHA512
687ef06833b3b870f4f2965bcd18d37f501033c015c37ff1a40d156ef6bfcb4cf54e2bc9e181bf08eb770006524a628a50b01b151aa9d4e0ed0b7736aacf6e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
07a20049a06ffec4d7bb91e1fb83176e

SHA1
538d1cdd4bd5d5ec49eedb84225f5b858d31f066

SHA256
04112d82421cb133706e8cf7a8b91d83c8193cbdbe362c0469384794256e2c06

SHA512
eb6f1d35d9047bb566aa242c7862890a1272a8db0f102b1ef021a6dbf879a960df63428a91d33c6ce4d458d3ed767ccb5907d3dbe275982350e522d5d7172b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b8219006949e1b0443cc4b83446adc8

SHA1
0858f4ec984bd96bf183f2fe0a5046282f12f3cd

SHA256
23297ff921969b5ffe0e8b4f0ea3307bb1181dcffef412ea74f063e4a7530547

SHA512
b4588f80cc02baccbcd03ff2a3f33e1a5b51461558d852c9e5b4c76b827fc43fcaf32bd42d81f53613282e6e804883163b77db71fc0a60bbc9124196d25b1b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe902e2fc8ed2dff358a958584e6c541

SHA1
654a618483a24e98e3c047dac74817c3c8cee732

SHA256
78a73bdbc6c107e34a8909f96d5212554a129a65e53ccc1ddd18bebe471053a5

SHA512
11f2ea7aca3552255fa571826569a523f32c51268016137cdf535bac59882ba20ec922da8f93afd7dda953dac539a877f294af25bce6d6c4ca25a325ef8e6a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f2acd7fb56aeb9e950f995d6675bc653

SHA1
51b21b72604167e0816e85e72c3657caa13bf6af

SHA256
a1051ce41441bb6a57512d240e7624eceda2278a370965c33f5218c6544d9211

SHA512
56deadea966b16a9ba12cc4be1ca191b438a659242418b54944fd56757847a72f668b719f6287a601fb701704673cd2161d9102b102008fdb18b1ad28751ea85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
547e3405b96c4dbe89b3af30475248d8

SHA1
d1cbf45ca323e27aa99da03cf662b80493bd8730

SHA256
3e61d3bb88dffde024622301c8f37d78d91983c8dd784b7e5b249d440c9d10d7

SHA512
7982428bbf6414be9b0af6831958ebc9c92f0ff41eeda0689168de395f2d05c99c0a2e38fee557f663013abda807da82e1997d16349e07c5255aae231dc81e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c0fd09196571f8a086f5b8a004f2ad5

SHA1
59974e2e8f2a9aa0b26650bd4214f24aa0b83ab7

SHA256
c0acd09b6158d7f984d7e672be9f77c9e61bf5721c0ee7ab67421531b1957e9a

SHA512
58c8c36562370a99db27b044a524dce996d890cd9cb3c6a60b76c9572c3cf05685e03a899b14bd394b67264692091307d1d4c08046f3530cbdfafa306ab48f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5483b3bf6f4f9319bbaa9193d0a3fe8

SHA1
2df21a09ca77f2777b19a73d8cc38731a4701e45

SHA256
b39fc8c1e2a17a76c9c3b21ec98c815af1867404764833469942dbd74babc2c2

SHA512
bccdc475b48e5baa9b1309b9fcebb97e86ee683e318def49e5ba3000a26647c63d51b203a069af509102e15b5d8b29cc129caf6f36bd59cee8f6e9f142d2cb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5739a9d0945d8e231779016e381b6df

SHA1
6e56af8039007c984f8af963a8cfe56cdae35fe8

SHA256
cd2a1bf44133955783b7987ec387adadf0d2751623b490c7e7c2c15f1d291ce5

SHA512
9edd99ba9c878b41036ce19e684021484a44951236005fcf6d94c8324e81b955bcff2949bd2bcbd70a34bd231a29c40d4bf50bb6340e65d4ba8ea18b836208f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0cc065c35efd4df4a27d76b2f1513c7d

SHA1
37d98e290995a3d94bb5827d520bfc4cbb04c32b

SHA256
63a9c6baaddde60757c1783393220dad1d781e8b478edcbfab9d4b298c463b53

SHA512
2d28232442f62d9850b84dafbb369981ea5ecb1463c2ea7b9b87ff770c721eca621ac92a29a189fb1ba9261838733a005e05d9547eba5c958e4f3512c4d3117a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
15f26a75ffc88adad46fb3f3477b35b8

SHA1
dc8f0f29e6402610365343c125cbe135452deb9f

SHA256
c16739aa92aa1a2469c81adb864dc11e9ffd219dc6d38b4938b96b1433cb7a2e

SHA512
2cc4b812ab86affdbc8a054857575b64233ea52afb43c2b2ab6bc8f293bddc7223b6568086c43ee28f1da693f4d7ad726aba15f47dbd82f7c15557bc4408aa12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
bfd28f458463104411c74f1fc324cab6

SHA1
9d552cdb41c83fc82ca29664832fca19520fb6f8

SHA256
8da640bc103bbff97189f6d8be935c63a775fc2c9df311334ca193f39911b5e9

SHA512
663cf586e4f64973934a22e53cede53e6c78684cdd0dd0fd9f1dd288c4bbb5960394d065b59e3d3804968bb6e3f5d4c877d041c40b12dc931d2e732fc796decf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
e06e859e1f5d52a466890d756233be20

SHA1
e1c46e4640681723ed39991aed532457b7d85649

SHA256
c3e4b020b58b1dcaf623ce522d12c279510d4b7fc235100a09039804ce717caa

SHA512
8e883bc4e05dcd955b1d50a3ad48ca316ef098a959bab4657e02807234128c6b32e9d84753ea88083bd68ca1b5d172f85ece8d298b4cec4364f527e11f14eb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
0a07f65f2f5db7c471724e302d90cf32

SHA1
dba4fbb817359db67012ca7a93bb60b8bab96f7b

SHA256
0634a36b1512958d5e62c9ac377e7bb020bccafd6396db24cc5820619a9c6a81

SHA512
fb9b14c5e9fe18cbb8668748afb23ac6765eeba83ceb1892c49d50be49eb630084a9e164308b0a1b7016375a78da0d50b4850a538cab24b1c2c3250d7572c9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
60297fc33f66e92be435927de8a3249d

SHA1
3679718d03e29143314c2aac7f0c98ca3fa7d365

SHA256
09714ab4d5e2912ec1b7e8c755e9bfbd84fd85b341ef1b50dc0b02a997b94fd9

SHA512
f6e6790274e96882e436a181164e506de19fea8784fb734dfda792a6e9bac818b1c1fe7c639f1bb5008200c6c6e045147a91b5b023ad5804b6c4354862952acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert_override-1.txt

Filesize
497B

MD5
ea62e75d687dddc4aed934b928411775

SHA1
f555ff0178f82a264903628d4a0104a31f6d00d4

SHA256
f0d5d4c84265c2a64a1f37e6654eeceec295e953c1e45c52a72e8b10ab568e24

SHA512
b9a78fc983e0aa85ac003bad170fcfc940979a306f8861b681c2081875d6c29b5c7c4407f821ed508cb2f49e77118b527245d7195846d94b6f700b4c2f70dbaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
65589c28ad1ef3474f8f7233a0a40ce7

SHA1
398b55bb81da3f60510880fafaa9ea79030b68ed

SHA256
230239a42fad8157bbc4c518ec8941b4f9ec63815ddb42cd1ed8f3afce9d4312

SHA512
9315b635f9e10872dd7af45d322c7e9879026d1683ac60cc471bd84ef786f06d1c7a5b05da03831c09e1acc26a6b89f5a624de255c2cf35bb54c09143253027f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\51135453-e243-48dc-a2a7-6dc513352553

Filesize
10KB

MD5
e54e969233594503ab7a7b6637d23e02

SHA1
96f06f3cae09d9e2b1ed0914eee91611806ad801

SHA256
e47b6dc923da4b165eabec944987eb79e3dda87858f1e9697b008d1a350b0d95

SHA512
5a00e5d2dd1e74df7b96da295feb05834d2fc2ecbfa3f274f2534e3d8d11716a8df5808de63542d67b4ec0e680603a3135bdc44204586d552fe02eea218be2dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\88350e2b-e8b8-4f8d-a89e-b6e6c1a0907e

Filesize
746B

MD5
5eb9e2ac0c19d9ee359543881bd92a92

SHA1
43b43f329e52e539c139f81e5b4b68aa183e9b7c

SHA256
fff7e5254467534fd9c4d67a9023dada75e73880607720f1a8a28eed7da394c2

SHA512
9dc8c3cf7740f0a75ab0bc06a7ceb7461cad1b6800254016ea638a65226b194ef2212bfc15ea7b13ad142f141ab36020f8658cec9a1050f0d4109c392e2c76cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
5f486d141615df4b3bd57801a263a1b5

SHA1
c735843832de9954cd0cbc800d5151fec497c8b1

SHA256
bd2ccce6a3729f9aab3970972a6580414f12cc2a5962f4b50463702c1f90510a

SHA512
c9d7aff65343eaae20a8d3a2c3ff94f0448887bf831341f0c3ef715a0cfafd4a44170f78747d9fbc351cbec483651ec7ac1aea24931877ae48937da67bc459be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
87b0615926e46b7fd01a015988fbfa9b

SHA1
764faef4853698e811ba04b90493c5014d3033ef

SHA256
df7434c8490a588c921f1f556f512db8010e9c13e23a4cb4e6dc96e15c61a6ed

SHA512
8410153b008322b34582e44d22b884af320fdd289191be3c36a9543ec093a8868d983140b8cdb39e8173b4924cafe94713cb7f4bff04c857895ec415d594be28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
38ffe417c5b4747cb1b8089f4fcd3809

SHA1
e5f710cc20624536835ac33d18cdcb176b6f45e8

SHA256
0da677cdb1a450b2a8286893c4e32cdcbfe4ad12dc6a438a54fad04685fad64f

SHA512
a818fc7ce985c58512d26e47f243f3161887f4c95de9449daac8122c4cae6c236ee6a23567e79a64a059aa834fcff5a286ff99c1734dc60cdf09e1de283fa311

Download Submit