562469c75efaa1124ff7841d1c32872d4854d78108457040d568d509ddae69b5

Resubmissions

10-05-2024 13:21

240510-qlxgysbh53 8

09-05-2024 22:50

240509-2sd5qsbc5w 8

09-05-2024 19:37

240509-ybvjlsbb7s 8

Analysis

max time kernel
567s
max time network
1035s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D34TH 6.0.exe
Size

9.8MB
MD5

117599f001a42da3cea2d75041f43bff
SHA1

cd183b9c287b34c1bd1540fc825c36c735caec7f
SHA256

562469c75efaa1124ff7841d1c32872d4854d78108457040d568d509ddae69b5
SHA512

ab2391ca9a242ca0eaeb9eec57bed714a872633f2213e8860e69689680f33f0a53452eea4c271d643ac2e2f43ec7551e7ed67b175969b0446bff89eafba76174
SSDEEP

196608:KszWA1HeT39IigleE9TFa0Z8DOjCdylhY8gh70W8/LeoCZownzbQW77x:f1+TtIiHY9Z8D8CclyhCW8SaUn1x

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

D34TH 6.0.exe

pid process

2484 D34TH 6.0.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2484	D34TH 6.0.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421457373"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000636e494ee88a4122658d84724bd4333b829de1a4b462060844523d8d9dd97016000000000e800000000200002000000054d950e36cab90309129fd3829186dcede35bfcc80b6ca3c5c0e3d93b4b51e24200000007e8b1ed0f71ecf4a6d6cd001f433bc007f39633df34e4bd0187c8a3a700728984000000007e227b8ea848c377454852dda3654ef1419231a75adf5f40d9ced0acb80bee01ea1064fef2a549dbed8a6a94e69589991c5c1b9fb030f03fde094dfe764c545	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d096837864a2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A41FECD1-0E57-11EF-A8CB-6EAD7206CC74} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000bd6d76b3ca145774a27685819638cf9ce68e5d77ec9f65276a10a288194bedd7000000000e8000000002000020000000e946d85621ce59e6a7a1171e5812e8ddb63c83c49b3359b2abcf34dcc192182c90000000f3b586278937b9ebf0d9a3a04c72f8da02843f1546988c244eb02ac48624fea043ef5a4a5bdc9fb1e5d7b7be0fac436ae62b13d4f3e2ad00275057d1cf77b9dabd4527b6573e3d84c28b07d8bc00b9ce116ce104a8f260909ccc9ae23c952e643caa597b0ab6bdb29b9b01c3c4574d128144544addc8557677c625b1d9e327c5abb6cde6af683823f1412335f6553ac940000000d80e866a8cbd11b7f41d996cf595ce892dd49a8f612fb7af5b303e3034e1cbace2dd85d3d3d9677e92404fa69967a84fbbce04b41f11ab9f868844e7cbab889f	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Modifies registry class 3 IoCs

Processes:

firefox.exerundll32.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2872 chrome.exe
2872 chrome.exe

pid	process
2872	chrome.exe
2872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exeAUDIODG.EXEfirefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: 33	1760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1760	AUDIODG.EXE
Token: 33	1760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1760	AUDIODG.EXE
Token: SeDebugPrivilege	2304	firefox.exe
Token: SeDebugPrivilege	2304	firefox.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

firefox.exefirefox.exeIEXPLORE.EXEchrome.exe

pid	process
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe
1312	IEXPLORE.EXE
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

firefox.exefirefox.exechrome.exe

pid	process
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

1312 IEXPLORE.EXE
1312 IEXPLORE.EXE
2564 IEXPLORE.EXE
2564 IEXPLORE.EXE
2564 IEXPLORE.EXE
2564 IEXPLORE.EXE

pid	process
1312	IEXPLORE.EXE
1312	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

D34TH 6.0.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2360 wrote to memory of 2484	2360	D34TH 6.0.exe	D34TH 6.0.exe
PID 2360 wrote to memory of 2484	2360	D34TH 6.0.exe	D34TH 6.0.exe
PID 2360 wrote to memory of 2484	2360	D34TH 6.0.exe	D34TH 6.0.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2440 wrote to memory of 2156	2440	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2492	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2492	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2492	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 2188	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 1964	2156	firefox.exe	firefox.exe
PID 2156 wrote to memory of 1964	2156	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\D34TH 6.0.exe
"C:\Users\Admin\AppData\Local\Temp\D34TH 6.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\AppData\Local\Temp\D34TH 6.0.exe
"C:\Users\Admin\AppData\Local\Temp\D34TH 6.0.exe"
2⤵
- Loads dropped DLL
PID:2484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.0.143883733\575029168" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1204 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4989c46-1cbb-4446-b443-5d0a2cbcd3b9} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 1328 106dc858 gpu
3⤵
PID:2492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.1.422261660\464198845" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5a94af2-199d-4604-ba48-b22b56e10f06} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 1504 f143b58 socket
3⤵
- Checks processor information in registry
PID:2188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.2.2133775577\1976424553" -childID 1 -isForBrowser -prefsHandle 2012 -prefMapHandle 2008 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab2aac07-fa4c-4112-8df0-b31f7900ef29} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 2056 1a49fe58 tab
3⤵
PID:1964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.3.1404650152\1448259691" -childID 2 -isForBrowser -prefsHandle 844 -prefMapHandle 1656 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7292fc44-43d5-4651-9d82-c7142dc767c9} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 544 e5e258 tab
3⤵
PID:2000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.4.656406831\719054775" -childID 3 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ae01975-e2ad-4b79-a06b-3ef14fbe1f52} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 2920 1c50b358 tab
3⤵
PID:576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.5.54498388\1658117783" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3744 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a09e041c-07d6-4cf6-a87d-d008aed9aaf1} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 3724 1c41ac58 tab
3⤵
PID:2008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.6.136883800\196163727" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb8bf58-c088-4690-aacc-c834eebb0ccc} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 3836 1c41b558 tab
3⤵
PID:716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2156.7.1187127427\322039825" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76030074-9f50-4331-aa42-16909fdebce5} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" 4012 1d3fbc58 tab
3⤵
PID:1736

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x584
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1760

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
1⤵
PID:1056

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1056 -s 152
2⤵
PID:1816

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Google\Chrome\Application\master_preferences
1⤵
- Modifies registry class
PID:988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Program Files\Google\Chrome\Application\master_preferences"
2⤵
PID:2384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Program Files\Google\Chrome\Application\master_preferences"
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.0.1553207894\2039493159" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b29f2c70-accd-43a1-b6fb-0709a4cce1f6} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1336 11ed5a58 gpu
4⤵
PID:1336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.1.407657094\120556753" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be04c544-06a7-41d7-ac02-138618faf487} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1516 148bfb58 socket
4⤵
PID:1128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.2.93826903\85052946" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a856a7cc-0b45-4ed1-98c0-d738f838f7ab} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2108 1a6b7f58 tab
4⤵
PID:2640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.3.758979896\843167947" -childID 2 -isForBrowser -prefsHandle 2412 -prefMapHandle 2224 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19971039-86d6-4292-bec2-2e573f91d9b3} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2368 1c352d58 tab
4⤵
PID:2788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.4.1430781632\338827377" -childID 3 -isForBrowser -prefsHandle 3460 -prefMapHandle 3480 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2f08a32-5a45-4281-99a8-3c9e12cf3c5d} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1120 14315658 tab
4⤵
PID:576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.5.2058317960\2031746195" -childID 4 -isForBrowser -prefsHandle 3584 -prefMapHandle 3592 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4974e137-1bd3-4031-9066-186c8a44dbf0} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3572 1d52a258 tab
4⤵
PID:1852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.6.1539108683\1772258628" -childID 5 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f51bd35-aea5-4782-98f1-60f7d52ef190} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3732 1e881758 tab
4⤵
PID:2324

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml"
1⤵
PID:2604

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
2⤵
PID:2516

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
1⤵
PID:2828

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2828 -s 152
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4289758,0x7fef4289768,0x7fef4289778
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:2
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:1
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:1
2⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:2
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1228 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:1
2⤵
PID:3820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1332,i,14179966614081222212,8528565860963293221,131072 /prefetch:8
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4289758,0x7fef4289768,0x7fef4289778
2⤵
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\chrome.exe
Filesize
2.8MB

MD5
095092f4e746810c5829038d48afd55a

SHA1
246eb3d41194dddc826049bbafeb6fc522ec044a

SHA256
2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

SHA512
7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6657b1444a3ae685435d0ee4b9740b6e

SHA1
b21b5a1c1510e4c7ce561dede19cf4996867afb6

SHA256
56f7ff65ab95ea64120437dfe74a168eedb7861266f78c14f81a7663b754958d

SHA512
22c7ee206cac6aadf1c132b78f4e05fd70f69b4c85194e4c101934932c867b08e3d309c375cad1d4f6db562c018335442ee169017d9ca4baf5c98976001488b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ce6d42ca96433fcc61f0e7d9b31407fb

SHA1
90837b3f060885c4cf3df95fc3dcd636eefd67b3

SHA256
b1a32d5b30f0b4bc9d93e333b3855eb8d8319ac77a0766471caa0c32d4795570

SHA512
9bafb4e1a74f7238d16aa4d787bfa111ea9f2dede0e7fd677d5ed0bfcb217ae7f4db818b13eb1d586a65fbc25f328597dd2af36291d26a3f495a7f5626fb8bd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
32018a28796e0b3fddcad82e1d006bbb

SHA1
263cdcb27499e6cfb11c62135b1a4512d3fc0e0c

SHA256
ad82cdd05ea1a2c146f5dad49f0b1fb8f524f7edd28651df751b46e8c5722ba1

SHA512
fa3370f03c4ea03b7c4542d6ceaea821754ea6c218ea4623c1888fb0275325a258a25d0ced1a9f9491c9de9cd4de0621af77cdbda9755a51426f4dceef4855ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c10675a124faa32033ad975c5261da8f

SHA1
daf83380129633ac543fc654eb8170f00bd01752

SHA256
df943c8d43640a87e26b731786772c2fda8ffd9d7241f15490fbad64c26954be

SHA512
1e7154b260cdbb0822056909bec44a8e2ce2fab9b1aa2bd6889d07aab71dcd06df04d7c69718ccd691b492f2b41e1fecdf1036fda1a1fccf38684fbaf19c84d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d7804fba84f807fe5edebe0f7c28de39

SHA1
07dd18a49fb7dd054a60735b91af603b9129f58c

SHA256
4ffcc2be05dbb68669476cefc6b96c37912c542544f91a36468421470c67d6e4

SHA512
975f1ee6747ba5944c25cc2a67e599f8e95dece0f103e8419514581b6043e172b33976a060fc879cef84139bab97db64f44bc886030b86994691ddb369c70906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
daa3b5b48560e620e8d1e163256f7bf4

SHA1
6ea140002206a760c9c0bb6c270b12624b97f19f

SHA256
80bfe5d9866df094778d8209875d768ba89fef380177e5fdb3298dc5649208a4

SHA512
aaa2b220201f1f73ef9f2b813a5a47530a372cf6dd6ba96cf3de305880196fef1fd32bbf5fce77e02974623da823206acee4494c8dec2b1742b4aa22f1ea5e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
74aa0cc804b707e7cd964b14394654af

SHA1
c0a4b58f85856d7538bce2193cf8b70201cf4cde

SHA256
2f21bb272d0ec74c54693cd9b75c6b272db4efe76723fbc067960e453a4d391c

SHA512
c39b17052a566cd09d52fbf223e2820494135522969928754a498e7943caa40cf0b7be4337569d3af20cd387a7f429a47940430bd7feb912cf6234e192156c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
375e8520a39f0052b8fe3b3879f376b8

SHA1
77fae03aa67a9ecbf685a49939207700412d93e1

SHA256
cbb12b752d24f0971723f83e414a352be5fca34532632e5b596f2d9733ebe75d

SHA512
d465c268f75531e8201526fda5f1386f01c64f65579a1138657f8d748d862824cd59a77fbe6035b2283915d0e76b8c389715891a59413df5db431cc92e427a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ec73520f66cd071361dc9a64a3072f8e

SHA1
ea987817be2a71d52d9e518585d27d3ad5551b8d

SHA256
663af92b463004fecfab545f6d1257f0581f7213440a48239e180a2ce77c26c7

SHA512
af7ee1935074eb63f250bd18a48c4e039dc5fb819735d238247a2a1b1d86488611b2334955ce9964ca4dac68adbb6059e0edbe012bde1cb487b526b2c6b8fb44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
71579bd83f55d19431e88d1efd2b821e

SHA1
c963f124b8872fb24e7f44820dda8763179c9af2

SHA256
23a3678735e43022fbc3a6cc466695db573af23414f2d99aa406a2ad87abf6e4

SHA512
78d4547fcaea3a5bd4334d1deab0f3b12cbd3b0ddb45d2984a35f22cd6cfe43facfd3ce28c4fc49f804b2f237e0d3fe929e284a61ea569d4c2d8ea81a1857f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d3dd69a51623a3e1d37be2c3a161d0cd

SHA1
93a3aabc7f3b3069bb926d8c0f2d9c9894234a4f

SHA256
48e54e87d6098a1b390b21c8a54881090899e2efde8146a001bc35009dd08035

SHA512
a88771d55dae31988892524fc831a75f2c9757f5f817c0247ce7640a41453cb185bdd55b180de4261af1fd86df383a7e4844c2c5f01f8d66b321968a2f46954c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
271a14dd310500927f3222869401ebaf

SHA1
16ad6282945af9e54a89fe9348882a8e1293f38f

SHA256
b10e474d0cf87ced384fa499d3376dbd7bad9d2516c3a8ceb6e8d810e12892b4

SHA512
6a57b7c149fae384bd53ea1dec4cdcc6acfc5d02453f4ce8433afc85ce0e8b3069d925c8c21d1313af44a94d29c8a4b854ce8980b475c43479a4b07025838281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e64c20d1a7929c9604da4bf49181c4ab

SHA1
1461ba1b24fbf7b18b6c822b748f71d7b28387a0

SHA256
de5ef2f44066c24afb7d2f705851c614ceb7ee79507935ee8317bded892b4642

SHA512
7d69b80cdb45dd8ac1f7c680b44b3338d33751eff766c850c6b4b74ae48cf6b1235c01ceaf0984e254852b4d9cdfcf13d166ea8c36b11f1cffeea08910682621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
89f4922a7587a9f92f626d7868051285

SHA1
9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702

SHA256
16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7

SHA512
009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
112fd3e8854ed005cd7a690b2dd8421d

SHA1
5bdeb1b73011905ff7a69f3393b029a19a8256f2

SHA256
5486b179e25713cdb596c772a803287bc538cd744317a02a5ccb0c0804a745f4

SHA512
2e51a9b64cb4b35353e7fec2fb2fc8bed068cba37d1e6a558d017786ccddab4c23490200d65c0ad81ba2625e7a8a3ca4d9349d21aa708ef5c4db105431fbdb0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
be23da9540bb794787fb2626b4a03e62

SHA1
e88f2aa517a63edb99ccc2f4fb5ec21376b0001a

SHA256
1b60dd48f02ce104c1b62d67d5304a78f731a181e2c240f017741ebd7ced9336

SHA512
6309fe3d9c4becf12aa92db405e891ad9a2d214646fceb29758b6530909b1f7dfb3a73c063e1427c18254a3b53e7b249c28120f791e37096afdb228fcd328245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
4d9fbdd0520c94b2a7fe69ca59c4cf46

SHA1
31b35a3e1dacc87ad2803990cc4826fbf421fbbc

SHA256
20642f50adff1503e25a2dfac8480b79caa9b6373a6de7b7f4634784e1ff5a7a

SHA512
2ae7188865f25890c7634b77c45f48f5aadd54d4c89637d849f2096fd7e61bd412ea1ac6105d3281ff76e323b7d98f9c508284acb42e0fa55afbf9b1f03a57b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
10b80af7068a73b4292582e9c016d18d

SHA1
be9ebc0f102bc0b2c8cad9516cffd934342f3954

SHA256
6538ddeea493270c6ad0d592a00d7e633cbd861a9b49055139771f4f509199f9

SHA512
badc3858b648121491fa2a4dfdc9d4ad201e13d0c84f369bee14a7071a8a0884ab56361b07b54288c0c09d211fde2ced5b219843df26c9ac8e5519c44d02eca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
11ef066eebf8322ca81cc26d33d37ef8

SHA1
2f7f24336d0a48be935c8fba1bab9aca3afab3cb

SHA256
0b9ee9822e0ef949c26082a9169ae3cc2fb2ee2e6bbb4142e8731bb4bb9dd448

SHA512
85e745bc2500708f40b1fa0f38b420962db45116e160b344d5091c90f1594bdda1809464b0fc2695e46504392c134906099706d00f7cd8e1f6208eb24dbf3331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
266KB

MD5
48a0dbdf9129aba253c597456b4bdf58

SHA1
86982eb19c3a292ab5ea52d70f1b5f6ecb6f4fc3

SHA256
d5e7799aa5900c2a94112abc6919d6e24a20989a324bb8ab9b4677f834639221

SHA512
437905e12f29edea60ebb39c6cab59acf433a8a965872aa39874e746fc4ea663238e6cb9e8114545e82a70f92a04dadc77370f371b2840682bdf0a9d85d0b4d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f5e54596-3c60-408b-9571-4f52c10568b7.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
eb4946c709e4c8d9a068c6a1ea692192

SHA1
65d41fb7b0a8952fd913183f79206bfc7d0a8644

SHA256
3247ee7b0be2b746dd70de3816f34221d9a4c88f411ba215e0cd64fac0569111

SHA512
8d6985a046652e84561cb3ca0aaa7b50c496940199cbdc7e15b4be5f87cf40ed9a9d826bae468e2eb6968993671fa19705ed4b00805b6cf1af9692545ac07eb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
Filesize
13KB

MD5
758db164be9c46107c6547ae2ba34574

SHA1
7ef4ef42bed103848810e6f64776c6985794522d

SHA256
e87f576324b4d240577b6ed6326dd566c8d7fe99feacba594cd0f9b04615ad60

SHA512
00f4027b1ed05ba6d514030b97d5e435be2992faf414c9e14b7cd056b2183c6f459738f6fc2e82708c3cb4549fee5ff3295a2479007d1ae2736d4f87e651d3d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
11KB

MD5
ef527aed30a309a20931e80d97557782

SHA1
22f50a981dd715b4d614be27011a8de50a6b0b7c

SHA256
ea0805c7d8e16a4a455cd9af679d794e3aafbc6fd6bb5b8a9cb798372e37e3a0

SHA512
b7c189f78662ac4303ee510744ac94bfe4e381f5f82c909222a93ffdc022e6743367579de16e25418cbf0e0059c07fcfdb21540083deb19cdaf34228732ae1b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\startupCache\scriptCache-child.bin
Filesize
464KB

MD5
60e9d00650df9831eff9d069fa289bd6

SHA1
eb2a4ab8c870896d5bdbfbe9a772639e0cf23e3d

SHA256
8b488a49787359a85eda28a1965baa865a72270cac1368543ae88ecbc2785fd0

SHA512
4390fe1e31df54e60f5f762534c5156285358cc3cceed50aab22335f01918ef3bd33bad76770a546ca0f60ce79f439bdf168363a250932859187b6ef5f031101

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\startupCache\scriptCache.bin
Filesize
7.7MB

MD5
6e0d6cd0d072b5bb0e5ae7c89bdc4f11

SHA1
58547781c47fe8d54147528751b88d69e1570394

SHA256
980633831a27d497385014ac6dde398470ef217ca1d4b1a5e5129f93819554a9

SHA512
6fa8cd3cb154b7a4389df4ca26e0c8516371ce4a17e0825c0ff2084dbf661712d0550b42c35b50e9e30ebcfe844e1adab052ea5e9182f9e8ba5e6fd05fd718d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
3324e945e453eb86d535945c68813d48

SHA1
fa2686426a662a89a5d9508c3c6fd77826e6fafc

SHA256
32471e3e7592aeeb56144e39d248bc75b90d70dddf9c733c31f7e6e5de96ff76

SHA512
8eca36a7b9d21ff11cfbc2e6a2be1274089a748c395a399687aff0030666b1429cb46e3fffc8ce2b81dfcbb256f51e930ce506dcdccb69227f7f77e65b64d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab72C2.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73B4.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
448KB

MD5
2175499dbe75c5f2c5ea898f7b47e694

SHA1
600ddd74da18263697ca9a96bc8014334f2f0c65

SHA256
8924a14ba23ee71d286888b96763038852b7bb0ada8d6d66ca7c49c29203f277

SHA512
4a677b419747d17302ef2a4385ad662b97df5040117edd4c6bcd47600b24f450e15d0f0cc87e733f3933e4de4efcc1af17b8ff50ea9e79d09de79351d40ee71d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
a07daf6f119ca9efb67219e50b7c6a4d

SHA1
f6ef2db064d6bf7eab6a483bca43d868f1ca86f7

SHA256
c78db42cb78972bfba004addbad0a2903c5454ea61e2669c5baab233d1e7d010

SHA512
1b10a1a43beaf1c6623989b6f975e5c58883bdd30b044287781effcee08ac35ac2964587df05bd2463f89c86e5a45e62d733291963a98ebaba40c9051c128e19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\AlternateServices.txt
Filesize
163B

MD5
82417e16bdc277790f057756e1d01fa3

SHA1
43b04b875b9ff1966384a36a9855dabe638c625f

SHA256
c4bdb60323e8d10f5a4ae3dbd8f714c9d9691412e9f2ccf89af39da3c1351692

SHA512
95731ef19ea8efc2ae3a3d25331a2c336788ed1eddc0cf73f401cb88282abc3af11875f7dc6329cb54c8e45c034959933e34a60278cc7d20f93708360e60efbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\SiteSecurityServiceState.txt
Filesize
324B

MD5
c0d5c0417ab79765a64116c81dfaee83

SHA1
417263e684d81d4f371f8234b6730b30da41044e

SHA256
6de2a16d4f57decf4785543ee8eb1c6f6fd77eecefc30c4f242d28987588ae17

SHA512
cde597dc406e7e72dea0538b085e9da7498ee3bd4346ed2c2b3f57c5cdaa9b74fba94a5e9f95799665d5c54de4cc84bad02f0b5fd46b3306438f4d39dac27a46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
0018f279a542c36c2383cc3a40123b74

SHA1
3ed12fb835604defbc77dd5e5742d7cbca09565f

SHA256
d5d84d2e6a7f4817efe5ccaf036da3e05c09ed29b91d47f2b29d5cacec982006

SHA512
60162702825911a05c631afbe72a8e81ed81e10fb26240aa517f0e43c638987742308460142b9d3f85cd0945bc3d8a381f0151fe5d2bf74f9eaff59a1e1b46ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
c5ddf91a75615ab8d7f5a8ccf2c555f1

SHA1
43250d8bfadd30397fb5a95c8d58696a095d8659

SHA256
4e3768129741cd504b66bb0f42b81e9c1513c68482a02908164fff0da41c0f56

SHA512
13babe547dd67b3fe85aa70cf5e5ec596eef2c0b04c44f3a653f98b591dc84621a01b11681fc3acbfe33a05662caa4bdc3a44e3bab02ecb6602aa3d51c9a4d79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\bookmarkbackups\bookmarks-2024-05-09_11_JGLvmXDEq1qP6i79-t3V1w==.jsonlz4
Filesize
944B

MD5
7c927a55e7c41e2df325c633126a926d

SHA1
d8f6735382901d3859d33bd5a46d20412a6b764e

SHA256
c5ff6fb521712de73bfa401e03d5c95b2914e43c01c35fa20cae473deeb76da3

SHA512
5ade76050b6ac4993038c46ca5ac80b0ebaee29d5d1e4e0811b990429442413d50810a37f6e4c526779265aefc30561ea0b979ec0c3056fff9b2d86e9459a0fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
1ca467b83b0ac65e73ebcc4efefa818a

SHA1
e28d0891182379ec50c73f93ec704a25600ce9b5

SHA256
45ff6e4b6e4b601041cce0750c0a8432da0262ff1050438953cd5d48e4baa962

SHA512
920f48ebb3d919062f108bf98c70cbea3f36dd1859c87b955bdb5b8f7f82b83863dfb3ce979ef9edddb898e3171572ede77219b71bd1dcce37dcd238d94f0ac1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
Filesize
4KB

MD5
b23bd5297f75e1ccb51455b234d64750

SHA1
08196a1b64262e2e1a3ca40b6312bc3de50ab621

SHA256
61eb536e6c0ed871d87973824b90be69aaa74ae5a54e2b6a03a104c1c7f576cf

SHA512
4bac2492bb726697aeb7b076c0268b4080643f10187575314b0793007980df7d740220cb2cb52098435ced1329692e0baf60fa9c7f3467ff9852b72488522ed1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\b4d5f3cd-03e3-47eb-861b-254748e8a2de
Filesize
745B

MD5
9109d96b434d81238c4749bff322651e

SHA1
94492ed55e574787a3fe91a5aff4bb2c10db21a0

SHA256
cb7df57b447b07e5c6e8a03161b65f9bcacc53715b09b4afc36333b61a56109c

SHA512
a703fa1095581764947621799a03ceef3a5dee5b08eb18ec908761c2b6ec28aec051b2225792ba4884787cb5814f7a86b9d2fb0be8af0ae5152857df9a33a4ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\bea38fe8-cf56-4e74-a07c-a8e394b66757
Filesize
656B

MD5
d9b69d04824ebcd0a0436b67f4634dc5

SHA1
526972e061526ee7ad5622981e000781d2165fa8

SHA256
5356aab173a3baacc46c93f0d5fde13ce541655bc511878888e86e56d26e8925

SHA512
4fcae2e07b1401d1750ddadfb1046c4a4ec7cc74fa6ec82f3416ecba025342db87ed04641db175e4e7f9ccf87470ea94c59cab806b7778939df7f8ff704974fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\f774f020-eb68-460f-b601-851fb0f51892
Filesize
11KB

MD5
58697a1ce72542a6855c1de54ae7dc2c

SHA1
6fdfc2a41b0cc8f28106fa8a5638a456e50c27b0

SHA256
aa2d1b48bc0ccb5b2a8d9112d3716886d7699054c228cd033972e7690d2028e3

SHA512
96475e3265c98171284869241c1f641bb42a78f41d1adb689f5bf4e0cbbcb90730b743255e6c915d5fb5ff88254be79364b1b5c24b21ef2ed4fa9a0ca9d28df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
2.1MB

MD5
0d76adb3e177eade43d8e41fa5aeff5f

SHA1
ef965bd16eba46d838c6b836b6c3413046b28301

SHA256
e1d2ecc90429dc39dff85a1c67ce36a019f17a5c033ef30064de4f49cb8ec82a

SHA512
814959b53e5c429a3e4ff954209ec44e685f532973acaac7577b4e3b3c542564f9379f5412063f2265c073d54aea3ebccd15921f68e32ecf7dc8e25adac86e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
Filesize
6KB

MD5
15057dba320af73f4d6a0ad5fcbfc34e

SHA1
a9b4720c7964fb7ddeea0591ba01a5077a74a9cf

SHA256
5362b0029725fab12684c533e87bc0a66b738abad18cd54a2c0152dfe04b127a

SHA512
55416ae044580dd5b6af58c66602b264c628406fd741262088e77035e05fd6486d7af6397536d0434286360f48cd42250016f0e8564ff4bed04f4293cd280039

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
Filesize
6KB

MD5
42c1012a56f1f7460a89d2a27d80c4e0

SHA1
292fd6bcc3b501744981a2595360384f39cd7679

SHA256
4d8c16a3d548ff06467be278796f3a2e4d40d3f1447ba084b7403ace46238a85

SHA512
74ff4ef671e08ea752f9925239b459aab7aec8f60391c49c680b17ee489ec4eba8175f51ed7630315f6d16418e30cde9dcbbec704478c3d414942630e0c3db1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
Filesize
7KB

MD5
9d6f21797a0025a5eb744c1e1e5321a2

SHA1
b2c67e47d9963801a32e77726a1c2ff491dfec13

SHA256
3fcf14378cacc6e0d50e1b23f5d7286514fdfc5dc85514da30a37ba014e392df

SHA512
aed7c669b1ddbc4441d1d4de28493236e2912cc6a296f2faae458e79097a06090b93afc574ba5f3f3e725b4eaf1a2d3f576c497a71776b3a4c01522c0c82cce9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
Filesize
6KB

MD5
506173eaefe87400ca77cf7286fe6796

SHA1
76c6013fae04a587fc2fcef8e334ede0402df82e

SHA256
a45c35615e3d2c7862ee4002a3e32d160b7f510f62fec7de8c50bd7a7a2fa6fe

SHA512
466184d5ca6d6964b78afc72e6c5d84436a7aa991194ff0150eee8f5cdff6c9b8e0ef57cf7b9c16be84e2d1a007e201dfc077e300f2c3d5e8c189615a7bce588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js
Filesize
6KB

MD5
3bd8ff05ccc531d1565057468278642e

SHA1
7c4f637b360a681784df1eee129c420731583626

SHA256
20406c8a2d46813270155acf7ab799b030bb584ea1cb327720e9d140f5481f2e

SHA512
788ebd1888e332579bbc14fd2d3466f505ca48831c3018ac9f8367916f03997c0e2b977db8b2d88f297129fdaa8ac7b59e671664e7a310d3bc8082db0a932381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js
Filesize
6KB

MD5
3cf6a9b3f05d612d74b8c7f030867981

SHA1
a276f18a3720c1d0f35a014c4ed11bd633be2642

SHA256
0c6691fc3ffb281e1bf0a9c094fcb4bf7ee895cc42c7e507dfd9c7f4a5c832e4

SHA512
fe9cc229e8ce32863ba1ced0b945fddb9a8971986dbe8950a7aaaaa0befb29f355edaf27f37d97072d10004ac3f3bf09d89b991d73889dc206f17348cec1af7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js
Filesize
6KB

MD5
ce214abfcda8f5fa061fa13f19670d5f

SHA1
5c014dc5594e9ef13d2616e739bb98dd9aae7c1c

SHA256
642b69a33c2caa404f4b2eb206e2f918d555eb34d44ed59f51cafd72b690e35b

SHA512
8a66c5d81c2c6a70b29536f0ab1cf38d5a128541df1b205f0afbbf3a2bfcd794eb990834777b3750789f43e71942d4d398412db662170d205643f90530def15e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\protections.sqlite
Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionCheckpoints.json
Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
4bb0a74ca40fdea38cd1676fda5877c1

SHA1
b9e7be8c7f40a125ccee888ba63e50b2c74d0e84

SHA256
c66dea115d9b5c13b368104f64243591fd65a6eab8927c0762d435b0e08ac965

SHA512
88fce81585bc300666ddcbc654ce59d4299ebe3686926c3e0e877801033fa087fc27260ee7e55de52a7195abaf8f71caca2327f33ea8ca5f6c4dcbe6d2b703ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4
Filesize
832B

MD5
cedcb4e80dc2722b39d078adaba642c9

SHA1
f604115c20189b1c649c16c4239f4b8aeaab270f

SHA256
47b21bbdd00c196eb98ab1e765e42ddfec047d6bf1ec1a39223259aea169e322

SHA512
aac3c34a8bfb947999a0c8bc29ae40a9b889c24e0dcc6c196d70a6b26a9a3faad239c9664da91112f6f0655c4c751bc2ae6a1ebb62241917e5a39435218e7c35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
eb6af34fb819ff31cbcebfa3bed023f8

SHA1
70a0a94e3e3fbc16346dbf9b46a6519433c2cfb2

SHA256
3f3882deb5cb25e7341de7a351adb247e89a538c3976a97210c44441f20883f1

SHA512
85eb98f5fe5d88b698e9b012420fb3f7471ad8b82b7f1d09b8c48950c4de2ff0bedda574867450517c9d8131382f41034cf8fb78dd6692afefd99f4d442f39a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
34c1f8f2b0b208a8a45aaef52c20dc68

SHA1
e1e380338a1c1fa620c9182c5a67cb0711a462fb

SHA256
7be1932aed2c635d0e6bed875146cd2cb8eb697c1b84fd188351b22b07230e0b

SHA512
5385946379f95378bd941f7a0ede15e0128e4de1c979dd203abacb26553a20386597d2936fb7691a1e90daa25e58b6768da7c1f260d24d757e636a8c02147630

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\targeting.snapshot.json
Filesize
3KB

MD5
2ea5b28263a98caf9a3b31570bd3c93a

SHA1
0498cfb0ba37ef489eea0eefafb1337e12165c15

SHA256
900944ad7705fdca52ae21544fcc2505d4372cc1aefdf0a4528e427d09303150

SHA512
9daa761a1b35f21c7c5b1cb428fe6c84729f6065e642365d506b5afb0bf2c2719bb3a27b428409b09127f38abe588aa7899b4bdd7426bbc2803042636b62bf73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\xulstore.json
Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
\??\pipe\crashpad_2872_ZRMITJPUKJYRAGHX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit