Malware Analysis Report

2024-10-10 08:01

Sample ID 240611-tmf35ssgle
Target cd57e4c171d6e8f5ea8b8f824a6a7316 (1).zip
SHA256 7592ddc11fa1d71c84929ee644b536e7efa7d34f9de87d72be227c6afcda9ea6
Tags
execution themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7592ddc11fa1d71c84929ee644b536e7efa7d34f9de87d72be227c6afcda9ea6

Threat Level: Shows suspicious behavior

The file cd57e4c171d6e8f5ea8b8f824a6a7316 (1).zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution themida

Themida packer

Command and Scripting Interpreter: JavaScript

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies registry class

Checks processor information in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 16:10

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:42

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1592s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\index.js

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 129.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1609s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\index.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

361s

Max time network

1612s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

519s

Max time network

1598s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\karma.conf.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\karma.conf.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 98.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1589s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\utils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\utils.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 98.83.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

494s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\forwarded\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\forwarded\README.js

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:43

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1576s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 74.83.221.88.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 144.245.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:46

Platform

win10-20240404-en

Max time kernel

612s

Max time network

1590s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\node.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

392s

Max time network

1593s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:42

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\implementation.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\implementation.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

312s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:43

Platform

win10-20240404-en

Max time kernel

375s

Max time network

1586s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\test\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 160.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:51

Platform

win10-20240404-en

Max time kernel

311s

Max time network

1592s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

520s

Max time network

1609s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\debug.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\debug.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 98.83.221.88.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1606s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

516s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\router\layer.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\router\layer.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\eval.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\eval.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 73.143.109.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-define-property\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-define-property\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\response.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\response.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:43

Platform

win10-20240404-en

Max time kernel

614s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.185.200.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:41

Platform

win10-20240404-en

Max time kernel

614s

Max time network

1584s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\browser.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\browser.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:45

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1575s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\test\GetIntrinsic.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\test\GetIntrinsic.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 129.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:52

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\test\index.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 129.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:13

Platform

win10-20240404-en

Max time kernel

155s

Max time network

164s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625958900688822" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 1836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.0.236406121\2002370401" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f498cad7-a1af-4425-b02f-469b4875dee2} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 1764 203910f2858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.1.473683420\659185227" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a06817-98a1-41b6-b79e-5c39b4986a91} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 2104 20390c3f558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.2.1676705127\533937876" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2876 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62a385b-a9c6-4ebc-827f-dc72323c9849} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 2852 2039105fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.3.1691752130\1701594332" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05d15e1c-83db-411e-ba36-0b325b18fd08} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 3040 203959e2758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.4.871750985\1024436402" -childID 3 -isForBrowser -prefsHandle 4372 -prefMapHandle 4368 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18016522-a3fc-4cd1-818f-4965afc8cffb} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 4380 20396ebee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.5.789138903\952546391" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4252 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8385b8-2723-4483-b6c8-ad5c81cf28f2} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 4816 2039755f758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.6.1354073028\2109813763" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f68709c6-e4d1-48b5-92e3-e8e74494becd} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5072 20397a21b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.7.1514558905\992730528" -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b34ee96-c34e-4b75-b0d2-44cab88673e2} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5256 20397a24558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.8.564423217\1132474225" -childID 7 -isForBrowser -prefsHandle 1568 -prefMapHandle 5288 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {775f6fb5-8d7f-456a-8df5-afb84ef20875} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 4736 20398b9f158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff9dbf9758,0x7fff9dbf9768,0x7fff9dbf9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff613bf7688,0x7ff613bf7698,0x7ff613bf76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4572 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1848,i,4194181109051045781,4116013580477010792,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.0.157199174\897393447" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20871 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a8e1c12-3097-4103-8eb8-84c0d85c3d95} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 1812 1bb546df758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.1.283230432\2138558704" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20952 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377885f3-b192-4ca2-b690-471858121c04} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2168 1bb545fbf58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.2.798575164\512733222" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2624 -prefsLen 21055 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d60817d-d5a8-4237-8c13-f41965ef9610} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2876 1bb5882df58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.3.1683169747\1155452537" -childID 2 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06b7df8-a5a1-4e38-a541-cf638fdb8aea} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3304 1bb49561f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.4.1163728454\2146289763" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0394a8-13b6-4454-bb65-6ff641549228} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3648 1bb58eeec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.5.1114779717\1194440289" -childID 4 -isForBrowser -prefsHandle 4468 -prefMapHandle 4496 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22654abc-7fc5-4843-8641-8e038852f3f4} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 4472 1bb58eedd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.6.735052389\1696822977" -childID 5 -isForBrowser -prefsHandle 4608 -prefMapHandle 4612 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4da6d02-77e3-475e-9776-41215555447e} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 4600 1bb5a821e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.7.574802809\1352275466" -childID 6 -isForBrowser -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00c2b2b-ff38-4c5b-bd35-5c053bfbface} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 4860 1bb5a821858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.8.1548881270\1838948016" -childID 7 -isForBrowser -prefsHandle 5284 -prefMapHandle 5232 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31a65eb7-df1e-4eff-890f-db0bc6f3383f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5292 1bb5bd92058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.9.112729272\550840976" -childID 8 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e096503-2447-4a82-a450-e08a0cb359e3} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5456 1bb5bd93e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.10.1743010972\967988377" -parentBuildID 20221007134813 -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 26233 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {346d6ebe-de8c-4bd4-9fce-7980080bd4c5} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5700 1bb5c051758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.11.175888036\997595343" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5780 -prefMapHandle 5796 -prefsLen 26233 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b263a049-06a6-43b7-a7a6-a702f10a263d} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5868 1bb5c053558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.12.1954073989\1049771521" -childID 9 -isForBrowser -prefsHandle 3684 -prefMapHandle 3476 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eb98895-ba17-4049-9b15-c0b5abb25fac} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6168 1bb5c331f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.13.609846240\1409313216" -childID 10 -isForBrowser -prefsHandle 6684 -prefMapHandle 6560 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5d3de60-0ef7-4e35-a222-aea31d256483} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6700 1bb5baf8a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.14.1685951529\944667769" -childID 11 -isForBrowser -prefsHandle 6392 -prefMapHandle 4196 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f739e88f-c8a6-42a1-8024-502967dba80d} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 10536 1bb49561058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.15.199439785\832004142" -childID 12 -isForBrowser -prefsHandle 6308 -prefMapHandle 4232 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8411afc4-97eb-4c55-814b-6b853486c415} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 4236 1bb5bcceb58 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49765 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.42.69.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 239.69.42.52.in-addr.arpa udp
N/A 127.0.0.1:49772 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
N/A 127.0.0.1:50268 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:50283 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr4---sn-q4fl6nzy.googlevideo.com udp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-q4fl6nzy.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-q4fl6nzy.googlevideo.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 rr4---sn-q4fl6nzy.googlevideo.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 74.125.3.41:443 rr4---sn-q4fl6nzy.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\aafd90b9-d50f-4991-97f4-1c261ed0fdd5

MD5 c3bbbe4d00cc4d1d9021268886136b41
SHA1 9cc63067dd379cdf1e33ca6bcb78d70fa26ef979
SHA256 b3fb68e4dd9a7fed202a334a16c6129fff8b96dcbe19ce737c7b2e6b95084d60
SHA512 0aa03dbbc25f7a53365aabdb987a6297709a61c1e0b35db4f8b6526f2690ef2322ab43a4701623b29124d099443ba5952f93f3194710047608ab4c72606d4f8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c5168f85-b312-42b4-8fb7-7320996f5baa

MD5 26891532b4df76ba872875eaa854caeb
SHA1 5569789923432e5db9c0dd9a65e555817f1e2eb3
SHA256 89989811df1af88a7638bc72755e5f61a6a47e50da74e8db0bbd048e06dc264e
SHA512 f1a6b0f732c6138148eecfdf071219bca4e8b1be56efe0d00f10dd782c91b0560ce32f299384f8f69f3a20755d4bb798d33c727bf4f29a72e4028010194114a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 5ec9f69b56f33f0ff2bac55ffe3dc22b
SHA1 04230ec64cc8bdaf358e3f9fb85ed4864d47b21f
SHA256 9cd13d69a7ddabbea060853d9a17923524184ec4b3af62b1581395e2226b2a6c
SHA512 8571ca55a833ff6617caac19c1745a17687cb28f66bb515848d026c2ee4cbe1a32911d8cf1b52c78e3e1b30e8fa1bef949137cf92744d8a1f9435f1855044440

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 25f2fde436fbe2d3c50b23b6dfc211ca
SHA1 fb48bca66d7ac6271c365ffa3ac913664529acae
SHA256 a9aba6aa1be260762fef09cbf85bae4e0ed5ed80dc01a678e9dfcbfc96e8f2d0
SHA512 d10d735e285801cfaf81f8a4d972054b8f87d9568cec293d767aa0f3b4cf019504d88a4e7adfd4f04a385aecc81b3a8febbf1f76380221c05e03a1ea11707052

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0d0013d9708d9fef539adc917f5b87f6
SHA1 5e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256 f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512 851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 d8644a1e832b07925cf2f10695342ab5
SHA1 9a198b28872188d61a4a5f49c1be88ffff39b0eb
SHA256 8118fce6026086955a7e6acb8a6e7b680a7e029f7dd7041be034d1252d15f4d7
SHA512 0709a0a6346bd8caa00df8e88c7db0311e4116c79376a8ad7d06267a82d2b8d7b39ad51d85675f54e6ae7cc31654b8f1b37136207affe4c2aba6791804c960f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7e4dd0dff6cfa653d5fb0630c968109c
SHA1 afdb9db789b74c2701a1ea51169046d48751ed38
SHA256 8c318758ad00036ad90dd5999e0a0418137b3d1ceaa14c6f7ca4625cc705f38b
SHA512 69a90494f041a505b9895b1ae03eec11cf3ce432a3b5607851dbfbaf3889ac7d254f818111a591f05e6e71fe95492664c2eecd6925ed0f9baf23a4f88173e3c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 726d7cd32d0c82cf98ccbaf2d86373c4
SHA1 6d9bab9563983b1b01106b1f6bdd3a04e440a42c
SHA256 f4af6921a43341d132c37eb6f91d9c53805fa44ca2280857de10eb3bb8c0f5fe
SHA512 ab0303d0f70790e916519b8fdcfa1da22fd15494b4030b23bb67ab1d17eb97cb4b316843e2a3eaeb2bdd6892497e2b8a2d5ae061c182be08cb11ab81dfb2c06c

\??\pipe\crashpad_3080_SDATWZSLWSTPDBQL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e771aeb699b5d9fea0684fa4009af2ef
SHA1 be7fe3960a9b5941d8ad3741a3bdc9e9982e98aa
SHA256 b1172d2c9510dc33f7a1ab98aeab1752a233e15de5d47d0d5c7a52546ccca2af
SHA512 afa5524e530ef0be44fa6301cc4a2499c7ccd5588ebff53c0288fec903a092729d41ebdbddce95c729c62024c805dc4dc5f0003c39585227cf167cedb8850412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55bdacc47e79708a03a048c403263428
SHA1 0fb11c27d51db829339ebfb1c1b3c45b965f99df
SHA256 b76d756c02be4bb1b67c237e64566d562c8aee6999426cc0a8894ecf7de4086c
SHA512 0bf6cd2535054ce2d8bb668c368ac205450c91829a824af1374cfd6cfc24c96603e4c0b5f7fbb0dee392a23a2318cffd73eb3226db4c3e74bf8f8ae9dd4d7f47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 6a16cbefd2e29c459297b7ccc8d366ad
SHA1 40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA256 9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA512 6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1934ce79f16ef000e60f57d651074c5
SHA1 75c445da6aac78b4ef5f06d22462c25a5b7df695
SHA256 5ba1b269aed097c876d7f2e61d18819a3e4162cb280d05cff0a94356aac12d88
SHA512 abcd72f5ddc101315b4803e3272bd5f4e94ff37ab84470f9690995dc456575989d9b702050c43da5acae2fc27bd091cd4bab9e0fb872583cbc3ef007ae11c503

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 1fc15b901524b92722f9ff863f892a2b
SHA1 cfd0a92d2c92614684524739630a35750c0103ec
SHA256 da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA512 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ca2db8fea59aa7767a22f46455f3bb68
SHA1 840208b6097072619147c9e5bb8d8f702c3bc928
SHA256 05ece71f61e50570a7a866ca0eb040fa4be09a5a7291fb6746f4885811d42171
SHA512 df17721f32708aac3666e401c1d576627ab8e69401061a88fb85957d682c7ea6c684acf289fdf27e60ec9d695334b15c3885800fd1cb9343e8af56fd96951f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b96e06a7fee4e010a29b208d99208dbb
SHA1 69a1de3ac2f2a436cb6a3d637ab5bf11800a641e
SHA256 4e54fc5f2676a6f98206e8c981ae1c01157aa8806dfc48a926a061f717591006
SHA512 522d89d159d96d52fe75046d667f8867b57be3edadf802e6519a5bc077db8ae397ad7daa9df276deefee89bafffea57291a6616cff5c4966e1060aaa606d74ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aedd008e996da0ef982342e5615ab689
SHA1 f28d9a8828303ea77acf5454ec8f1007b4fb7c1d
SHA256 0134ca9360b6f66e402c7d5e49e1c1f3fa54b7b75a52549d8a34d133edb91884
SHA512 6af9d3f2c253e310807eecf86ef42a386cd7b8ebc7c927f10fb481e12252ae295362ef4d8bb3efdd41b463296662215d31ed576421388440f9d0be31636c0817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aa527784788fbf5bfd1da7d25c38e78f
SHA1 377b40f6340b642528c500cd9f95fa1d07255cb5
SHA256 7afcbe9956beb21f2b393e1e652268fbbfa3600ed4af6ad8ec886b7244323afc
SHA512 89dc655956d11540435ddfa282bd4255c646e84e1581e11f108bab77703f076acb40efbdc9b427772b659c8c04f78b53719a10a05e1f517f7bb555f012e6df2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13c71b7d5e72dd519f679ba45af0426c
SHA1 4248a0b6eaf3e8bdcf9a0cd6d83abd13faf54a3b
SHA256 b2cfa4629773b11590307c3c33e497f5e58c785dda7e662e2ffde08430dd199a
SHA512 2464e6bd96b26235c61ab1cdbfd2d27dd604787b11b2f4cd202fa1c15e21cccbed32b4bdac886abbe79b40178c696e8789d27ff6a6b1491537e37e6c14eeee97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c53028480814fa2d54930537c63b07d5
SHA1 00266fce10a6e82addc98aec1f563ad7b662bc33
SHA256 dbd00998277bcbfd1aabedabc94e9c0ed1b946799825b1d2778ffc9190eae401
SHA512 a17e65745cbd03428c94e293074feaac70900d4c02857b9ac7f1f041eb691b072c081fefed7c6dbb2e2e6f96b7614e56cdf7e7b0d2e649d54afc2ae3c5570f5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 ecb777b1758cec81d58c388cfc5fc0b7
SHA1 0ad579f4ab3c633788495311df9efcf153d79d2a
SHA256 e5e86231b377bff02a8d22f412102b4bdba09cf2516ed27698dc65887a8e2760
SHA512 a86fb612085556c9d22e7691efb47039cded0e363a76bb0261a30bca8bccecd9d6cc28dcbdc780db65010c4142122b3c944103384c54afe9d629565641eeb773

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 7f4db298de535798276333a034c8fc78
SHA1 6149c247401488964c0068be2b9d27e35c0b3098
SHA256 91d39ce9746664abb725e8426a213c9b5b1dab03fc39ae82fb2e9878dd95fc40
SHA512 aac40b7485afd9520b0f272d662d0336dad6b46eb8c6a5c8353825a11348cfcbce26f3935bd52614cd1c151629078e59e5bcac531f80dbf0a077c133af57a595

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\addonStartup.json.lz4

MD5 c50432940b22108ca8696728f0576492
SHA1 7231e99b36152013757d372cff7f0699bb63ced7
SHA256 45d9643f0c530e4190136f7bb1a59b8c39042a79503217d31c292bca4b64a595
SHA512 2cdaad9d449605c4d394efd089149ae5681494aad3376b833825d56df8c661b43b0caaf7edee87868552e41f4dc01d6bef0f5a89abcaba4a57a9ce16def320a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

MD5 f0832224967733af8f5b9beb0daef776
SHA1 8efc7c92fb7bf2e0e33a718a8d6f2b34bc44f2ae
SHA256 ecd1224278eec0e3ae4faf1a03e01716c28891873057afdd840424ecee333677
SHA512 3460ccb889d72b7aac5f9904fe05f1616d482742ee3281eb6edf12af5f728a4c3b49ddea405bb5e845c5accd4b33980863380ed7db46d063057ad7dee0ff0108

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

MD5 05e1ddb4298be4c948c3ae839859c3e9
SHA1 ea9195602eeed8d06644026809e07b3ad29335e5
SHA256 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA512 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

MD5 1545a3e921a3098b76cf6cadccc4ae35
SHA1 1d67d3f30d70cc8f630fa7efc31bc55e54e56665
SHA256 19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027
SHA512 fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cookies.sqlite

MD5 d83ecd75f614497bed2baf833f1c909b
SHA1 84ee73dc63fc668036ebe8dfa732b6886892ab16
SHA256 1a56610d07a627b001fd86f5d63026ffe859eb8fb34dc1a75f842579a0d43727
SHA512 5fc4c26f1f7317835bffe2f5c3407f5a33759a9faffb3f2e33bf9ce69df28859e99fb2f63879a7f8335bbb066622d7d8e8f8e5115f11de7cebec5db310bb9e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

MD5 6b77a9f779399e95d1cee931a2c8f8ff
SHA1 826efd4feb0d50fcce5696111af7c811b81adcd9
SHA256 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
SHA512 ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

MD5 eb1860cb81520e104adba7e6ad5a1dda
SHA1 0184e7720d110c92ee763c69893d7f09771bff7b
SHA256 058d2e3c8a83cbba205a24f36df4df29597883374d1131375cc1dbe064d89d88
SHA512 d5067e86189c87d7cf4bb785a42336f818b6d0dcafc26e5a512a5083546f9197ee741bfeadfdf5994b960f49040990ebb9b0271ccfbf688775da5957ce6fb760

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage.sqlite

MD5 5cc285e58a5f7b6d4685d59ab78bb880
SHA1 146430ea2e5666f9d20dfcba7468004b3581e102
SHA256 67d8a55e09f240048f94832d64e3d00e0392fdac7729f15b037e3be2710c8808
SHA512 9fdd49ece80a2afa08267c8b53a92a60421c1730e67894cad2a5f120e83c526fd506ba865ee5d58adc52134c48928ce62261e227df8906f7fa2ddd41ce542f78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite

MD5 669dfda29691bf4aa1bec0184b006b15
SHA1 0d2bb03c931e91c469d65c276ee7c23a37df4258
SHA256 7b4a80dd62f3bdd70219d3db0dba79b2036ea3298ac44abf3313211643b9932f
SHA512 d3118d83a2103f240ddf0e692efbb01031429c96170b9cde96f2aad42897fc125c488b1a27c031d445a4443f9fdda111e9a90668d007d5187f6b7170cadd7638

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

MD5 b153d42426b20c91f5b6d720fb3552ce
SHA1 7446725d735ea152fa9290f408e9325cd4413e90
SHA256 36278be0e2f9a5d996c2a93075cdd68f78cb73efa08c766fe4cacea93a233759
SHA512 bd3363e7917229ad64e94280bea84030062a55a8ad9922218124032fb9baf7e36ea215b99d79d7fe2a5967cd85b178fac7c1dde2a713715c217e1e793229e7f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 764d9e64e8432b521628dfde2b9a88bd
SHA1 8733fb7827b507131b45368331050df8c33466f5
SHA256 4d0b45fc536fc81b278d36f593192be6bc038c81041eb572f1fb46e45dce4d64
SHA512 572df0a151a0e1333aa14cf997213f81a446cf50a48a72bc27a67397ecde378a05a6fb929c3ac82b0773af8e6e0e0f79ece143350561f3504e01714102110b8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 4c9c221a70e34667d394a9b64d97e560
SHA1 682b463612eb927d68eb650f329d06e9737fa302
SHA256 396dd2be1acefc7134e38572c5a2298fd5dd1179bc7f3930eb631a156e0833ff
SHA512 1708cdccbca80ff075d29c01f79821c13fbceec8bc17d91fda06be3fe77ab68415e1f1435ec74f381022ed3ec05da49c04a66efa06c0bfe0ecc09ba7512915a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\e0677a40-8a2c-4370-bf55-1fddf65473cc

MD5 03ed8326710e0eb32a92b4ccfe737eac
SHA1 889a25ffea9b93dce5bdd8a44d4f14b6c2eedb92
SHA256 09fcc03edb837c4e65f9f1f10ea81b842233024eeccdb3e38259d11e6add4ab1
SHA512 2c200cd4fa0343f2e760a7a848c8e57a70035606682bb6e2da7f5745674dadb18e5f8e316163d5edc8d8cada7eabf9ccfca3eb6c8cc361d9dcb966f569860d69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\69ee786e-a5a4-43d2-b200-2196e0d844ed

MD5 7c772fd2354e14ea2104754d6b5eb759
SHA1 6a272f381649380f4e6364522a51e785f7765c91
SHA256 47fb1347ac51dfafb7c895b75b2bf0db6806b9f2d279d0d1796b8d8a053cf6db
SHA512 9604988b27c6a2577351ef39abfa1415985bccc46fbf246c01ca19b30c78064f3dbf9b4a3e584860db9dcc0f8b3354734ea802db631695aeea52d2210f60747e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 fbbf45b0fe74e8769ff2265e7e5534da
SHA1 9b0e6b8cf39fef10b9a0df04dd6e70abf3c99186
SHA256 accf6f127a7949f78987074943b3698fe3f425a0c9ceedd9e116c9ac38235dfa
SHA512 574cc8bcf810c0c2b32586f990225d9bd1af85021458cdb573c287c72a6e6634bddc97728af34cdabf8fce061edc35375720ccaa772f0aa4a6b23dd70669d657

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\events\events

MD5 28aace69e246587a0154d324714db040
SHA1 3ae8e9d4049d45c9067aa7c7769d0f1913f5fcb8
SHA256 7b425c6a1fba189513c81136e2991d94a42b7e76e6f2140d32dc4d7e42c61aa7
SHA512 ba64893f819486c00f375dcf3ffbd6553565764a5fcb3a0f68fbe2df558b627556ee8e2d21e956833e7ad23d2e4431f9c3e5570bea8d55fad1131dd36c64b20e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt

MD5 2abe40dc040df08b054ed31fef6bac1b
SHA1 95f70c81079119e930f60d90b1609b319364e691
SHA256 8414c30e5b0c7d5831179a8592b90d629ea407e557edd60bef79bf0564e265da
SHA512 6a14ee8533e029c10566eb2da6d7f6ffe3960ce617b2e9504b3a373bd045fc406650b0ea81c64a81d5abaea3c87a8240aaa2a7adc196058fbd4d9ce316ee7662

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

MD5 faef0d83df02b608af1b4f960ec0eb97
SHA1 a47228871ecdea42da9b290992e4d47599b002e8
SHA256 017bae07293ffa9b30f2ec2ddf72e49ee38a4f8b19331c7f1c58f275ed5b7fed
SHA512 cb0a9afe14ca7adfa105fea660c9b15170cbde901caf57c05eee52a0b22b7e0a4da6cb461993112403e8ab218d92add8747d1bc169e3d5bff3e7981ddd245ada

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db

MD5 4af86c8ef71790581d6158df75bb5025
SHA1 2edacf038e644006b272731479452f5c4dfe34a8
SHA256 d8973b978ba5f5695c6ea3cb55a69cc1d0ef7ef3d3d9b46cc67d819f98d136be
SHA512 56e5c225d693d600aeafaa72051dda4799bfb174d8ada2226f22d95543a16f1a5bb8ed1d50f7fface6def93f79fd1b0c4e423ba8332d977f5e2be476b0fd38d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e10f14beb49ef18c63b0d034164e70ce
SHA1 90b57404a350550d27aaab79e8a3042500036fca
SHA256 cd4730c544d76fca5f0ec58a9994996c7f54ceb96da58ac6b1008edfebfb0815
SHA512 b96615f3b588930813641f23a9ded347020786f436381a416c2dca87d81f9f01a078859b69a68ea5e3b2a94e9999e5777d8ad4bc995e5cb9c0f0408f78e71cf6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{5974e272-8cff-480b-849e-a480828710f4}.final

MD5 d542da0ec6c8664f92ca911d66323c92
SHA1 f205fe7fa0c0860c791892c7c649780b937c9639
SHA256 9f4258c0e70fdbf109322c58c6690c34700d41156cae8ddd65b2727c5109c634
SHA512 c54296930a86a478e17cec060e135c307ba09b884c5afc5c1b68adc544b50881dbbb96c01162365f2627cc2f99630fb03ddd43c196ab2eb81fe2466c00a43166

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\idb\1980619603PCe7r%sCi7s%teeendt8E.sqlite

MD5 e70ef2c9509b1673adb3b08ebfce1337
SHA1 799c1bb3d5679866524a3975337114af921c8d57
SHA256 55f16523d8ea7ebf3667a45b581c6a0f3f46106eac513d7f329cbbfc1ab7643e
SHA512 b0e3c8327e128a7b9624e9d84b0643e41b96917d3d79e22d96a34987cc62d6c8d433334c2520d6732d954757a0fdc8367d4036fee5f81c9d713de58fe049a02c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 90a0fd3f4e44f14564df365cea3df1f0
SHA1 72630f3666d1ae4bce73f4fb6c02368775762960
SHA256 55774d11aeab5565c1a3661733c61344fbb46c464e0ec612a4c41fc0be7fefe6
SHA512 4ee110abec928127739cb0ecb0289fe6e757b6c386b7153a02af7c63df0cf65c170b1028e587c916180cefc2a9bab035a296a48d1f747669dd0502499bd5a12a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\formhistory.sqlite

MD5 6b843a19837bfde222476d32b74c6aca
SHA1 5fa32fe6ff0732835f5d569509845a1da6f16cf3
SHA256 6b2332cc316d77bc7f161000bc68e752d42c1b9d396b1387fbd14a075bc8958c
SHA512 eeec9d56f3d509f33f4f0d44397c06cc1826a5d12059929a33c6eeec09dbdda66b7832e98b819c2d4063d7bf8553fa9c2b30c26fdf3b8742459308a69b5fc421

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\.metadata-v2

MD5 f124d97349059ffffbf7eb4e5f0397e3
SHA1 e83bbc7998249de06d772bb04267b71e78d62653
SHA256 cccb5fda85e15273aa3fd744bce621370bbdcf316a6b457df67e81fa556156a8
SHA512 48ebf0907a2c11272ee910401ef53df000baa5513bf437f383b056ab64608cc1b3bc2283d80dcdb493266dfc820b828a92b2183b33fda406eb767d58791faad8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\ls\data.sqlite

MD5 4d64999d1d02f1a9ec6140ac16ccb4e0
SHA1 598e31e72d534104c0804bbfa67b0bf101b09e05
SHA256 f6221804afe43e885de7758946d29ab38bb95853413a6ef46e1cfbf4dd1183ff
SHA512 244a0054454ec309afc25eccd0db77bf85c8c11dfef4646adc46953b010b8366198d058976dc64d891898f9eec9274add0056495e59037e65c1e52dc7376478e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

MD5 c2a703e5c7b68a92d86007d3efaff96f
SHA1 1b9bf737a03db35ba6f3fc249242231f5d2ab121
SHA256 f7309148f023539d3ebeeec788fc8ddcfc40f9a1b52dab1272ea291ca5611d93
SHA512 a1da9d10f1acc6b66177245f6e35f68bc11e5db77466491920a7aadc525bc7bd1366aabc99160bfe6114d8db13ebd04089a0f1373ffbe9833485b56a501d396b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

MD5 9f23fb9f70ce2fd22ec954f12bc365f5
SHA1 9dc3ba58c1325302ab77ecd500d3605572cded7b
SHA256 b8f29ed6c40960b7e37faa93566ca35d874c771cb11877db087547ed0c85b675
SHA512 3330b26709efc23ff521c0daf5981c37ac630520cc335262bdc4f6abc2581c17073afa770e3f48f841853f6b587c51055b7cda1a2e144e2219bd5ce11e2aa8ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DB196D4F47247911C47AA62F771F7A9328ECA201

MD5 6d342f61d41bc45f33d4389106858008
SHA1 57e2a9019d95d8bb935da59d3af6d348b64ba091
SHA256 90e61d057dd0057577e4e4b6a27da9ba9ce5424fd007f2c6ebe2e41c6405178f
SHA512 20f6be9341e23d5ae4c936aee5e7137cecda58672a4167a5ba0ed5a5d719c0369122b53df0c057b6c3f35edccba2955de87ca6ea2913ffa449fbb895a46b9ed7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6F395F655E15B75C6A67E270B92234144C26CD8F

MD5 476d56e4d4c6f1c2f07777d8d645fa52
SHA1 1751a745e2eb35871cd910486adb0098db4c5d5e
SHA256 72938a95ce9b0a60ba7a785634bff36588ec31d410afa3124f47e50ed467666c
SHA512 fbd2ca3a52996164f76bc4268d1ed4c3f432f1b0f5b40cd040ef760167f114a795cb0545b98d4f7ac5aca625fce42988ba3d3cf214d4fd5c4ede2012cd622263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E469ED0F372A44F05D97518BB8790E844AEF57C0

MD5 071f79af12f14fac0bc9bf46a878926c
SHA1 4b3e334fd134134c312aee832c20661bd4bfdd87
SHA256 84382e5086ed23130d490176621a86ff653568dbe6c4ac1facaf232f39b2dc09
SHA512 af8a6d71826c1744c390d1085a5e71509f38c4f07fae891851485de7696d37f5f6f5529f2279f323ebc99adda3410c74e43ecda50737c2e632694608e0c729e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

MD5 987201f0e6238b8a170d1ea9f8092e0d
SHA1 e27c1c18c6af244f63ceca465191de01260f314e
SHA256 5a122ac24d6979e6f694fb3ee92f1f4b3fb5dacf2ca233cf13ac4c8199bb5cb9
SHA512 976048bae36650179e347dbd36bbffab99a30238f64132d3bd8ba0fdc25dffdcafd3e7bc515ae2922eb47991a9a54cc0d14c8bac232e395cd6633a8cad927adf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\97E21079D4338ED644D10F3CF8B6CCFD6F24DA5D

MD5 f246264c943a819a13e6fed7607f3743
SHA1 d40ed01b1f4d4c88293956cccd0a46ddc07cd3bd
SHA256 93431269e8baf48d9eb40ea433dfe37a757187316c5787dc0016c8c469b6655c
SHA512 94e8b2749472a242a9c7588a0e5312d9157305d43d9df1d6814f9a1d8c27adc12adc044dc92cabed5e5e4f441d63d05e7996b697498b11ae5db306ff5e36f277

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

MD5 7d52bada11b47e2bbfbc37163f876f3e
SHA1 74dc4b5737c3fe2ccd9cd4e517e75642cf6b5259
SHA256 8e87b8de8944c7287833fa52ef627be96749484687a94a3a476ce03c09568aec
SHA512 6d434797bf0e8d63cdaa806cf38793191facc8d717a80dae4fc21c637c84e2a219588c5d8ac51f409d7c10c151100df88bb1fe3bf8dd5c44ac17c6d6ab7300bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6F57C7ABF5AA1AEF55DA94E6D30CA3A69005F24C

MD5 976cfe10be8a4b415ef7d2d6258e3ec3
SHA1 cf36b4eb8265fac235dff2a1f7316813249981d7
SHA256 3238f63eb845a146ef631bbb4ffa89c220c054e439c45789eb7e3bb0662d7bab
SHA512 437c2fa3af760832ecfb8f9ab334c50cf886a8ca5b2eb99444650e09b734669fc7633e9d2ddad3e5231816c7394b371fac3093342433b0fd0a2b8aaaf67bfc70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d5f284f2e3325a0ca2cac6574fa7bf6b
SHA1 9dbccf2458a32db34ebdee7925beaf5dbdf31fa8
SHA256 965565746ea4dde70db3e7435f6676c8a895269efec5e566741707fe4e189cce
SHA512 43711f15c6909e1ba5158d0e171b826359425a94b540cfa9d955244e09477fb6131ffac63c3e15cec64575cadbf46c9b7700aca7212427babe3224ec4c9eb39a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 7a9ca6c4bfa22fb213ac87061504326a
SHA1 13aa4c90022a9a9f7ad2edca03c8bb62db8dc3e7
SHA256 b3ecdb822084f664710d2561407f4cacec94049533cc8980f257c3111c4db6ea
SHA512 df4a1c2026878c7ed8abefe8b6588198ef14163f6f3e83d0900f0c92d5acd5bfc92b0104befea4837a9ae1e8284564415dd225f48d4ae0903ee2af942201cef9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\18279

MD5 da708f806c09c11bae3679ed9ef2f6d7
SHA1 6f378e988ca123a323f804095c0467e01245d35d
SHA256 ad6b26d37902762543cf9a4e1253fd2db381479c2f9b1b68f872c1d259ed75f5
SHA512 220ae32974fbf224b6ff6fec9f25757bb8826e0406714195f2f690807162ba923fddc2b9d29f4453a1bb173dbaeb060028962cadee6106cdc88e210fc5d73052

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 217348c035e7c8ef697af4d85cd62037
SHA1 6c35acbc846bf05a2a0160c8b4001ff72b5a70a4
SHA256 debe49f7e22770250d0398c6a8690c8b63f0e9c1b21ed843156f346e05cdf0b9
SHA512 662588347c6e935539ecff708dd2e8651e0d22930dbdf217eded7af099cbdc332f8685466e93ae34dbe7f1310c85a02de71c5b324030cce0aa1b7b3c203fc2d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 bbe482b93ff76dcfadf8f383a351175f
SHA1 b42811e7b800f311199bf97445f4d75de62f36ef
SHA256 51679edb3ead21acff706887702794fecc0c41183f231edf79ea810100d00f4b
SHA512 184074bc88ad979f2e92c5cb38d2b1f0ce2cba1245c78c9c39e832fdd15027a719a3459c344df8c4126d7c8c3cb4c735eb7dc02698360c6496b9ca4cdfcf96f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

MD5 b9ea1465f9d05e27ea5d9138b7f5fc95
SHA1 a2669b33f6dae4b208e33fbd11666e8423a126c0
SHA256 5059436a00d14914f4f6e410e3523daa5f908af7f45140ebade7954a50d59baa
SHA512 b89c3ccc31520947be4ef91e98fec58dda1443b9d736ae1c4f3ca802044cf2da0f578ec8f251aa41593135db68f1d4d621f033511296241cedf80afd1f6dbb07

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 5d50d6b5a8a87dc0595efdb389d01450
SHA1 27b0512e3070eec3154df8e537ca26c98f0f1552
SHA256 fb75d35908cd4cce0782129f3877a1c491327a4036c165a6dd2b99dab417d903
SHA512 ea228f3ffdbcb38a4121aeb13f74b50b5dfef040befb902e0764ade4bdafc621360c893bfe10a28f2f5244feed1c38156d4b6bb8ef9f23b0d906334191302a3b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

MD5 5516db054f18fa8468e5e4f6c8592b1b
SHA1 76ce1013dd979bc10fd05d9f1e1d8ee198db3cde
SHA256 42b14d28a017047bdd9b67792cd89c32fc7013a2b78612322065b9f94b32847c
SHA512 0b76068d395fc9ef1b91afb1eb08f12af6ef74f3014872b270b6e7e34003940fb4613a305daf1807b8282ec50683366a885d3252d69f036ffc4a7f770fea8885

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 aa683cabfa1ed2b812617c559897ce26
SHA1 43c2e38df7aeebbdaa56a5c8f460d0ca02fbe48d
SHA256 9e9e2f94f63093d34c39058d6adf05602f10a902a2659e0e3b61e24421c4343e
SHA512 5bba131570a4c9fdfe70a58df03cc9ddf1037c838a6c15421cfbeae165a0c12074295b8924aea10cb233f2c0b970a828f956797d5b481612d52b0347a43f155d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 63dac7686ad4fe9bbbf50e795df693dd
SHA1 f6681b04d699415a56b6f5808c084619833c11d5
SHA256 5d6313c8ff5f1f2212afc75e7e33b9de9076aa3ba861130fd8f488d29343b636
SHA512 4a0aa30f3c32d3e3bb399c32a220703ac5a7179c5591b34dbc3e341d93bc942efadd4089f94f3178e94cac7e636f1cd7c9230713236487d75f40a52f41829367

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\7\{f8e5dbfd-fc4a-460c-9320-31111ccdb707}.final

MD5 d551d4b67a589e9119684930847c5730
SHA1 e68b7ed75ed54eaf546d59922b47552e00c7b603
SHA256 1ff065fdca2da5ee1a22d34584bc94a7102c3052949137a0725627faa5fd61ff
SHA512 987731457a8efe57e854e3623e0f844932e8f7c6b24629fa52e3c744000e53f53c0fcdf8e4c8f64e33b5a1570d1f46a55233be6b3e7816869fb5c549d85d6c5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\26231

MD5 afe33078087e7efad8e193b8365e6124
SHA1 a0420624642648cf3adbfe10fd4529ecf9036b9e
SHA256 5720d614bc34f2af09349af595d3fa79373c1a2e9c97e9c3034d0a4cad94a253
SHA512 17c78e83d82ab0f6dfb8b22290e38b6f2223523b07d3f2b97c28e96c9ac20f5987edcf28b759b7204f2bf2a2fd40de733d2d105c8a225c445e59b36b840e5238

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\149\{e532539a-7855-4651-b4ca-a35e45dc2195}.final

MD5 2842fbaeda0265a0b97ed8a6891c140d
SHA1 c1d68697cac58309b522249b49b548b222ca2ca3
SHA256 2c5c90f4e493c46efd0e0d5a162e339fc4723b305a37ddede4b80b106920aabe
SHA512 cb8f6f6cadccd2a094cd471bbca3c87a04844500fde2ad8a8cade80081976f41f82726c86f506d154c244e647f7e43153954222f8a848f4ca1faa934f9bd0e66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2562770161c83f89dc873c60f68d732f
SHA1 498de0369d11d881402524ce1208fa3105579895
SHA256 2a68ffe014607a3472dd7c2f6597fa25c8971458843860ce346415c7dfecae92
SHA512 5126da9a7d1612b25fdbf3bdc25133290d5e9ef60dee69e5362b8c035bfb20e9bc7c3e5354b4b6a37e551c621ff59c915586b5bd98f9b967c7c5afcbb183f1b8

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-11 16:10

Reported

2024-06-11 16:40

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\node.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 114.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp

Files

N/A