Analysis Overview
SHA256
2129ef708b866ec19b4c343b9e6edca94d26109c222a8bf51fa911b00bac2297
Threat Level: Shows suspicious behavior
The file female-vocals-wonderland_121bpm_F_minor.wav was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Windows directory
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:57
Reported
2024-06-13 10:26
Platform
win11-20240419-en
Max time kernel
1214s
Max time network
1219s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Q: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\unregmp2.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627478670870547" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\female-vocals-wonderland_121bpm_F_minor.wav"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\female-vocals-wonderland_121bpm_F_minor.wav"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff95eb8cc40,0x7ff95eb8cc4c,0x7ff95eb8cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1680 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4384,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4752 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4416,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4556,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5084,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4768,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5164,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4256,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3260,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5312,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6d2428-2c72-4e3d-bd72-b19c9ba430fa} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92846e59-01e0-4651-b519-dfd6e5cdd0db} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2916 -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2760 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77642fe-cc01-4761-83d9-1697b21317ac} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1428 -childID 2 -isForBrowser -prefsHandle 2712 -prefMapHandle 3420 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d479f71-fdb9-474b-bcbd-68f5703ef2c2} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4624 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {545f8ba3-53b4-4b72-add5-97c19021421e} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5212 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4552327b-6c38-4476-88aa-b74557428d8e} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5148 -prefMapHandle 5208 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3a96eed-6ba0-4f4c-a14f-e34fa9659473} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f32a37dd-5548-4188-9083-28cd60027194} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6000 -childID 6 -isForBrowser -prefsHandle 2808 -prefMapHandle 5864 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a6e514d-b48f-4c00-a78d-0b40d6971698} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wmploc.dll | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 127.0.0.1:50001 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:50008 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 8c46a87b7732fd85c28d46931fff7039 |
| SHA1 | e7a500bc6be37fe3ae634c191626bfb2835d9ea0 |
| SHA256 | b24ed64712d30f6d4578063c15e38dfdd738d4b50aeffac3b7cafbf2aaf4edf8 |
| SHA512 | cfe7c16605a209b4c555267b89f5c68fa43bda54902852d38c805f673d2f0e023497f0a3bc0b9d82db341ff2f5eb25f881f93940ec3e4eb134c22dfa9d5a3fd8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 63d4bb0972b7b9531ccbcb032719def3 |
| SHA1 | 245916ddb20bd377dc5590d9672efeac5d3e9668 |
| SHA256 | 3fd1765fbf8a15e6840c93ce35fc53570cdc5c585fcb6657d7106e4a9d995e33 |
| SHA512 | ff0c4b49103c6e24c96eb1395ee848ad42192e7df6a8cdb46a505c052c83c21cece91dc089d269beacd01b0a4f691b5ce7a6e61ca6e2873a8840f54a5a7f84e4 |
\??\pipe\crashpad_3552_ZCWHMZYEOWLCKXOV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | ce955a977cfd6440702131769a560d7f |
| SHA1 | 8a46b39b2eb8f24936215e33578001c1ea0cad05 |
| SHA256 | a93ca8d544fab7a70cd97bef7ac5d4058f9cda272ca11848ac7d6110a5252d69 |
| SHA512 | 70ef8069a53b483a76dce0be0f9449512642ae52347e63228291ed806dae6e2b3511e2de43dbc2133b758e86f7372560290f725054689bbaa58ae97972c6b0c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7cc003728fd50a73095e32f2f131d507 |
| SHA1 | f10446d8cf16029adb09ad318282877405eb54d6 |
| SHA256 | e619c88fa2e247c40ce3a189b34eea9c2a7690c9871eadbaaa8f2420a697cad8 |
| SHA512 | 998d37d36564d0432edb61b827b984461e2b807049092a238445434276e08834cff2fdb52ed73734fe08d40827e84f7bacfd84689373039246620311a754925e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee4ec7c0bd99a71a6919a5af555b4f61 |
| SHA1 | 7128a3800c235ab3e417fa48c0653f1efec7c519 |
| SHA256 | 6b1841e80afc115160a1d76e80d8560a88bdb39906bddbe8ae2ee1ff457197e1 |
| SHA512 | d3852bb3a502c56c3d530caa6cd187f3f48cecabb8a9411063f20d64435ed2812d6a575a12f13b207c405a57cd35a4d1069f8f62dc1e28192c960fe8a1706568 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a127cf1365941970a5e2a9382737b7be |
| SHA1 | dcf2daab6b739b20051e80727f356f8f0c75e5e2 |
| SHA256 | 2cde9bd09b4729a314b1451dcb8989d5464ee57cfdb9b10bc29b10ff0191fe7b |
| SHA512 | 9ea4615b428192b5614cf9c9abaa2be5b9c06bc735870544b1c294e8b1c81d9f13854842efb65efcf1222f979f73e0c1e421db0229d9bd49977f7077b8454df5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 845f622b4e5aab3495dae88fd45d1f37 |
| SHA1 | c4296d6320e9037ea1d7f5236efd613a1bc219e5 |
| SHA256 | 7667f418c543f7610607800831841719e0709859c924deac3c654584ef037a52 |
| SHA512 | 6111c11c1452edf3f52a80e0d751f91d44cf407ab00e692088f1ec94526f75691147a7257ca8d849521ccf53d61bd288761ebc8f7e978ae0d5d86c4193cb5d0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c1cd8c01a4ef38ba6254503a1c288ec3 |
| SHA1 | a64ee8c1eaf23cc4b21cd4b6612e1b6b403b72cf |
| SHA256 | c6ec508c32e393b0188256ed4702d2efb8e88abd5f9f98918a42016ffc235539 |
| SHA512 | a64d6128bcd09a63a68e8494707048d9ee9a60aeff64b0a2ceec921f869b4532595e0b7ba5c4a9b4baa6d21e216c09cb3043f6990a015f17de89fd4314b3495b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1960b71ed38cab420f647799cfa5056b |
| SHA1 | e3063cca5c7dae9718956255ea62cc018549d21f |
| SHA256 | 3f03ca16a340b1c1af22da7442c2957dbaaf2c38adbcc67a03d7893942aa2bfe |
| SHA512 | 5a665642e36a192a8868e3e8f146fc4b09efef7777ede5e6670cfe72756feed716cf77771f2bd64f86ae9348cbd8c6bb95247921b5e617c7bae749acd140c78c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aa3d026830fe03e44c915763d486f8b6 |
| SHA1 | 55beeec111558ed79eafadafcd883a12479230d6 |
| SHA256 | cbeda2f935f9e92566fe322f967aea381968914f79e74673f899ec7494af4568 |
| SHA512 | ff29dd2a136369c83d41b43b774dafe6829e2d4846aefe3e287ad71de2933413c69c633f547f51d4bbec60024b86969282df34f3d6905403e38c22f78e209e0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76f90b13cb99c20409e6885c668d0102 |
| SHA1 | 0aa91d7b4ba26481155d65ed6e27b009fd7750ea |
| SHA256 | d34908f8a5d34bfa739a262052227fe2e7dc363f1d2380864c9c71b747d7c0bf |
| SHA512 | 515cc1234c7cfdc79b604de4012aed954ff668a6ff0e6e8a3813c7ab1b3e8de6ffa83722a4456f333a886740f34c50f15c2925a6c8125390a84805a62d8d8a10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2e60de5178f77f523aaf829c84c2b094 |
| SHA1 | 4c545d8afed140eab5b9d22623305aafaa5c0e19 |
| SHA256 | 7f90d0fd31cebcf7988790f4eae33fa6be1ffb4c3a0fcc4195462213de22bf59 |
| SHA512 | ad9ed6094831b8bb74edca7617e5b48b42519877fd570782df698d55a67febb6eac7612cdf6b15ce47481955b7d5fe8908e978083a7aee79b53df60eab5b05e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b9ae80231d2d667a54190c1e9814bcd |
| SHA1 | 2ecca4cbce607ee6e9af5e1413f14d5ec9e78cd5 |
| SHA256 | 8c4bf87f6d245b76e8e495e120bb67be2c8890c8d62a980b43c2b889f667986e |
| SHA512 | 43d3f87d3b141e520c8242dc9b854725665797f9df74007a598afe407b627c66ad563b1308d962d671f12503e705537f53301123e67f0774f74d86b0fe72814f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bc8f6e93b865890d8e3607371a12fdc |
| SHA1 | 144a798fb1b2ab0154ee2dec2a591c8276d715aa |
| SHA256 | 63f35541ffb547b6777c8b2fd5aec6842d041ebcf5cc980b8d133b2a26abfc71 |
| SHA512 | bbebb5d7d739d7df8f39134eff6aa07abc955a2915a67f1175d2606c00b90acf8b8b44024ccb28b18a066d62d94787f50f956fc652851d777075bacc98eaf246 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7f8c5609a3d2a4245016d004d062f0b |
| SHA1 | 91437ac33131725744b15436e4a1c492f04013d9 |
| SHA256 | cfa9be73d55fdb37ada6d668435d4f48a30489512ac693420c7a3763bfbe7197 |
| SHA512 | 4cb488f0433ca9853190514a5844babe533252a400e061a7922bf165063b4edcb52ef899a9342305e63e45f3feab939c10d5521d3bcdae65d16e299b7a152257 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5deeb45d51e09fe0947b75954883673f |
| SHA1 | 901989daa673b33779c538c3b02ee0b6112485f9 |
| SHA256 | 7169a97b1c8f0e62eadbcc333d1da72c37132365293395c1dec6c47d8063b434 |
| SHA512 | b8bceb290701f8204d73a279244321ff9e631c3df648443861eedd9656345343a056050de863a5d19abfcf36fa03d1cc00cffd8691b887660f42a42a916d0f0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8b81c0ad630ebffd7894ae8061b1d743 |
| SHA1 | 3c591322b597761457b96a5f020e698c2a4cf15f |
| SHA256 | b77751f992c2d53942e06f87df39810df75d7e84b95a267319e4689d86b3bb69 |
| SHA512 | 2b4b8b9b3e7bf8175e24895393d123fe204d841110b894c78c548dfeedc57d67b8c93350a35cc3cf97beaf9784114df5500a6ea873c8737cbf84869e1ae23eec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 068cee36bfde3b9651997e21786ee8b2 |
| SHA1 | 2eba78365a7bff1671b7af31c188de59ba931370 |
| SHA256 | 38916ba662aa0f20552e01baba617a05acecd3fa5d7b506df3a76426dba9a5bf |
| SHA512 | c6e37ee8c82d4ac08b976ccf695bf5c565b8f06960366c3b7925e723931846ee3cc194ccf687ff30ceb5753c30871a546e9883fae03f3a5daf4749086ecabf45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e7fad17a-3d24-489d-aa99-d9f39ac8f04a
| MD5 | 4dc16a8d2da9328fa074aa02639dee24 |
| SHA1 | b4ad9c98b5f2d3bd37d392af38d023e2af081247 |
| SHA256 | 13d16ceb1636274e6a2a11df91ee35f2746c80f18eaf08c47fe4a01f2f4d4c49 |
| SHA512 | 2665e255477562b191f384fad5c263722960f91c988eed1a79df3d426b1f141ec4fb7894ed9c2d146f72870eeff73639be762dbdd1dbb297f356a2cb91c392cf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9e7df45e4adbba84a4261d631439b16f |
| SHA1 | eca046c41004d1aae629e23627995b23fea3cab2 |
| SHA256 | 485fe7cff473f2279625ce28b31bb00fd4f75e2cef958b2eec241d92949d0cc5 |
| SHA512 | 0305bbf6a0f176df97f7e124c65cea235117315a7fcd109816154e97eeb685bd682031599e2f812c5ea2c0e3aa48e2b0fb5fc6a8b2aa12bb7e6bd644e6657bc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\5b703952-4546-40e2-9a60-e2cde6a863e5
| MD5 | fb7d373895d0128d48f00ae69bc01c2e |
| SHA1 | a3185081e474946ae72019715f0a604430a97833 |
| SHA256 | 04c0324da95ea0d7ef40458b4dbcb36096ee22d54411f998870a68df06cffc82 |
| SHA512 | 18942b3c0a008f8cd189f2183eed8c58c185802a22452db8ac4821309098cd1c5c43161908a38a200ae9e6b799e3860e4e46ee9f63adcb17c4b37fa84c81f119 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e511ee3b-c299-4c37-83eb-6eff2985d684
| MD5 | 30d2303643244f1e9f8c4d4958373dce |
| SHA1 | 80b09b7aec1f0919bd1a889f0639218782ef53bf |
| SHA256 | 5f12d533fe3627acc6fd457e4e91a12f095ea29648d031394ccd3da3ab5fb2f9 |
| SHA512 | eb67ed09f2d1d42b09128239b40b2c12d5d95947892e965df5d1a7eda39a91af7d4125c142d7b268c3ebfc05766f289c480117778bc94c8b1adb745aea16e7d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4ed7fecbe202245f462ff6ae192a2d8f |
| SHA1 | 89935611d9ab68537aea4bb023e81890253e40c5 |
| SHA256 | fb06c4f07e77d86c0c4a18784e9407d08f5258a070b03e59ea2436d2013cb385 |
| SHA512 | 5868f8fd32af4699c1d8149f68155646e9844c0861fe077e02fe89e6e80ebaa5f04d7c463bb8db2d3cf25625d05f3a9e8e41463d2fc92490ba1d99b5b5f9dbd6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 14bf3e9cede66e28299d357fe5fd96c9 |
| SHA1 | 9c11481933afbe66bc8953b845bd3f771155a981 |
| SHA256 | d4aa1b4704519cfdd951d17949e106267ffc408b3f5852827d1e37f0835f96a3 |
| SHA512 | b16fe0d2058881ed077bb7267d00188cb50c5f106cb0df1f358abd2f208abcdda4968ff6dece26776a307a06ffc72b41e70ec669ca893afbc1dd4f85f09191ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 291c6e0a78f3e80f16b556502841f0cc |
| SHA1 | f9b62290074e961e6b1e124dcf0c034914e16df2 |
| SHA256 | e4d2e1e04f5ff5ff250154541abc97bafa17ba4a237ee69b1b6ddbfb8a41054a |
| SHA512 | 5aa73fc4d13239caca6200c8050cfc830606709a2f3a313028e815661b700c5a2088bc918ef615100a4d541cc26367b325af4116d5dc6b8c12b78e30f9633eae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8b8d0db195b7389a730a98da2a2e4aa7 |
| SHA1 | 9ce73292aab84722008bd9ac5861ecc80f918c61 |
| SHA256 | 8d4a7117c22ce833473696855c5d7ed51f249464f7895dc2c4d6501aa3a0e7e4 |
| SHA512 | 1a28bd9dacdc82e9615470a722f34fc6d49eda919236c98d7c5c45bc3517f8bfaa3cf830bc9c8bde0e2d510c34c69f5413619f31f149d855b02a74dc0ce462c0 |