hxxp://forwhoallvglhpsx6dhycfb4fu4a2lqkvxtwlivruw765qxofyns7wqd[.]onion/g3[.]php

Analysis

max time kernel
106s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://forwhoallvglhpsx6dhycfb4fu4a2lqkvxtwlivruw765qxofyns7wqd.onion/g3.php

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655749254081423"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4900	firefox.exe
4560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 3620 wrote to memory of 4900	3620	firefox.exe	85
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 2420	4900	firefox.exe	86
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87
PID 4900 wrote to memory of 5036	4900	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://forwhoallvglhpsx6dhycfb4fu4a2lqkvxtwlivruw765qxofyns7wqd.onion/g3.php"
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://forwhoallvglhpsx6dhycfb4fu4a2lqkvxtwlivruw765qxofyns7wqd.onion/g3.php
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4306d6c6-3acb-4514-8709-3f7f2e01630f} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" gpu
    3⤵
    PID:2420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2d2f96-8391-40ed-94a0-268c6766def2} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" socket
    3⤵
    - Checks processor information in registry
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3248 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55001d3d-9f0e-4a88-8e21-e70c35de0f7f} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3424 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2741ae31-2aee-4d42-8deb-3349e49be451} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76cadcc8-368a-4fab-8de0-223aeb6c9112} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" utility
    3⤵
    - Checks processor information in registry
    PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -childID 3 -isForBrowser -prefsHandle 4904 -prefMapHandle 4820 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52dfbeab-6a2f-449f-adc5-c6b9b55ec024} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab
    3⤵
    PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82d66f4-bd20-4353-9d33-c11e0274efca} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5043f1b-4c47-4b8b-a1d1-14243274174e} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab
    3⤵
    PID:4980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1800 -parentBuildID 20240401114208 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f17ca4c-22f6-4a5f-9df6-115b7f210b72} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" gpu
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2164 -parentBuildID 20240401114208 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16d88d06-5aad-4690-89b4-3e929b383fef} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" socket
    3⤵
    - Checks processor information in registry
    PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdb374cc40,0x7ffdb374cc4c,0x7ffdb374cc58
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:3
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1260
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff674644698,0x7ff6746446a4,0x7ff6746446b0
    3⤵
    - Drops file in Program Files directory
    PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3688,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5440,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3516,i,4527763757899122721,833061749653258352,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2252

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
74731f7e8a52548a6d96c51176a591e3

SHA1
9695f0cb7a7ac1189e377c45a6ef79acad8d04a5

SHA256
c50706c2f18d2377c1a619de03fb1264502eca4c12345a3837983f338cae07f5

SHA512
ea181d23b7c3f4c350b6aad65df243adac292aef8a7ae84e2eb7a85e93bbf8eb96752d16502e824980071ad0f7d016ed6034df263c532bb7293c3a83b0779370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
3314fa3ce332c92e6b98c96835c6318a

SHA1
979e03538b6f627e5d2835ef053615a87dc51c9b

SHA256
e8dc4ed85ea6173a446db4ac5d224df56148fe26fcac652bfa35986b95e2112f

SHA512
4374d3e24db85b75c4d433b794dc9daae89ea9007673bedc037e7cd0d82676ea1e0d638984c0912567e42582c9d67fa379d559d714a42a742a22a561af1ee891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
7c5db1a85f282c328835770aad13d994

SHA1
c09cfa0bbff68c874078da09fa32f3859d5470db

SHA256
1b0342d408828c7ea45f9410335d60770754971b5b0551b408009a8aab3fadc6

SHA512
6d936e2ba1eb83b3f699cc20098bde17e02b605dfd49796938aab722f87f73c8e042e333e2427172723f2c0d0cd21bf9541306600f8506a70f4ceb041d113d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a37f43efc5edfd13df1b9c56490473d8

SHA1
51d2d0fcb2ea0d4e844a112238b8c2cda4689273

SHA256
861a423b08bc5c0f32c7ee6f551bf3590cb827c6eadd36315fb416b1fc62d5fa

SHA512
77015127f85636274b915c8b2dc62c03054d1f0e9fcfd528bf9fd6c2e8d854a445a524d50ed681ea336a796127d231198ed30574963521522dd6156e463daa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
09f62437020469f16480e273f227d7cc

SHA1
b9336a2375c0b331b74831ed4b617af0fec3dd01

SHA256
bf57765d4e94d430c247623c4d1a1afbb36f8e286f533f621c193189a37988e5

SHA512
6dc9d49641a95d2350c326b5536220f58c9678447e2210f525711eba09fa121f8a3d0f521f7bf811c1121702c3e1a60e58cf8fd1b171b95388ea2ad6ed0ed200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
11a927fa0bfab8b4039532ba97602de0

SHA1
4106388a83642b071a8f9706fc7dd1dabb982f3f

SHA256
8b3ef9b29b7f703e1e30feee1b5ea5254d97a14155ba81a62b9b8f3ab6f04c75

SHA512
888851f98bac0e93fc5072da372edde5d46e9fcace79d2dfa75d8037b56d1d1b877f013c80c2573b7e5d6804ba6bb8bd55362e4ab688a6990462b7f9c2abcf73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4675bc4d6268481f7cf0355849ee711

SHA1
db9a0d5a652e448fb1b3bab44920303a18b0b747

SHA256
4597412b4f21a4fb152ee95afb8db9c4a69158d84c57711db65de3df8b865a1f

SHA512
1f8a177644299d6b0646a6008c1a2d683d23cf7151c3a3f8cede0ef75ec95315cfa9a47f74c38547f47c5738b35320b976a42403a37d262e7eb86665ef7fb258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ae981f343b29337f91a61b9365421a51

SHA1
7e99236f4c6cd33273f90fb04f2db4086573a130

SHA256
3cde08cdffdbe67281735ec96099345ac69af3d9b51e81fe94e55f89a5b4b68a

SHA512
7b67614d2dc432779c64ce8b7b2c81590bf3119af558fa2d346e0d3f00874a1a2de99428559924d6a03d8937198c836e3a14f17795ffc4a6551cb6f958572f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a157ebf760634d5d595327fd68fd766a

SHA1
4d1bc0393721afb0aba405743447d05e162b752d

SHA256
cae23dbe203b82b50e2b69204d2aa56fa08bac509f5ebde373885722fc8b38a4

SHA512
f7ae53278458c7df9d9ce04aa2be278c9b9c5cc494e336d5fca712588eddea476c737662665ceabdb555b17c62a70866866245b9aef0b83ce8aaff15b419ebd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
11b12449f4feef164d07fd4589bb7832

SHA1
bb38fc9a36afa309cf4253e5391ba6caaaa5e5e3

SHA256
99160626690d74965cf2dd00cb9025319ede9148cba9cf16743fbc0c5ddab7e0

SHA512
bb194881279a275fcba9fbdef536119e1a1332e17a4531655fe3dd427b1f0873bcb0ab56a321e455aa0adcb087edc8f4a968c41bf977398790300009a18e8025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f78f43c6eb66e4fa497dc4b5a74a84db

SHA1
37268dc6218b0505af69863e745db4562c6b6091

SHA256
2aabd6f4b39d43af66224b603e2bac612e6b471631fd4829a47f294aa2513d19

SHA512
9e3cc05d1927838fcb3de90f7619a4b415b73f5d3298511695d36a0e5f21941fcc6ef58aa31f6fc8698bf087f15e41c206ea3958d381a0d49e0feed575171d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
7c5e4570cb3f1f732274d00a49ae1521

SHA1
78eebbf1e551d4c399af75ae445a995d4b2b31e1

SHA256
032403094af21344c8401e0af59c3b47f42e655051fafef1a4343ad60998933e

SHA512
aa3d31603f714d7102d5bdd584143cf2cd1d2d1752a15d8276cd58fb87a2acc63813a03d901e15f21d01b1f5c67550dffaf5467cff20811bcac20e8cbed5e99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
5faa8fb77f022054f5da285c78d87039

SHA1
ea39436dc3700b5bc8981d28ff1d6508f82c182d

SHA256
9a59f79d65915ef8331740219ac2aba81697ddc7f591b3bc4cd11e40d5983eb6

SHA512
a66f158149e6c1e7d650eaeb47b8d7a2f1816107a9112bce2ba8edf24081274a2e9b4cb513764d8237e4adfecd56172641ae321a3ee70e2f1cfda0724af4a0e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
a1ebca7f251ac725ebf27e294cbec0e9

SHA1
a7a5010dc38b7de547fd715715bf0b777029a1ef

SHA256
9664ccf7a476a313da1ce0a033ba3151bc1aa672aecc1586de111a91f9a7ad61

SHA512
c97cfa409c0728cd2f127ade517a24d7ba195042e46f8ffe5fa7218943ee27e4346810c50faa12d9b146ba7562bdfff41e79e61990996a4fadca7dcf17d3b711

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
4766c3a5d978ff8a5ff0aa5993434edc

SHA1
63401d4991cc76f78ab64daf90a5ccbe16d3b851

SHA256
b03e4948d479d2a29bc7bb9a0156505b60b78484219b32ea736180d517adad92

SHA512
b4852c7764ca432f5b30b5f22e5119b8307f49073811bb26fc633c8692bb40124b5ea629f9a6c1edfc374ba03be3d754015e65794dddfceae249d658af5adb0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
da873431a0904b06ff346d724e1191ec

SHA1
fb637ce549d931526008b357add7afbe3cf42ab9

SHA256
baf0884c06a50c5b8ffcdb5b06b3b5c77e3f90e2e73bf942143231eebc624b20

SHA512
e90d62341172367d0c8bcdbb7539a3f171cf9894a5b580a4f1aaca631bbf5ba0d79b60a94f6e76386ba00563dd07055323f5a9b33d37b24681fe61837af2413b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
912fddee2ef8895999c00bf1d887c6f6

SHA1
b40a8286120237addbf14d422cae130723d9d381

SHA256
14e827b4fcffc0a0eb7f1b97fc25fd1137835c31f67694036cf1b299e33a97a7

SHA512
ed8292624d6eb62669f55e4e97d2745c02a73b92c20f8b55998aea7c5cf561d72de7c0745808a6522e1b00c60974811a574d4bfd49dc7aa51520cb25c696d186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
c8da46f42951e5c068028cdc3f79aa6b

SHA1
8d2a4f40a38d42cde4482ded33b494e9ef4ac016

SHA256
32360fa0334e46c1b2c59516833fd0a79c710428721b21290af26e31df282994

SHA512
76058b5f8ba04e64e72161805b1618f82bbb97168d5d75cae346a81b0de79c322bef44e1370d483716ab1f6471e38984a674e70e9fa0c09ff464db6b614f8322

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
9798e29df9930621c7d07424ad7d75d9

SHA1
f78db256a59909a1dec320122f8076182ddd9bd3

SHA256
163d81b03a004e9a47a3e792b7b5761de48e33fcea1ebf6989c2b7a2f6c0a341

SHA512
8973dfec0612972f218afc74654f92c1c37b8dff11037ac0bee154eec9b3c138e93c78a721e8e113d19046580d3fb66c5914d2bf6fd6f879a8ee65988285fd17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
1c0c2119059ced52cefc0094a553a264

SHA1
ffd9fc64cae0e89becf510cffb29f4faf99c30fa

SHA256
41af38816149269f5abab0bbd454ce75d8393e87b86d1f7d12c915005d2a9f1c

SHA512
305755fa892b1cc10a8d2ec0f71f2f8791f2ca0dbe006406d24f9ff0ec50f689faa3fbb69b8715b21af555b15fe0eabf8e79fae61f648a3d3d62d5ed2c04bf1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\0413b60f-c8e7-478c-9a8e-c721314005f9

Filesize
1KB

MD5
c1b30bc38b16efb64c6018195227d25d

SHA1
4cd6276da0b324084cc29752bd75b37ed1f87a05

SHA256
8efd2e198032ac4b4cd670c733e6e104252e2a66480d73c4e369a936a67e4802

SHA512
5e74288d53c6a4df899942503e0c1d21871713128df1441916a7a1488253a8af38f629e83734b9bb38a88a9b66b4648ac6643efe33fc6c99f5f4d5c5ae298830

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\6c67a363-2b38-4c03-a103-508293cbf3d9

Filesize
659B

MD5
16fcc50a0fafdf470e54840be63e881b

SHA1
1d5046c8931ebb895973d55dafa98a043131f042

SHA256
146ae7fceceb89f8f922eb00984462a48df761a053170412818a3fa2ab7212c6

SHA512
6098a8aae7ef720a33cda8b4cd929208bb0f1b1488964eac709c08027cbc7b058ca315617a5cc2251d0710bca2aafdde3850940b9293ad7f70dd9464b74b2c1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\860b90d0-3fd6-4beb-a9d8-ecdb1f1f54bb

Filesize
982B

MD5
a0c2ccd98097e05493828a8cc3b4f35e

SHA1
b552e88152e3ae89e92e3096187c9e36da9a9748

SHA256
c393b51dd2eab7f3bcca59d5cdeaf7c944d075d174284bc6396050a6aa0b7db9

SHA512
8549c46127e86fc0f215c737342edda1e8055022c45b2f7944e620425d78205cdb775f1d5760203b18277a88bc932e98b740cf4d2951efa0496f12b75c691235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
8KB

MD5
236bf60507e9ba8b6782f7735f53fcf1

SHA1
be97c5cfa1630bdbb3b6693f8a4bbdae1ae09606

SHA256
ef19383c561fea414b6fccde4a6728accb239690493c626b33aed6b2ebac0523

SHA512
7b92f505ce014b223629d0cdf60b6431cb47da4fb9686307928c3c579df961bf348cbf1db0446d2febd6342ff3e7c9385f3595e48f5bddfa52a9246599c85f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
8KB

MD5
480b866d948543a04f94e3a78a3ea586

SHA1
ff6293e3ea747efc6243c0fb8430de5836983054

SHA256
b26946154093e81f2ddcd005d75b05e2253131fc384af905fc111f8b9f971982

SHA512
e50914ffdbd9d9b73c4d4e5fc3c3fd849a7d6ce40d9fbbe7dde4dd9933fb6ebe01e172c6d3234243d69614cf1a03b0f9494b7a650e58f95d5e876e68ccd22e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
8KB

MD5
1caaea00474e146c21cad066f40bc50d

SHA1
41712250b04497cda8b03be527d0b1bb1f700022

SHA256
2a9135e093e7034df9fa9f4a4cd7a4c7f171a798d749b6bf101b85d7959d3c5b

SHA512
3165bd70bcac635d9106572c17423f9a629c6eab9e8f6b8dda38bd2f121fde7cc78a5d7ad2cc2bf5acd7633d9cbfcb17287dbbbd960b5930eae00886e80e4025

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
8KB

MD5
9e7b9df591d55cfa88cc8c9b83e43fef

SHA1
fa95b0e3c6fead59566264771aa6b505d4e6d861

SHA256
5b1debae476f84bf73aa7cc76b25964ce866f04e525fed5c8c74185b31a018bc

SHA512
ccf2a0d6df766764c190a17e72beeb3f38b864de81f7247c7814342b71ab778c8b94bb270d009b7f92ccb578c0104cabedd26e8a3de413bb65206a2667d67f66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit