Analysis

  • max time kernel
    114s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 15:40

General

  • Target

    123123.exe

  • Size

    658KB

  • MD5

    42f8b99dea0186908eeb30d4bd293cda

  • SHA1

    2c5638b79e88b8b2f7078e7ea5fc3eefe73c8855

  • SHA256

    04486743ed363cbf4859592608f09d3ec9158fef8b128b5f57cf133316b99847

  • SHA512

    f892ef131d966a098d2e45b2576e7faab6d1391c1597e759259229e335eb8aac914fffadbbbb42f8942257027aec81c7d715928e9784a139182d9e68eb85c87d

  • SSDEEP

    12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:OZ1xuVVjfFoynPaVBUR8f+kN10EB7

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-7B3BWFW

Attributes
  • gencode

    Xu99WfLfeqW5

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 31 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\123123.exe
    "C:\Users\Admin\AppData\Local\Temp\123123.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2884
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.0.903014579\1160547912" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b852cf71-ea14-4ed1-aecc-97c7481b27c4} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 1300 10dd7058 gpu
        3⤵
          PID:2212
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.1.2084959991\806814457" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93b4549a-916d-46dc-9e7e-1244d518da09} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 1496 e6fb58 socket
          3⤵
            PID:1076
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.2.1549703919\1589374324" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e6e6f1-f506-47f9-a14e-127fda9eeb6c} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 2104 19c7a058 tab
            3⤵
              PID:560
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.3.2085239477\2117655984" -childID 2 -isForBrowser -prefsHandle 592 -prefMapHandle 1652 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44d169b1-0d2a-4c93-85eb-3d5305f999f4} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 2408 e71958 tab
              3⤵
                PID:1772
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.4.406981598\327743342" -childID 3 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbaa616f-5369-4e32-9734-3b8a3f5b748f} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 2896 e62858 tab
                3⤵
                  PID:932
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.5.1720269604\163197529" -childID 4 -isForBrowser -prefsHandle 3768 -prefMapHandle 3756 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb80c53-621f-4d68-8a1b-ab38448a54f7} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3796 1d2bac58 tab
                  3⤵
                    PID:2044
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.6.658409213\945725864" -childID 5 -isForBrowser -prefsHandle 3884 -prefMapHandle 3788 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffa9d43b-5221-407a-a2e6-0fa07ef39f8e} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3904 1ef1fb58 tab
                    3⤵
                      PID:1852
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.7.1539232744\10481551" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3908 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {add76e1a-e5fd-40d6-aa53-fc90f83e3ac6} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3960 1ef20458 tab
                      3⤵
                        PID:2684
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                    1⤵
                    • Enumerates system info in registry
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:2524
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4f59758,0x7fef4f59768,0x7fef4f59778
                      2⤵
                        PID:2804
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:2
                        2⤵
                          PID:2540
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:8
                          2⤵
                            PID:1656
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:8
                            2⤵
                              PID:3076
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2076 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:1
                              2⤵
                                PID:3196
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:1
                                2⤵
                                  PID:3204
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:2
                                  2⤵
                                    PID:3660
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1328 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:1
                                    2⤵
                                      PID:3772
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1376,i,12413491169905757090,1122430577773043945,131072 /prefetch:8
                                      2⤵
                                        PID:3252
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:3392
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                        1⤵
                                          PID:3420
                                          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3420 CREDAT:275457 /prefetch:2
                                            2⤵
                                              PID:3940
                                          • C:\Windows\explorer.exe
                                            "C:\Windows\explorer.exe"
                                            1⤵
                                              PID:3640
                                            • C:\Windows\system32\AUDIODG.EXE
                                              C:\Windows\system32\AUDIODG.EXE 0x468
                                              1⤵
                                                PID:3532

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                04fe4c5407da4b43f2520d26d0835643

                                                SHA1

                                                babb5530f2605dde1c47c353dbd2753857fba2d4

                                                SHA256

                                                89a9ab26688267f73a13739694b80f9609826c8ea60ba0ebbfed1365bca52457

                                                SHA512

                                                4bce1c6e62bf262ce45c10019b7f468e750c17e41bb876535a66da9fffa07aeedc20efce0bdafe618f8f2a215f66c128d24207083641407bbe762b68dfb1a826

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                e4b3c342c0a901c0dea2d7ed83fbcdbb

                                                SHA1

                                                3a35b55420332ff3377d1757335d282634327162

                                                SHA256

                                                82c692cb67aabff20b3df6a9963740d698c5f5048027c6cf22b3032dbe94cc26

                                                SHA512

                                                57330b688c7b32d1f48548f882e472b3b7daff87305fd04547dc666891e4bc7d54cd141263218a83465f4cf3ab8236b2d11d2c715a0533a993d4f41b2356307c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                8308ae79750dfc65e926fcc208673bf0

                                                SHA1

                                                ea84655d3753191d710a90229216cd2c440ee6a4

                                                SHA256

                                                01c87096e502b8099e878c78e54c612a54cffba52de65ae2432dab2d02126c77

                                                SHA512

                                                07e85485d93948d756ea6188cba2e979a69c9caea6e808c62d96a3fd0e822be569cc8303a0c4642069907bb5da52fdfe1caa0ba5330b1df81a72a8e0af2b7aa1

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                058f6882453167f24c0b65ee184261d2

                                                SHA1

                                                9f0833d10087c5f154b9df416105165d2523b51d

                                                SHA256

                                                7c1bb946c5bc54c26fd4227e310ff83690c9db5fb983404424cb172a40f248f6

                                                SHA512

                                                c8d64d90bca293501ff961b03932bf5bf46e2344c6022a3956f64e12d6c4224fb4e2165345139e76a4d53bcfe8b8e5a06416bb3ffb7742aeb7eb9d8235c62abd

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                badbdb82c369e39d5b8e851a644c3ee1

                                                SHA1

                                                b65036608cac61594e7962e00213095250efc5ea

                                                SHA256

                                                3e9a8d849ec6702fd7938ba974ee1d4dc6bbfb4b33ad9e3d98f24186b1700faa

                                                SHA512

                                                b36c0b1275b20e7da6e22cdc19da4a67c07ce31535bd98b24a06db432a45563230bbc7b53313d6a0ab71e68e7bdfe3e42db34c8ad3b5dd6f968f1650b5379b91

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                583fb7b96d78e1e287c37b9734d66b4b

                                                SHA1

                                                6404e5357a2d1fd12055d98591d4e64351ae9e23

                                                SHA256

                                                c018b55fe71288c2cd2579f412dd2d99f40417f6417fbfb9faf2cdf6a542ad78

                                                SHA512

                                                d749f442db03f0d921be669658547ba9d5e6aa12ab734e649fea77a504ca3e26f201fcc0c6b017da107962fd09038b4050ebcca2452fca6e7218921c3931b90e

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                6f3b6cd2194f4897eeb84e006ff08fc3

                                                SHA1

                                                c86c8d516c26c570603b0226124ca2b465b02011

                                                SHA256

                                                565a3e2b2debcd9506d9f97aa96401186d5e9a3fa4c10b864a4552b2c8033169

                                                SHA512

                                                d86560c60bd27ace9015890af141cc0dcbf4dc2de4fb67a886cf9772cea445822958696bf6a2bdbb2d0ab8643ea0d0ed7cc1929c58067f5bbb53b92f8bac448c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                810dcac5b2a3c76fdb69d4b54683a6f5

                                                SHA1

                                                ea4c753d5f0653b6819b789eb92ece6b865c89fd

                                                SHA256

                                                0022f0c95add12bf05376cdf7318b4467237cf89f9aa17d0598da38171f12bd4

                                                SHA512

                                                fba9bc8ca92f59747bf55db9f3fc387228a9d403cba8496ddf23b4c231e259b2758eaab7a5b99274c5a0f7b8209fde79265cef0a19b773d1aa6ed1e18f0c1c93

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                e995207306fa0c924cb5c2e84ebb2993

                                                SHA1

                                                a67d746ceff7e61a0387ff0a14028b7c1cb6585f

                                                SHA256

                                                c293f0b14f26a5b5ecebffbdb03b39a0def12a3f0a47347b160113526392ed1c

                                                SHA512

                                                c1f94a22f16d9acb1f426615fbae40129f8750d657dd727982c3d112b4332b10501d57004c4c0bb3d7f86221271d0efbe6b019596dbf2e07fff60db63b515753

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                a5c31e5c7ad20ac2fe9cebba13765bce

                                                SHA1

                                                11abcb3e0019786ab7ccac8bb3974f9f01b38c8e

                                                SHA256

                                                54359efde9fbf96d6d25c95b1b06b2e532b28ce50d4bf072a9a1dbfb4ef8ded0

                                                SHA512

                                                a3536a62bf924f5e92c6d06ed720abce9fc60329bbef02106aea88084c32146c241d546d7963fae7fab4c5e92612ce258fdd68dbfd9fa5780ec2afae6ec15073

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\71f0ddcf-5cc7-4af3-b20f-551d1047a4fb.tmp

                                                Filesize

                                                310KB

                                                MD5

                                                840306ec5a8b7cc9778074846040d181

                                                SHA1

                                                351c103174d110ddb0440dc0f96f9f0e45949e3e

                                                SHA256

                                                c4e27392025b0f3706c0fa1cad0797a620fef571e387ed7a308484e4e3b3216c

                                                SHA512

                                                504d717cc25b4bb36543b72af277a0600867e49f2f1e5d3d33c7e5472d6d93e00a2f54f6199e73ca7fab945bfb42680a1092e33d8550b9aaf07966bf03ddb31b

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                Filesize

                                                264KB

                                                MD5

                                                f50f89a0a91564d0b8a211f8921aa7de

                                                SHA1

                                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                SHA256

                                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                SHA512

                                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                4KB

                                                MD5

                                                27c8cc067b7d25974f6355167f6b88ec

                                                SHA1

                                                b14966175da27c5eebb0d3944d78ca23bbb5c03a

                                                SHA256

                                                d40b253fb732f69fd1e7421ecb4fa9a655328ce651b14221a77d6b39a8d560d2

                                                SHA512

                                                2d4321643528433d5cfb147ae036db3741c932b0a4facd9e5563e1baae2891fc65137fa20a75fccd2a9a2a31264cde4f38c49a1e618e7d32978a540f79878232

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                Filesize

                                                16B

                                                MD5

                                                18e723571b00fb1694a3bad6c78e4054

                                                SHA1

                                                afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                SHA256

                                                8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                SHA512

                                                43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                310KB

                                                MD5

                                                1645f35b4cd7dcd3f52ca041c17dbf35

                                                SHA1

                                                9d8b5705d1f7351bcf4a19bdf2d5f1332363e9b4

                                                SHA256

                                                b80fbf528f4d4eba19e87f30f7a4ff56f9f565431856344375874fd87bca5535

                                                SHA512

                                                4377c6b763588608e0f204276c0f89b8e674ab162f8a68927bc6e1b88eda787d3825b2c107f6cf995288cef5388dedeea752f4659c13848fa50eac1733bbc672

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzuz3epu.default-release\activity-stream.discovery_stream.json.tmp

                                                Filesize

                                                43KB

                                                MD5

                                                b2557c14337ce83fd30277215f6d138b

                                                SHA1

                                                51a7234ce6e071f4a90a56163eeda8a6c757d89a

                                                SHA256

                                                d1423f6017cde2cb26d12e0726e91aa4436d07e1f9365ae3e3aa2bab3fc93263

                                                SHA512

                                                10741786998dc99e66047e4752d99507516b9ebed2eecc813c9fbde9184c201b172873fb2ae9900a325a31d9714b4a0684d395c8aac3084d797299cf5e85ab43

                                              • C:\Users\Admin\AppData\Local\Temp\CabEBA7.tmp

                                                Filesize

                                                70KB

                                                MD5

                                                49aebf8cbd62d92ac215b2923fb1b9f5

                                                SHA1

                                                1723be06719828dda65ad804298d0431f6aff976

                                                SHA256

                                                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                SHA512

                                                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                              • C:\Users\Admin\AppData\Local\Temp\TarF03F.tmp

                                                Filesize

                                                181KB

                                                MD5

                                                4ea6026cf93ec6338144661bf1202cd1

                                                SHA1

                                                a1dec9044f750ad887935a01430bf49322fbdcb7

                                                SHA256

                                                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                SHA512

                                                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                              • C:\Users\Admin\AppData\Local\Temp\~DF161131FED82F61E2.TMP

                                                Filesize

                                                16KB

                                                MD5

                                                49ac70093fd76ca61426c19b02ad1794

                                                SHA1

                                                7da1f2721053a2d657e163e6088c1cd2aaf9e7ac

                                                SHA256

                                                780c0a4c1875e03bda8606e0cdb936c152271db0cd14eccb14a25bd4bc8ae6eb

                                                SHA512

                                                fd062640ca59c80e4609481aba1b686c06b2a4522d78257467f8709bdffa89232d3ca680bd43aec949d083b2158b43103d1306b4149eb4c5694733c84f49ca9e

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\datareporting\glean\db\data.safe.bin

                                                Filesize

                                                2KB

                                                MD5

                                                b8cd670b3bd2f0589d00ea31d6b73813

                                                SHA1

                                                b8fed49f4f91dce97a02f46c098069d4ce2afdd0

                                                SHA256

                                                ad21167a8500caca94b94a38335e6fd448b659d75b32a9f88b461947c9c72916

                                                SHA512

                                                e7d382235bbc8c1ec6f72b7fd848d978fb29f959b1ad5ec658669235ceb32bbfecf3e7b82d9a6a7f77353019c8730f770182c48eb758199992f12ea8027c0ec7

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\datareporting\glean\pending_pings\966b574f-cad6-4395-bd04-1730d0d89d45

                                                Filesize

                                                745B

                                                MD5

                                                1aff96969ebc7b10bf7d664782d60906

                                                SHA1

                                                0f9e2c3e12da8c05612bc14fe7ec6e6bde75db32

                                                SHA256

                                                28bb6a71ecd8465bc51247e052270127617cfc8da45a227754a385ca29cd0999

                                                SHA512

                                                4fda107219c71cee8cc277fcf8b1e39840be03fb4378000503c1c52bd7c3b81a3210c36e1c83c69f11266a6c0cc8add3aa57663f2db91e33e08f564063d3e263

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\datareporting\glean\pending_pings\b30472e0-6387-4119-bd2a-99d19957a7a3

                                                Filesize

                                                12KB

                                                MD5

                                                4d436751709c804875164e1341014dd9

                                                SHA1

                                                cc92130f3318f777c26e67219e65ac0c3e0c535e

                                                SHA256

                                                832067a0657afbfdfef2102a149e23db02cc9bfece79e602761f493d8591d4e3

                                                SHA512

                                                c8e4a8a6fdac73d67eec6bc4b6027debc6112af8b94c8af9d280dbd8546976a4598b536be2a5cc2b996f3f837b5139051f48e2d794be63bef770743f269613db

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                cac731b3f42ea071052d201a5d2c9c1c

                                                SHA1

                                                3df90c719187364592ceca0c66a3099f736eba70

                                                SHA256

                                                de36aa33bdb42e2c6ce93285220d99a45ba32f93e36b4c5a06a8dbaaa0d01a3a

                                                SHA512

                                                5948ffabee394a97897bcfc59366579d9f26c661f20404f98071a8b2e9eb63825dfe273ff97e425e8c7a6c63b44f9157fe7c0c05b747368a7e2361ab04bc78f9

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                4dfe0a56711289d4ff9b03c92cacf8d8

                                                SHA1

                                                74e2a0dbb2fcc4a7af75c49d65d6900fce6977df

                                                SHA256

                                                966cbb3c1ab54890d4a996a52bd00e22ac25d21fbc303c400ea74489cad2c575

                                                SHA512

                                                d810883921fdd0f5290664b59f1e7c46ae3b21ec0ed30eab0979d903ff9dfb8ff2f88fc456098747835850a5254a5d4d037fef24fe22f68f8bf982740be31eee

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\prefs.js

                                                Filesize

                                                6KB

                                                MD5

                                                a0af9bf73947a99807c83bba134bd3cb

                                                SHA1

                                                ee51a1da3cb6b97610b9fe0293f1a7b8a0043c90

                                                SHA256

                                                f3fd6096fb342c043e04d9bb963c7cf9a876fbd3e5326888927a06a11b512897

                                                SHA512

                                                a66cf2df655d090d8145000f844ab360ce4913ae65c3efcb15be29d74b71236fc5372994510823a0325485e7bc9d8a93a0f81ef25eeead0c9780a46bc48631db

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\sessionstore-backups\recovery.jsonlz4

                                                Filesize

                                                1KB

                                                MD5

                                                2d6e33641941162e53097c1f59039574

                                                SHA1

                                                98ae1e3c345e0ac89bb6f748439a7c5890d54628

                                                SHA256

                                                02fc9ebcfb4ca8a5c3ffa8e39ebb52f75440fb1585615a2c53d2437860f87c89

                                                SHA512

                                                0dcea6bfcb927e36ad73b042d5d5b389f21f88c82abc618b146f0e10da633a1b3058d08f88b4cd414cf13c792d5935de75383f84868ea365f00ecc11773650b2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\sessionstore.jsonlz4

                                                Filesize

                                                842B

                                                MD5

                                                916677065d95ae84ad8c4ab543f049b0

                                                SHA1

                                                8fbc12bdaee2fb628cbdea7201ed7bf8d457b1e2

                                                SHA256

                                                54686deaa34ae74cb27b196bd7e5d302639aa33fd9e26f695ef99174adeb779d

                                                SHA512

                                                53085c08fff70e0c057d424ac75cc22800ce2d18f732cbcd803dfe9f8981de289851e1c9e4e51696862caafcaa8bdabdc371c25fd56bcbcbf4f250208edd523c

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                Filesize

                                                184KB

                                                MD5

                                                e8e64cb5fcc79df45cc8a13f27fa6bb6

                                                SHA1

                                                9681f0339dda3a8eb53381893e8e1afeaa9ba5d1

                                                SHA256

                                                d2494e2eb46b2c5c1e83d2cf5bc33c50ff7679556a0da7e57ff12957bd304975

                                                SHA512

                                                2ff624f6c457cc233c96197fa055822399cad8301cb5fde9ef97181d1911be53257f104b4e7eb26f5ebe1dc1e549ba74bdeb0fcd3401a6bc32c2890184031096

                                              • \??\pipe\crashpad_2524_FJUKIPSEFGGIWMBD

                                                MD5

                                                d41d8cd98f00b204e9800998ecf8427e

                                                SHA1

                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                SHA256

                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                SHA512

                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              • memory/2884-1-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2884-0-0x0000000000240000-0x0000000000241000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/2884-640-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2884-2-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2884-3-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2884-4-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2884-195-0x0000000000400000-0x00000000004B2000-memory.dmp

                                                Filesize

                                                712KB