b5831303ca967b4e76d886c51a9c5559e3a55bc6596f744c0cfefb742b156373

Analysis

max time kernel
106s
max time network
101s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/08/2024, 07:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

new.py
Size

10KB
MD5

3d9ac1ac37e6558db7ba0022b08b5fb7
SHA1

562fe8723e5b0abf879793e843d3e439b1e10e86
SHA256

b5831303ca967b4e76d886c51a9c5559e3a55bc6596f744c0cfefb742b156373
SHA512

cb97db425dbc3a959e16b2f0f314783d257e46d3efe801062ec0230fece2e5ef83b3032b93018db61b390ada65759713ef3222795a7aafb5631f6c9df1e0a54d
SSDEEP

192:i6zekdqMu/XRCzugolbKe2jA27FzSelyNQMXV4EjRjTdEqy:i6zd6zvueSJ7laXVNjRjTdw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680927104398492"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\py_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\py_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\py_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\py_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.py	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5628	chrome.exe
5628	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1080	OpenWith.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
628	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeShutdownPrivilege	1452	svchost.exe
Token: SeCreatePagefilePrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeLoadDriverPrivilege	1452	svchost.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeShutdownPrivilege	5628	chrome.exe
Token: SeCreatePagefilePrivilege	5628	chrome.exe
Token: SeDebugPrivilege	5904	firefox.exe
Token: SeDebugPrivilege	5904	firefox.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5904	firefox.exe
5904	firefox.exe
5904	firefox.exe
5904	firefox.exe
5904	firefox.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5628	chrome.exe
5904	firefox.exe
5904	firefox.exe
5904	firefox.exe
5904	firefox.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1080	OpenWith.exe
1472	firefox.exe
5904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 4956	1080	OpenWith.exe	75
PID 1080 wrote to memory of 4956	1080	OpenWith.exe	75
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 1472 wrote to memory of 2740	1472	firefox.exe	78
PID 1472 wrote to memory of 2740	1472	firefox.exe	78
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 2976	1472	firefox.exe	79
PID 1472 wrote to memory of 3276	1472	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new.py
1⤵
- Modifies registry class
PID:4560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\new.py"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\new.py
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.0.1337917547\1462061079" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd52556b-021b-4a4d-8709-00ddf6232e1b} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 1796 1d1002d8358 gpu
      4⤵
      PID:2740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.1.1147595017\230621613" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3957dbdc-ff02-4fbc-806e-1bea0ce792a9} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2172 1d10020ae58 socket
      4⤵
      Checks processor information in registry
      PID:2976
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.2.1375985436\1969778039" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3096 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33111499-e630-4eaa-a71b-7bce77d711b0} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3284 1d1045d0258 tab
      4⤵
      PID:3276
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.3.201045082\1828009788" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b503be93-b83c-47eb-90b3-216c85c782dd} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3496 1d105311f58 tab
      4⤵
      PID:4876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.4.2067100775\1889620246" -childID 3 -isForBrowser -prefsHandle 4764 -prefMapHandle 4768 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35478ef2-3f7a-4924-813b-5d0ca74ce134} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4776 1d106995858 tab
      4⤵
      PID:2152
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.5.320484213\2100143538" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4896 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e0fcb3b-a2e5-4503-b41b-055ec2edd8dd} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4796 1d106c24758 tab
      4⤵
      PID:4516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.6.2104124967\1763008915" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0393095-c188-4711-a9b3-6a42825fa4fd} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4984 1d106c26258 tab
      4⤵
      PID:4908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.7.1745939310\239529665" -childID 6 -isForBrowser -prefsHandle 2652 -prefMapHandle 2660 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab3e03df-f4c9-402d-a0b5-efe0e0dee7b5} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2728 1d104561d58 tab
      4⤵
      PID:1800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.8.994219636\489612313" -childID 7 -isForBrowser -prefsHandle 5508 -prefMapHandle 5380 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e375426c-78b4-451b-8d95-4d4b989af4e1} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 5516 1d10812d758 tab
      4⤵
      PID:3052

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:1440

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4880

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:3572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1200

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1452

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:2312

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:4920

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb65af9758,0x7ffb65af9768,0x7ffb65af9778
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:2
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1992 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4644 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2988 --field-trial-handle=1824,i,10014263980694299415,359810025064188556,131072 /prefetch:8
  2⤵
  PID:5168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.0.1457140404\1182561911" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 21136 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f0c798-cca4-4bd9-9a68-09eded2caa1d} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 1704 1f2773fb358 gpu
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.1.624879199\1004032498" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21181 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34af648f-7735-4cfa-94fa-e47f00c5f44f} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 2000 1f26c4db858 socket
    3⤵
    - Checks processor information in registry
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.2.541880603\1717308504" -childID 1 -isForBrowser -prefsHandle 2696 -prefMapHandle 2692 -prefsLen 21642 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b296ff7-47ff-42fc-ab03-06da4e2017c9} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 2708 1f279bab558 tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.3.1396846575\1489227760" -childID 2 -isForBrowser -prefsHandle 3316 -prefMapHandle 3148 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f22986f7-2673-4218-b33b-086b5e4d0509} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 3364 1f26c462b58 tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.4.686339834\629941532" -childID 3 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7db4e89f-aae8-4254-825e-cf820cd8dce0} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 3644 1f27bedd958 tab
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.5.1870255179\1481406671" -childID 4 -isForBrowser -prefsHandle 4336 -prefMapHandle 4560 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd7525b2-516f-482b-bef4-a3e7340e4421} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 4240 1f279b26b58 tab
    3⤵
    PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.6.275489970\1366214628" -childID 5 -isForBrowser -prefsHandle 4548 -prefMapHandle 4192 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d57162-ac48-4df8-99c1-bef4f6380159} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 4448 1f27bedeb58 tab
    3⤵
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.7.1235541112\1750595988" -childID 6 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb423160-6dd3-4e72-9757-5c39b6914840} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 4820 1f27d56b058 tab
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5904.8.1581925853\2023124846" -childID 7 -isForBrowser -prefsHandle 5332 -prefMapHandle 5348 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee310854-dcd5-44e2-9b7c-e00f6a2889a2} 5904 "\\.\pipe\gecko-crash-server-pipe.5904" 5324 1f27eedfb58 tab
    3⤵
    PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7a891a60687b6d446139173e8508ef94

SHA1
743a8a7abfb747d6024ac1b43fdee9ed9babd4d0

SHA256
881da89abc7bd2c19430f29b2ae754ee62c8c5a34495e980261d6a9b2b80049e

SHA512
a7b10be89a792e69c4869639c03d9f8b091f80860348cfeb718d62510fe2fe4ee2618cb218fed401c1bff6c8f369107900423bb305b1b03c4ffe2a20527897d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e533ffd7cb7385c613963a361a221cc8

SHA1
90fc85d7f5246b0a6616801f284bb48a07d77364

SHA256
1065f6744523130909231ae513df4b6d31e97caad91c8c95078b89d05a270d91

SHA512
877755464a558629f76c7fddc0df8f29f09cd3f3950b340cbd61241d9460cab0bf62131d1cc2a6d872875d6c8b955202e115e8a0b1fe206531b5783e80e7955d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a0820f3b5dab8d70a76d4eec6988bba8

SHA1
e54a8b133e621204ccea98fcc915dca452b160db

SHA256
95b7d049fe93cc9d7e2010bd0f573db8f88ac5019f21fabddd3b69d191511581

SHA512
dd30327195e2e24b80e3fd8a1c734f4d8307a45d2db88adc001e4d2d1e49610313780224d5dfe573f5405abfa5680c4cc5ec64ddf44293d2190cc9ba05e80637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d00290ce17985566eeed3052426f6304

SHA1
45fcdcd82633135745f810ed848ae1532697daad

SHA256
e6dd8e99dae6e0e222d88ae2141a1765cf78b56c95ecf8485d2792e44d9df05e

SHA512
bd1bacacdd813dcb444744aa99c6f532b6a96e85f5ca9136d1110e12a4b253aa641f215c41d36bb6e8e594ffd127f3fe97c4799a8640877cff90c3fce85f426c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
86554f849800e9e48606122e2044e01b

SHA1
f0d47e8159c984effd07feeb916f08ebc32c653c

SHA256
cb67b67bef8205898f2c3035de0efac73d6f41e084ca36f16f76b2424f66da04

SHA512
74bd3762c92f09b071803fcffde2ca369dab8f7aab43c6218db717f6b1909c6a79200e2960e24420c595804c15e52c11ed4374ac3a04488d13f1b873fae0808e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
5360e865de6bd7f4feecb510ae60086f

SHA1
2edb404aa03f6a3e16a6f28e4d7fb6b6c708f9f5

SHA256
f17a8e345a5bd925ce4766f2521c4a3a47b9f930c635307bda098ce080236165

SHA512
8ac8ee3e3ecf688984b67883340c514195614ddc825389228a21a2025c6d4812ffb2b5ee33c53aacb0e08f5489ce28b384360de75472866047fe738d2de3b4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
2747e4d316c94783174a072f73fff055

SHA1
78b31f25bf16a2ad4b690ab955ffce140bcba1ff

SHA256
9f7dbe9a0ff5cf6f7910c27e76cd3c5838a56880a26188749197c24edef5f4ad

SHA512
2456db51a318bafc08d8ef285157441fd93743a97c432a8c7f9817d48c4a7e89376247e9c68cdefe0b02242a5a2e126a3c8ccf4d964112bc510239197a800d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
4e269f43e81d5d526407b7290cc29db0

SHA1
116f131a839b98e4447df0c7e66801934caa64f6

SHA256
779fa3f5d0ee00dc03b27d97d58fa22c0437c9526b79572ff9d9c94cd320daad

SHA512
af47cd1bd3204eb9e4790898be4d169a2398476a2e40cfdf466681df547a858c204bbd348cd663394213b9c60d0a37349b733533f356c1eb328c9891de20bada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\69C9A4EBC3C5973732A0457F7AB16BB97E0523C6

Filesize
14KB

MD5
fa77e6c1d05cc8e214f2d262dafb6304

SHA1
0cc613ad2fef7630132ee0c5a6e9846b9ecb148f

SHA256
6a4ba7408b329541dfb9bb99b720f67aa04216158d5337e6b2c0ad1deb3f4800

SHA512
60225a1eb361c9fcf3bfb92eb0f1bbfb293d628380d487107888402db6a2930af78ab1f9d341ce5a9805c555bfbe8b55d608a8a144a948ef2b823e02e91f738e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
1df7288e6ca405bb44c67835f53d02af

SHA1
81f50c4fb56c945a13c34f9abc322abe6a225f51

SHA256
f9280b6c9aef3cd44b436d89d900366ad7e820194e0b1e27c3ef05c8a57a0234

SHA512
2715cf833b2def2ac8fc68d7884f49e084442ff3490da211a6af7b16c46dc5e82527a48a49b46b79fcb2e8542b8f4e8eb668e78e27c5732d97864709cc831190

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
c59129da6c2f114e513dc2598e3d4109

SHA1
cdd84590d35c5cc4d28d6e479aed4624e7036bcb

SHA256
be7391199970408dc781c95dcc57c9e28ad2eab5d4de46c5ae6e912039528ea0

SHA512
c037baf43d787e8a8df48999bf38ee81fa74adbcefe5a9503b73ffaf4451159e7fd4eb3b3fbcec58cfab6b18967a6c72f3090962568a9281a568413aad7a9645

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
674755c15145ec25473e3dff8ecfb0dc

SHA1
88aec20e355a4ec940497eadbecf717bae59e80d

SHA256
9275980c72d5621aad85628ac0f7b7cd53dd7644bf151cd7a4878b67f4d88e9e

SHA512
1eef1b266c3fbc3d4c659b660e01f9775c26860eb72404d1e6a80b07f6dc8c0d8200b08f93a792a3bc19cb56d05777c19528d5d6814dd05a02dcf6bb43efd29f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

Filesize
218KB

MD5
7ad8f736ee022b3954793c13bebe1ded

SHA1
29ae35321c39d43f4946e53e5f0d55a4445190a3

SHA256
31304593a88b130dd319408190dd84a5d78505de0923db25a7102df5e2b4ce6b

SHA512
c0968ea3064757b9b67346de776e77c56e407a8de2b843a5a240f97269c054cd097fe0cb15a495c7292e850e647334601dfb05d76c1bc060956ba7774a4fbb09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\94F72B6F2D0DC3ED340D601AFA278D214906FBC5

Filesize
9KB

MD5
6dd928e8e5eb650065bec325bba02e32

SHA1
ed3116bae07b08c55ed143e57fca596142bc8187

SHA256
1e854c0ad9e9afcce6f070c479d6c0765e8111420610252282f8232ae3e69503

SHA512
5fe6c904bd037040b3255cd349072a68af4562fdcdf161159fbde7680fa27c9013b9de231cf7e7a2f7d4670bf026b3dbc9c563d09df4ea027bfa32c79db05038

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
193994ad59abec249ae6a99ca3e5de60

SHA1
bfe441950a54f9203ee165b80087dd7eae70d6ea

SHA256
4b609208dc0438afc438c1146b7d03ecf92ea08cf037d3b87704178808fcad19

SHA512
1abe5edbac1274c1ffefe91221863edfdf532069101a23043029a005d80f90047a4df448ad68b8ad006893aca47908689fceac70df8b33cb41c6706388d587c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
e4b75f5b31ad74c632f7eb6cb20961fe

SHA1
acd831238b178116332a419be89c73c50bb4c660

SHA256
a02f3a362ee638b5a061864a1336eab1cd896c0c233493ea51be105cc5cff699

SHA512
acb1e2e06846927345a4fbaa3f0a27cdfcbc5778d4489d8f05ce4a817102e3d20c1edfd4296fda1709120486b050461b64285a2bac75108f6d870310c1a40d02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9FB5E6047697568641592A7A75CA6ED3DBF5590

Filesize
9KB

MD5
1565cffa56cc8885d06cc4120ae03459

SHA1
22efebfcf69cca1caf2d92db8c8b06ea930ef8e5

SHA256
34fe26800dd3717ea9c0f0aacfce64a8b2ccb270850e6f57e6bcdc8980498a56

SHA512
83cb01b31ae8ad07c22a3d3ccd1c8b5c6a4314ac7c8c9a20a16735e8cda4b90a52f78ba84bb6facb13609945bddf0e352af687e06658eb9f8cebec8d4fbb1ad1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C45EB0179CFFFC7B4CA1E522C371AA6043DFB334

Filesize
218KB

MD5
dded42fb6efc009d8659ee99db6a2891

SHA1
53f48349dee0711cb8c84d830a50a130db5b7f21

SHA256
1c2e94e3b55570e135378dc1704189267e4f6de5dac6c43a25667c60fa477ce8

SHA512
017ed5024f77e05b8ac1d844308860a1d426d749edc3180561f441caf3653bb95a4350f2601420898f69e6c6d05bafce919d8580294e8b8765fbc543c6f99a3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
8KB

MD5
5425df2e8f1579255db12520f53e887d

SHA1
73b3d7baa8fd51d005918434b580ed3b3c5360a7

SHA256
a367678bf8651883270e6863a29619dd2800488eea863a5c3198f553ecb865bf

SHA512
4911a72edb1750c27cd555d4fc7c10d27221c81e449d129ff1bd50f8c7cabc9d8f17f555a7c263e36215fd7173d21f088806ff5bdc05827f2cbcc9c4dc29bca7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
66942ec93f185d8ffda586f8f1662b4d

SHA1
ebe24c38abb20839d217c6427ebcaa3bd6e479a6

SHA256
44c8ba2f3e380f3691facc84744b3eb7f02f3a7b8805f850ac786a215ce37667

SHA512
010cd85af3fdfb2f029f3c07142206355ee2060809034d2b38096cbe279af23414e506cd1f53c181eabe2cc50c2c05295eea38a7b34277af561539bc7daef93e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F21F53293B85556D4D7282B4E507DC37E6D6037D

Filesize
9KB

MD5
08547fb6104569eba6ed973dfc1c6642

SHA1
9174580a5a6a5dfc5d756afdca4eb9d896acb587

SHA256
ded6bdec59a67e08f8d933841e90fb49c7ac4917003fad4ef3b4822fd994c04c

SHA512
407e5b15cac80c7b8a665daeaab7ad1f5483addd5ffd93930a171ff071ba4c6a2d0e0d0718432dd610a7192b3a1edf9e55f6493e30c71d813509b43f5e577a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
45b97795b5feda173cfda6fe4acedff6

SHA1
631fd48d2e03c0b77865fa922a59483c3d5e0201

SHA256
4632a6a0f68eaf266ec9fcb739a000e2e04092a4e1da3bd5dd8023589bb09fa8

SHA512
1137ca4d9ae9d7e45643197ff2e964127fc302d0a4a16172805909c03e341dd96b8468c9fb4aa6177f28c83825a785464c721e79bb395b465f731685febcce04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FDC533421C8D2DCB98DE738D8A0272403E7E4EBC

Filesize
22KB

MD5
39b27ffc0a8f2b4bdda25c26d51522c7

SHA1
1f059db0c670cc107820ad937225d61ba2325d42

SHA256
7150b8401fc53946647b2e70fa350cf35c8817261550c46e97449eecc9dea2f2

SHA512
44accb096dbcfd8dfc9329f7fe7adfd41e75b79dcc69c1324f0448bec2d57df7b0f5d757812b41d556421ae272c80c67980e44afb465e73115af7efcdb0ed99a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FDC533421C8D2DCB98DE738D8A0272403E7E4EBC

Filesize
60KB

MD5
af06a8d27e16f22f839c013b02dc6bdc

SHA1
628da4cd56b973bfb37e4a83c9a44aba35671a1b

SHA256
0d0d275357788869afe9a30d59db54fdd2ee621e066708de0656f37997bf62ea

SHA512
1a147869272077e77de04b3df2294aaf45fb24e80594c719216c580b14511db7738d72e6aa5dc42eb4891c4e224c1adf01842513a98758ada3e834c0b571d0c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
b300241bb918653df3849bbea0d7c880

SHA1
e41e0f49deed0a259176fd517c9e454e3b988004

SHA256
639480a2509eb4fdf7ff9e1d02c13e093ab23bb90dfc1f905e2c03269113c39a

SHA512
7229a969c72d4a7f9e0cac384cbf06fc5ac533290dcc8394734f9469fba2f56df5d00c4e059125025517126df2cdd17a35518777786cbb453862b5e2904dbd7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
bc6e3abff53641517910b77faf906f82

SHA1
9ef1488cab13a519c822151f7dc5448947527954

SHA256
e0b46ec5d2cc94ffb829a445b9f8ee5bdffd6fa6961c36aaeb3e73fce562526b

SHA512
8bcdf0ccd7101c8d06624a82b7ee6290526a8e2fb0e3b8dfb492a51d37b2d94c79938fb5fb785ec4530085faf53cea4bc7c6e1368247203d15f10a9e66001586

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
9d7c843fc418b4a2e329494e63567df0

SHA1
9e19150cedb827e8ab9f884d774b3e2d1a0be85c

SHA256
0d92c4402c14b8c80efee2ff7dbc4f938d61c3b36dde976b68458d57fd2ae8cb

SHA512
8a65a94314effbd048cd8e9310b366eaf94208a5d95566619d98fba2b7c4ab5b6ddd72321ae13d9999f82ff438cc6902eb72adce1210c6877a1445fe678ddf67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

Filesize
766B

MD5
e66479101737c04f7b4553382db746bd

SHA1
d776f76e9638ec1c7eff4aff99a64ba32dc71085

SHA256
a3a15a3aac3a6871bf797b2bcaeff75f53a95371dbe61cfb69415ee2fceef67b

SHA512
d9415f64091fdfe474fc6507df7600b218a4fcd0f37725a96d4180c3fe588a595fafe0652dfa2f33990eac0060a6fdc551ae5ebb0aba6dcff297a83188bd8227

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
e9cb9c3842f6c8118b56afe8d8495115

SHA1
28b62ed10c3ed923a48fa4638f68b55de4e373ab

SHA256
ccab14841e0dc0d45da53e489a8ff9300ed257cf7a066a04a145f3a87d25f5ab

SHA512
1836725c3ec7ac1d2811985956e4709295052666c8504fcae0818852dd21de082567077d168ad685cebbd8566b663add9654654a1e5e8a1b1b4738078cfeffa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db

Filesize
224KB

MD5
ef2e7cf5d894a908e6684df53ac7b136

SHA1
e9e3d5230add75bb0d8f49011b33b81ee2b9c2eb

SHA256
b9c49a57b5471bd93e8e17c608398df5839e4c8cfa0f4443ed4e5a162d973422

SHA512
03a58956e14750afced4d8125d8b8db4310e93fed2dba8ca1c9f34783d70aad319d872b976b665fd22e5512809685510e2c2cc6d3f84b24b22ac68cc5e7f4594

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite

Filesize
512KB

MD5
a65655877be98930de6c4cef8aeb2fcf

SHA1
bd01daca8653a636113a702dc732b2a0c8ff59c2

SHA256
d4e8eeac92c89c84d5081859bbdbfd179b393176fd60a33af28c649cadb30670

SHA512
ab7df036ecd359f5f41282d426fe19af1224866841e30c0475609e74c0aefa3b034f67643094357bf58e1862c3742cfdcd120692cffebe0d953fb9e412af0879

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ee1afb361d60cd5cb5df1302806db2ef

SHA1
4b53000ba804e4b4234978e9a8e28a7bcca5c7f1

SHA256
3abba519e369fe4637c20843b6c53eabfb7294eedb104804b9c2896ef09ef8b3

SHA512
2c4c77500769be6bc3cdd8d19cf2fff02af6098d3dcc319c891f0fe48a88f0fd0df245b3db86ee742bd56b0679ce73d6f46437a3caabedcc53eaf614ffd90f5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
5KB

MD5
020aea7e510310911204ebb528885f14

SHA1
e69832e10b67cd3c3112cee022cd24e63fbf68cd

SHA256
ddcd623a5d15ebda588e55ffa97a41d9dae55dbff92a3945458657e547950068

SHA512
38599d10e4c9222e2138f1b1975bbb35eaf9384fe28b90e335d565a4391512f263eac0f16627fc91728fc7b024912e99a5e68f8ab94edcfb1ac415fb7451706e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events

Filesize
162B

MD5
2820c8cfb7c451ec514af2234dc1f251

SHA1
b49c66ab57b434da6226724b3354d4e746cccd66

SHA256
2415f9364fb5763987ccb2d45bba4f41ad7bd57bef6f10817c07e94d4e859499

SHA512
17411a7edee5a3db70651c0c78333b4a2fe5e6a015624e46421f9ab106cbfd8b054c6b38b1b6279bef72584cda5657e8e539594bac14ca0754001d40a1ae7324

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\2e1a85c7-d4c0-4ac0-886c-1ca6a18a65dc

Filesize
746B

MD5
4542d78b0a5851ed9f2ce0a02ae6a39b

SHA1
5cdf390a7be60af39bff618958747031db3c9c3f

SHA256
cd034cbe3c69ce7deeb7cf3f91d00b0c468bb9b4f029f318497f276e06829d5e

SHA512
f48c963dc23a3bfe0089534d9ae08e0e8697315fe1a7d639bab39a95157d13a3f44035e27aad48c403c5c2d475d5e96d57c2b89d63f7b36a96658c84073a2dd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\427ee0c0-6585-438d-9807-ed540f84918b

Filesize
767B

MD5
8023734670e7b8812d11c43b01e05158

SHA1
ad14def074b5d2c6b62944f185f792d3c62e0676

SHA256
5a4c86453ea2b031b78b947d4ad0a2a7d4e51e3d5dcd94e75c8a73d941af78cc

SHA512
52dea0206e957155134dd466ff94e03617fa36aa7b349082e1431a9d753046013d7c67e8767c4b70642505d63aeb05c55567b450dc75c6abe3f6e2dd783b9819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ad41733b-0ba0-4839-afaa-e9e57507907e

Filesize
10KB

MD5
2357a9192b0a8ab6f1548ae1f02cd564

SHA1
3f1a8b7e192cb454cbbeb924209c4b1960450458

SHA256
92989a62ca2fbfe819bbd94d05e987ab0f022c8bc72c24e1cd9b01b67f2c68f6

SHA512
ec60313add9d6e513601c661ceecd775dfc9c514fba17aaee28c5987c76329212396188d252026abeb67efdeff03270fa8f4b9035875295c65836ee5eb6dde77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c3fc1c43-8019-4586-8991-4750ea8f529d

Filesize
790B

MD5
3a3f682bf9e3a8bf77428781e6bde712

SHA1
37c28af1fd03e952ea2f5f219a2415602d337f71

SHA256
7bcdc0924405be9e4b3979ce5279ea725a778bbd87096483dce7ea3f0834f743

SHA512
8a00f2954da51472009239bc2a3ea11821794ad814eea0e771cd8be19da4773ac1d20c2a2b21b72fedf6c0caaa6b9f770d8dfc67b60bdbf4857ef2d2887abd1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite

Filesize
5.0MB

MD5
42d6117420da0be6fc352e7814dea81f

SHA1
9882f1e30e18e156e0b74ebdb24b8468bd38e2b5

SHA256
ccefab0063b97061579a9e4204ed68c1a0873ff77ce46ade2d9d5e1d128cf96a

SHA512
0ea521d20136e9185316dad09001fb2decb69d959bd50df959c4737a1b6995814d94b414f36b038455e1a80ff1fe6608535f1829d34526bc08d0de36a0a80d93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\formhistory.sqlite

Filesize
256KB

MD5
c8d99549319905449d8c243aa87faed8

SHA1
f5f94637310d2300e16835ed956497d719664928

SHA256
4a43f3bb529323db48ebe1f15a804b4b784a3df9085965e4e0b35acc397089cd

SHA512
dd6e30158e9f8432654be7a9726580c8986322a8be849f022e342b99160808f23ac9cb7ca2d78bcdf585145246934dfb317826f9d47c0d92c415a30139f7938c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite

Filesize
96KB

MD5
121fba605f4d8b06a517e4a35d09b2eb

SHA1
df41f97bf5b49d1825597e581ccad1f3fcc07be6

SHA256
01b8ecaccdf5bdc906c1d93184fd15871fc2cb79bf2183fdb08084b70fa33254

SHA512
8981bc613fbc77a2c48fb91befce62977797be0f27f7f4d937ef5de728ecc2c53ff16dc55955a6e48e51f930e44a92887b047eac96ae5faf33c0a51e6f75c169

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

Filesize
5.0MB

MD5
43bc2664efaec57ee5a65dfbbba8eea4

SHA1
19b5dc4d0f5952adefafe347b29c94c5c74c8dca

SHA256
81d283213cce5d6e6abe95f589cfae7916d6afb243519f37919055ab5d79492e

SHA512
231b8c9bd103ad3b2465509f89a16f4e514fb9e812695ca0127dac02f3590a02bb8b7f90f3f72be00ae52e507c2c34fe889a5bace20367f7667b0687e14c2d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
d31f6429edff41ca498613fa80918162

SHA1
6258f53725f460d8c8d1215c44c04e3e61bf127e

SHA256
a1e31b2b70f1f11a56b09bc8e4b5e5ae59d06fa32cbdda42e9155e10b76a3a29

SHA512
a95f59103f3665b68148fb41802bbc2071695d3980b3ef28df611866b7132e6ed5ac93c075e4afa4d01b27452b51025ce2984f0c096d3131cd7739c2fc9901e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
0fbd36164eb0d76e4e34dcbee9317b7b

SHA1
351db20adb6eb14e2e9a987bebb8c111739acfb8

SHA256
d734de5f621fde808a87ef3ea8bc292877c64b12d506dd6cac6f936d95328124

SHA512
6b0fd3d5ed6b10339d8b575bf1b1c57b75b8a12157b166e405c9a0f3c65ed0d77d3ca3da213986a040b2f1f4dde07b5c8c9e94765a987e79c746b9d02e3709ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
0519dd52d028e1138df7eab3078129fe

SHA1
93e39d34ad1d3454d674449807973bc7e6304c26

SHA256
d3c7a213d7ea3b26a5614d808eb191e024b4ffb8935c0302b81ffa351806c89e

SHA512
bc1d2fd98227057b1ed8db3af1c03e6be79bac073c4fef8166f1519598773c1aff7481c40c843bf704a326ee393f544a91d636b7af55d0d67e4a83f5a23765fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
dbf41f530605cd94b4c204e7afd97a76

SHA1
3c17ae44db78bf37985ce64f75f5d4fd632bac9f

SHA256
1616d4ff916034b4ca349c9f86b0fa6802e51fa5c9a792937ebc0d32da3286a6

SHA512
2b6e7f222aef252714419d4f02ec54d4b6f3984ce6b3d7e8751a99d6152832c00c22e1898a25bf7c893526e6742a8905f3887817227cf4ec5ba06eb3deabdf3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0157b9a1322f26ef7719ea2c6211896f

SHA1
611aa6326ba1d76131d38d666dbc617a44de41ef

SHA256
435cf2221d238b66a706d7405ff9ddabe73ff9c82a91ac3bdaef7b60c74fff92

SHA512
bcd810183980103441b09c79747795106741256dd3cbc9e8358816646b90e521d5737ad8609029455a30ebe10022e011a9feb3e10a7b987f6a7153bac0c69eef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c2e4ed5806f72db1a4f327634846a883

SHA1
f7b0012c1d267d7f521528b901aa996869843ea3

SHA256
16cbcd29b46731ec6c32eb1ca3fb8c878297b83fde9f0efa82d4cfae1e261ce4

SHA512
c94a99779f7cfe01e41e45ebae89943374d98207d0ea989363e41714fbfa3014fd33ce632596f8f07ab1824d497012b26d894aa4167962912bb7997ad69f6236

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
777b19130cc20d9bbe90e2e1e181634d

SHA1
988a9b107260afcf6e1b77fbfab51d13be05ee74

SHA256
5a9e2d380ecf784ec5f4e9d9b39b6876473f61df1509ebd3eba439471f06eeac

SHA512
fcd1a774d697dc47b249881f31f4888ea971ab3eb6b803a4e449724c61eebf314d559f4e2546d65dd2d8f645e1466bf3961507c87be5fc36c5ef2d4c1fa7485f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a7f8acdc745b9aea694c4e3ac2a6a4e1

SHA1
f93a2209d22c33d559e69e4d911a513f05cee76e

SHA256
60caf3629ec75b4e7bfad36160687ea1181e6c7f39e5365ed3e1e222162fa032

SHA512
3d7380bf9ba52a4fb741b65291748f698ba16b35f9fcc5bf5210f604b0b419570b35fbbc22fd41169de2c4f6b8e5ea40e4c3b4559a4f2af785b6c8516dab4c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9fe613192a80726b2b0b68f6fc6ae7e9

SHA1
556d12ef52743d325c5326999759faa0b2bff620

SHA256
74ad1bbaaa961a6973e683ac86e57547415e3af5d39e16c50ef00f9ee03895dc

SHA512
bfcb45df1cd91f17305c174084c2743fc4e07d5fd9ce1dac4faf22a79251426f3b73e3b63d853ca9a8fc8b0d4402a56c63493b8b0a1a82540379cfbee365ee72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
7c7055c6420493072f56b9f16a65b0cf

SHA1
8018acb512aa825925a86e7b1c7c965e58e83c73

SHA256
91ccfec1072e3ac2473de0140857523d019a32b52cc9cf8a72c1de274269cc83

SHA512
c5e35fba71c0775978a142123fa3f6e5b685c67686a330eda3de3f55592de3d4144385fe89dc208fa5cfa5f10eaaf11d2eec2b185f96d0c95944d54d07edf2d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
bf059584a696a437c6b1aabc81731a69

SHA1
69629eda5d5c3246d12bf9f5e0f97d11e0793240

SHA256
c7e67e4ba423de8122d2b47ca656cf149f39b399d03d7c8b893fed077eed7c8b

SHA512
0196293902b185af37c88002412ec200ad3469a8abbcdd4497b7088a954b32a1c2c623b61567e5eb030995de06405b4a8f5c1bd6873d9cc08c96db85186da45a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite

Filesize
4KB

MD5
7705db7e690d0f79bca572146b83f2d0

SHA1
ea36093392b6fb10c16b50f9d462bed7a312fe2d

SHA256
4ddeb8e7aa5fd48d24def0a3d46a62d9a468761781d70382a241c2df21604d8d

SHA512
15a2a0734f4551210d8b3ec52ec09696228ae04e7fa4c252bb70eaa81cfd30696738c779a8734553d46c4d4a2188ebe6789f38df2af9d2ff68c99fe35576ce2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
62B

MD5
e7a265f8fdcda8216b4ae36f48d87acd

SHA1
bddbf6ec56ba956e4b572bbbb99ea1eb57fe8813

SHA256
c1f6c9842e59f0e4d80d3d26fead4325a9f01e22163ced8fb8a2a9a3cafc66be

SHA512
75b66b768d0252d4fadef90a1b0d9f18f9fde01e1f3d04387b9644ecf7a6225e81f200b1b8fdf3c659a918de924ca4ecb802d5f13f528677141f7dec8718a9f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
b8c6a22b56dc2df830a6d1fcceeee923

SHA1
3dd39d4278c4ba8e8401a9e7d8f1806af11792e9

SHA256
871a0fb7add419762a339d386b054f60cbb6c4c4db5eee4768b795634c647f37

SHA512
7255892ac405e6d328e714492787e105eb1e68661ecc299b55391dedefc14a6618f2a88fb63d2560798cbbbc63a61fc0431b10977acb3f2245387581ecee3d03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
0fcc9ca45becfcb1c35ee12471dd7efc

SHA1
caeeb53d8599a54963f63697b92f4a280aab1422

SHA256
1aacce17ed04ab8a3e30fcf89612ac917351e9153af50efddca91c21eacd5444

SHA512
72e234b6522991bc93edf9cdee6e08d91bb4f11f8ea1d9cc06a780aa61161253b32bc07db746e56e911f1dfaef4cf14b95f2132ae4bbea2275be6c9b5ff97853

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
37598824c0eae58c01755c44888a22dd

SHA1
a26a8550926f9bf3f2ebcfe1975cbb99b54ca84b

SHA256
e2e9c76f656e2dd4bfff7bfd898fb1a6c5e50c00dbf36180b5a19e35347ae6fa

SHA512
28f2f34ee39c9d3f6845546e107fbeb6fc9a5ae2f01bf3d1b9037f98197d2f5e74459e7ed37fbb36e4052b992d05b43b27011ff622fa9841a00836c5086f7fa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7f868e557b098795d645df9ea302427f

SHA1
001f3306144559b4049a8ab139b4139f51e59c0e

SHA256
b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

SHA512
56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

Filesize
217B

MD5
5f94bac29151b394b7b110f3810db0ed

SHA1
63f3270a173dc9a306d9188b07348063231add38

SHA256
8da666bf7f8538c2958e1a2e79005f7c9f72a72331c1c14f107decb432779fcb

SHA512
d31cf25cc0244f2fb5cfc788638ebaaa8f7fdf44a7f5f56055e529c6fa4ce5288d5cb2667eb8313f3329daf845a5448f2a86d7f7c0fcb604e1287d7ee21ec36e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json.tmp

Filesize
141B

MD5
fcc0a4014782f3927e71baeddd2dfe68

SHA1
af19885e5f719a6485066c6317361c6858d70fe4

SHA256
a4e0791db84036961904babe1a29dcf3698bdcd8b92389dda01c699f2ee52ecd

SHA512
338fbd72c9c4e657feb9ae548601e1bd1da1c4e1ec9b7e475b34fec1feace6af6161404cc91a2babe8d6aa758a460975d859d92915d6297f48e866a5653acbc8

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
d860e60b571887270aeede4ee03ad945

SHA1
7248f473aa1b6ae4c872cc80d639a18ecf8686a9

SHA256
b6bdfe181519c6bd72dd340c119c4a8af2bd567a514db7942ef4abcddc375576

SHA512
68ff6234bcb4f8b3738abd650a23166cc16a66cec95b7de519ffdc69060c4fa42884119369438abb49d55eaad34df2ead4c654880a04e93545c95c068e310d7c

Download Submit