2cee09ed857190b86fb172149b110ef981b07da7cda52f2c0b71dee7d1676928

Analysis

max time kernel
299s
max time network
293s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-09-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cee09ed857190b86fb172149b110ef981b07da7cda52f2c0b71dee7d1676928.ps1
Size

2KB
MD5

74b11b2ced42657dac71e2bc9d3bdb3e
SHA1

6ed8eb346f88fa603a0fd6fc5c7564491f7b44bd
SHA256

2cee09ed857190b86fb172149b110ef981b07da7cda52f2c0b71dee7d1676928
SHA512

85afe0d2f15c198a84546ca50ae3e0b07a1e4fb4d9bc0d4cc59ae2ca2335a1ff146be4158479cdd7f9a595e9c8bb6bbed6819c6aec8b4cbeb1444188dd6dc526

Score

9^/10

credential_access discovery execution stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1680	powershell.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703319066724611"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe
4664	chrome.exe
4664	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1680	powershell.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2124	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 4664	1680	powershell.exe	73
PID 1680 wrote to memory of 4664	1680	powershell.exe	73
PID 4664 wrote to memory of 3928	4664	chrome.exe	74
PID 4664 wrote to memory of 3928	4664	chrome.exe	74
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 484	4664	chrome.exe	76
PID 4664 wrote to memory of 2760	4664	chrome.exe	77
PID 4664 wrote to memory of 2760	4664	chrome.exe	77
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78
PID 4664 wrote to memory of 1476	4664	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\2cee09ed857190b86fb172149b110ef981b07da7cda52f2c0b71dee7d1676928.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa36df9758,0x7ffa36df9768,0x7ffa36df9778
    3⤵
    PID:3928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:2
    3⤵
    PID:484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:2760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:1476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:1
    3⤵
    PID:1468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:1
    3⤵
    PID:4396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4640 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:5240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:5248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:5900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:2164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=2128,i,13169850562596701542,87465236147164081,131072 /prefetch:8
    3⤵
    PID:5976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.0.1838664627\2047717308" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c63b6c31-146c-488b-a466-88cd80e58cc8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1764 21398308358 gpu
      4⤵
      PID:4104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.1.678790094\728373455" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4940ffa7-6285-496f-bb1e-f06d5442482e} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2140 2138c174e58 socket
      4⤵
      PID:4872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.2.1832284986\569574437" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2920 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffd51811-204b-4197-a0e9-1af63d9e96b3} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2600 2139b405058 tab
      4⤵
      PID:2332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.3.52232427\244881068" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaaa4702-385f-4d8b-8213-c7fa056b3fe8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3708 2139b98f358 tab
      4⤵
      PID:4184
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.4.1657497418\152795303" -childID 3 -isForBrowser -prefsHandle 4636 -prefMapHandle 4644 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f49e573-2548-4eab-bf16-16f5a652e2e9} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4640 2139d7c5158 tab
      4⤵
      PID:1656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.5.320934715\1928755727" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {158c46da-e05d-45de-ad7b-123edc8f8bdd} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4688 2139d867058 tab
      4⤵
      PID:404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.6.1032741833\21913905" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed07f6a7-8785-4871-bd93-7b17a662f097} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5012 2139d867958 tab
      4⤵
      PID:1184
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.7.712411585\1759764895" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5376 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69145469-a973-441e-8263-754c226d1be6} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5360 2139f2f4a58 tab
      4⤵
      PID:5652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
19a5fa96e8a67bd3b96445b3d5b83b91

SHA1
66c9f4078139fda44c026c882b59ffbed5aae36d

SHA256
722ffeac941295d07f7b1555c4c137edce3ffff7955f652f89583e72b32a0134

SHA512
06eff353c7fa05adf5e506460bbc8653fd5387818aacb9162084ea733ffbdea6c86d926bf2245900038a286a8b85b2ab31a524dfa7277a19e57bae34aa18fe5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e7790639bd55f70fc719dd923d1fe82b

SHA1
8a62adb36bbc2fa0cda2ae73c49e18d1c2b9c88e

SHA256
ebba82f1c3253fe3d2a83bd7dddc6c2af0f75c86b87721c3c42f007f77c49842

SHA512
f7fb8e15ed398affdaa85461b7b451aa1945f526e39d1e1a96b4e6cef01ca0afedea0bf674a9534cadefee604e256fe58e7664d75cb276a771dbd74423fcc77a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca22d1669deed39a83a1c6cdbbbc8b11

SHA1
b8efe060b339962d0a25f37d2fadd669a311008d

SHA256
b5ae6438b230265ccd2ce00ed033220af4281ed2393215f4b8344c159892cfdc

SHA512
d6cd011b19702e1497ef8aa0f2fcdf1a28034cf6dfc5d06a933875498a5f6f5360172d221d47d572d5e6ed03d3da87df1648a2802af716f6252f00bb43bcfcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9d3951d678af1febffb7614b829e6ac9

SHA1
eebe5dc607b709ea50813118b6287c310c50248f

SHA256
c0e596c8cf7d0254bba14f9cbdd7bcd2966d378d5443eac9cfb6a2f29dc5d913

SHA512
5f4bd664300f6edd0886dcc2e44f44ad8e8dacd62d3971fd41c4972d1eb92ee4651a51d36e6f87cc22a0bba6fa70a4a923e5e241866799d1c981e6381c24eea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20a5295a6e30a11addcadfece92dbe14

SHA1
b11a9a19103f51eaa606401a21313d778e9dea04

SHA256
2f3388acef419d5ac0c27a0d11e05d95744a7c679bda55de8d30f8de60c5cbab

SHA512
99f4a7dd56a219919d1949b7b0b56c0f74176090bb4160fdaa2654053d4c038c8a82bfeeea06647b543198741ce56c4bcdacf8374a34d2956547c887c3262a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2068e246e49833602afea521d93b3b44

SHA1
365db8b90cdd14b5aba0876d8063c5bf9bd11f62

SHA256
afaac257f1e65f6edbc9a5220f1a7c6827fbb0cec82983069bbc732e2481d3d8

SHA512
defc3e51b5c942e9af5b9d3ab2edad77c022c2cb80a9a1d8be47437061f5b030c05518b9df679c1e57257e36e5a95a92c6a31f72e57585d953a647b0781e67bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
21c801bf202f86cefa60488fbdd72b30

SHA1
ac48c71075efa7e241fbc1ef0eb5091f7fabb54a

SHA256
36f692da0102fb536a6484b006bebe87577fc527a9bb014cbd0e8b3fd1094c7c

SHA512
a354fbd1e6c2103529ade85bae18f91e17b6991f89ddd9e204c2034c6313d14ecc45ef8affd2aaf0fe328e3820f727c75a5d298a82678c9577fd9fbe638fd395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b1ef5283e47dd7de1e2853072d2dbcf

SHA1
4a30f06f107ee0955528ce658ea6cfd9bdacc22f

SHA256
a2fa25dda601ec57782e878d6070e16ee6b213cba5cbe5d209c7f0feb807fc0e

SHA512
f1000fa967ba933275105b23688ef3f5d7c0e9f68f4c54d5a7480773c6b53ffb5b1fa6824261017628eb657eb204b499b4fecbe85c8d6ebeb28f951bbe5f09ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77e989d181a1e6de0ab2f0df697a7b54

SHA1
0c25b8934597ee818599f43b25a2c37c6778df45

SHA256
99ab8296d0e9e2a295ba24d60ca7e64a6091efe10d69e85d7882d219cc5f40a4

SHA512
660752fc485526455fff7fa68b192101735e85e0c5d3e4e8f2246ac10411dbe408eb009bc4de697055162c5786af035ed07e4ddb4c7dc03e1cb18fa41dcf0f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0580061d4e2ce1e0bc8739d26742e90f

SHA1
539c712af655868e8bdcabe0060d8a98a9668983

SHA256
2bbcc0231c0b2ead9a82b69fb25f12a22b1abcbaf2299fd2a815935dfc00399b

SHA512
967f6e5b158311e6132f3babee590f14d60d155e76485fa91f1c7c386d0bef63209d88068521ea11988745cabd59ed4a7a01eb19a0bed74aaa61088207bf6f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
15d65f514e02ed00764184d810a4077a

SHA1
a2fce50e86c9069896f2e1fc5c7ee68ea35d72ba

SHA256
4e8f095c76cba0899e454ba99f256d4717b24ba6bab2e6e3339a2d8354e69a94

SHA512
556da974bd6e2caba748d3ae243e3c334a83c777182a138f4f0f64f8ff7585b53a1a6b7ff3234522494a8c3ab39b8bad4f165b49bd3ca246c2ea069994d03968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
303KB

MD5
6aea2c68f4116b2f8947a5428345673f

SHA1
05c630f1e71e58e975dacddff8ae4452a3ab639b

SHA256
f223311ab96be0cc527f054a2bbbfef9c00c0e4d3b355b9801da4ab29c4a2b17

SHA512
38a3a49cf6b666a8eaccde923274eb25e404d87a696099f5cd0a5e414aece2e7900a1b2784b8cde8843c2fc9b6d40b1406b5f1045be14a57bb1534e8f4919f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ilm1xey3.ovv.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
1686f7cf7c4c3501d062175357b23c80

SHA1
c087487911c453e9fc8d6148da6eee2b30eb0aaa

SHA256
1d35d89f659919e426866571cac2212b7f7ffd4aba0fb790dd093fea9ca8bf36

SHA512
14c7b733d77423bf6f9a6e18794da779255dd5954c5738a338f7b97de4005d638f335317cc2f1e97dc9f2f924831ba8f5266f1b06d8bf5074eb9fd7499d78a9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c94e5a46784a387b369e21b91ed20ac6

SHA1
05d57f02556a13106251ab2f1abaac0a40e1b5d9

SHA256
22e2e7496c0f1c13087da433ca1e42e58631ffbf33973797534f4e79f5da67a4

SHA512
f247da75b41bf8901215e155549663c00b69e347f25fe40fc7c8ec3b3c095d31f82d5333fc197c319e310363ee75c96cff1faa62b0cf254cac7845ec695a6b31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b854b4bd-cc9e-441f-9525-4840d5f7f1e0

Filesize
746B

MD5
d7ca03e4b73a6cd6bc7cf3fe418dd8db

SHA1
7c312fe65703a0f0f2fb8b1b61cb3bc2ca8653fc

SHA256
02d5a7a99260edf75ec8ca660b17eb273ba83262ea4162242e969a25186d2013

SHA512
b3a7df4b366c75cca4208eeeade4f681c643f27c65e2f4d3df25b863b99783d1db39e5489006831a5a06c9df23ea7058b23b919cf4b3c4dd6857fa050d0845ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c74084dd-e877-4f2f-a7f9-93daa0242c99

Filesize
10KB

MD5
59c222891e9ed64f34210a9ffb645d25

SHA1
7b0c1a87ed09ec28765289a28661403555ffd695

SHA256
093d100f8d13c66df1dbc9958cac04e1afcddef0236a8bef2bcd4586346bfe7b

SHA512
64394a819463dd77c7cf0779474b4f7682f630a6f63eb7226a97cda2e1fa32a010de5b55de6b5b7afda57f60b706288764f4381f574b392f18795403c40d5c81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
2ad404ce2db26eb55a6218662116f068

SHA1
f0f0f97f57c5ef551ccce197d63215f5dd0b91b9

SHA256
53602e5e27458120444df981c3f6515e157bddd9b37f4891cb2474ffb1a74f5e

SHA512
6453861e2a240294014b5c3488c91fa712e1c3298b4cc104c949b9fe4485867a4170d4198fa9b18ee7d4ff51980e0905db758bc4606e51e7f507bdc5ffba89b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
99c18f3925ae5e049110fd4eccd15585

SHA1
830a0943afebeaf36275d2af7e20d64ec3e13df2

SHA256
4fe9ee842a4bbe8ae2c0692bfe06f6d7a5dbee90442f23043087f6ba086531cb

SHA512
0c287783cd116b59ebb31df3b8be2c74b158bff26d79daa5478c6497dda1aba16cfc088a035c8ec1da17ea733348634eea84b8cd489c9d5e83e2ada045800298

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
671f0362e711114b1e1b668c23d8e90e

SHA1
ea87d2b137c8b6bac3f9ff4cf9d7044960a15f6c

SHA256
fd168e17f0c0f11fe91534adc460d007b934ab64444e3c7fe90029e9411f4c7f

SHA512
0628ba89bb95ffb9751e0510e2e041893859979711267ddcefbb25823e679456db8dd69f4f259c25c9fa344eb24fb9d226fc7075deab923906bca218c64288ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ac67c2dc01246b5aafb8a654dfc74280

SHA1
a6575d4e4d7da58b7810762c99728f8e204d12d5

SHA256
e9bfe9c25a0fdc9918ab4e67dd09773819d70f3fcb71ed0cd1f8f0b7e6f32f3a

SHA512
7bb79896e4136de5460af00c58c40f2759fda04e7996bd1aaacc666bc756ca9ef0aceaee27db2481d97ed63f85b7be8892359f2d16fe09763fcb4218528f6689

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3d58ab5560883c7d3550946cb037982f

SHA1
c9e25c57bd17980bb3d99f24196d53c6c3cfaa76

SHA256
b2937fbd8fd3d1c348f31d40a3565967ab3715165938b2dd6daa2b4c86d3daaa

SHA512
b062e8db5d4c5f75504532cde1cf0dd66b6eee45f71fe40697faeb7b93667f5f1e1d9ed76bc29b5359d789f4bc7618f2967ae02027fac7c9342cefd65306b810

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
950c0c099f7879cf853300e3c75f3aac

SHA1
ea7427ef5e3d7e0fdee319313472c60ebb5367db

SHA256
b0b2d408b64da9081bc298665cfea1bf396da37238b9d9651536e77be6576c8b

SHA512
fd7eb0a3361404ca855965189c5d87b0bdd91c0997ecc7b4a73f80c3bf7e8aa3d5e3afc28a615f545a53ba48f9ed97fdbbedac67f7807f07957a61603bd9e395

Download Submit
memory/1680-0-0x00007FFA3D2B3000-0x00007FFA3D2B4000-memory.dmp

Filesize
4KB

Download
memory/1680-52-0x00007FFA3D2B0000-0x00007FFA3DC9C000-memory.dmp

Filesize
9.9MB

Download
memory/1680-51-0x00007FFA3D2B0000-0x00007FFA3DC9C000-memory.dmp

Filesize
9.9MB

Download
memory/1680-9-0x000001DDF03A0000-0x000001DDF0416000-memory.dmp

Filesize
472KB

Download
memory/1680-10-0x00007FFA3D2B0000-0x00007FFA3DC9C000-memory.dmp

Filesize
9.9MB

Download
memory/1680-7-0x00007FFA3D2B0000-0x00007FFA3DC9C000-memory.dmp

Filesize
9.9MB

Download
memory/1680-5-0x000001DDEFC60000-0x000001DDEFC82000-memory.dmp

Filesize
136KB

Download