275d6b580575e85f19ee93bab87c0ca43946e4a5fd2bf998085b637ab8a306d9

Analysis

max time kernel
300s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
12-09-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

275d6b580575e85f19ee93bab87c0ca43946e4a5fd2bf998085b637ab8a306d9.ps1
Size

764B
MD5

af3f72b481949ae50ce1685ddc982c54
SHA1

bcc6defe91b1cb7bf0f00b7cba5cf4a78c64f0b6
SHA256

275d6b580575e85f19ee93bab87c0ca43946e4a5fd2bf998085b637ab8a306d9
SHA512

21b9d1f0d5bd5a495f7fa24145dda862dcd1c96a4a5bf7abff82dc0bff865bd4c3f8edb2dadeab2b6bd3e8ecb8526e4335c656cbbc65f77f17d8e34c98e44b3e

Score

9^/10

credential_access discovery execution stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3608	powershell.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706541846777043"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3608	powershell.exe
3608	powershell.exe
3608	powershell.exe
1044	chrome.exe
1044	chrome.exe
3532	chrome.exe
3532	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3608	powershell.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeCreatePagefilePrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4016	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 1044	3608	powershell.exe	72
PID 3608 wrote to memory of 1044	3608	powershell.exe	72
PID 1044 wrote to memory of 2856	1044	chrome.exe	73
PID 1044 wrote to memory of 2856	1044	chrome.exe	73
PID 3608 wrote to memory of 2468	3608	powershell.exe	74
PID 3608 wrote to memory of 2468	3608	powershell.exe	74
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 2468 wrote to memory of 4016	2468	firefox.exe	76
PID 3608 wrote to memory of 4116	3608	powershell.exe	77
PID 3608 wrote to memory of 4116	3608	powershell.exe	77
PID 4116 wrote to memory of 5052	4116	chrome.exe	78
PID 4116 wrote to memory of 5052	4116	chrome.exe	78
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 3528	1044	chrome.exe	79
PID 1044 wrote to memory of 4104	1044	chrome.exe	80
PID 1044 wrote to memory of 4104	1044	chrome.exe	80
PID 1044 wrote to memory of 3536	1044	chrome.exe	81
PID 1044 wrote to memory of 3536	1044	chrome.exe	81
PID 1044 wrote to memory of 3536	1044	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\275d6b580575e85f19ee93bab87c0ca43946e4a5fd2bf998085b637ab8a306d9.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa3b479758,0x7ffa3b479768,0x7ffa3b479778
    3⤵
    PID:2856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:2
    3⤵
    PID:3528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:4104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:3536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:1
    3⤵
    PID:1448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:1
    3⤵
    PID:4176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:1
    3⤵
    PID:2228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4604 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:1
    3⤵
    PID:2132
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3156 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:2532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:5108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:5128
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:6020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:2076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=1856,i,11798484540728907044,12357111014430564336,131072 /prefetch:8
    3⤵
    PID:5584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.0.1995242536\1109215881" -parentBuildID 20221007134813 -prefsHandle 1640 -prefMapHandle 1628 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aab87d9-6640-43bc-8664-72b1380f2224} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 1740 218339d6e58 gpu
      4⤵
      PID:4548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.1.779969221\785075232" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3d46b7f-a938-4c6e-b9e1-fcb2e38478e3} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 2148 218334e3558 socket
      4⤵
      PID:2156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.2.38968333\263708052" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2876 -prefsLen 21744 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7354a452-93b0-4ff7-b5b6-1a0b2f07f625} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 2716 21837d92758 tab
      4⤵
      PID:3832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.3.932290485\626778302" -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21785 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c947b64b-edb5-4984-860b-5db62cc5bfbf} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 3148 21838254858 tab
      4⤵
      PID:3524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.4.1323064404\605813986" -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 26273 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6346b2ef-b074-4c05-9d38-92f9c55227bb} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 3936 2183a070558 tab
      4⤵
      PID:4076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.5.1700283890\1833553246" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5216 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {795487ff-c792-4f0b-b898-b9274acda19b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 5244 2183c564758 tab
      4⤵
      PID:4448
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.6.149259739\1276250878" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5176 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3638c280-788c-4963-ab2c-b33a83065afb} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 5164 2183b5f8f58 tab
      4⤵
      PID:1388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.7.2078940112\1811768777" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e80372-8fe9-4163-9b93-65426d9b61e9} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 4420 2183c16d058 tab
      4⤵
      PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa3b479758,0x7ffa3b479768,0x7ffa3b479778
    3⤵
    PID:5052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1864,i,6997662387059891068,5473011621807045443,131072 /prefetch:2
    3⤵
    PID:3064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1864,i,6997662387059891068,5473011621807045443,131072 /prefetch:8
    3⤵
    PID:404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    PID:272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bde7940abd784d91f9236ffeea928533

SHA1
1d994b328619ac40307ec13707ed98f692e43e01

SHA256
e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5

SHA512
61cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
30b1f1896646b32b30d0ed298146ddb3

SHA1
10108597fe75dd55b5eab779e9aa1bfb57cf9f6a

SHA256
4fd1dbfb538f0ad2939f39c65fc7161d6dc74d8a2df7e5c3dfbc253bd985b1a1

SHA512
9cd0204159c38e03e2561e66c7b111bc3e18e88ce14e4d6e085f3d8fa4e4f9214fd0d00cd3f2789031b89ba931895f1222cb1fc8df85ff57ccbdf375a5f7c73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0d6091e01f308ae00de29e9a135e7cb6

SHA1
1d0f402e5ebbe1c5b27285413afe67189da14677

SHA256
1d81718a30113488091620e690dc15166074a19cd7d5b8e9e5a095003b6b17e1

SHA512
de8cd58a43c3bfe3375a981313ebf354104472ea871d8471ae54ab3f35bb9a1ea1d86c2679d2ec44a2b22cc6e986d079f4c15ad90bb9ccf4345296be9d25802a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fe2bc57c379dd58e4cebe941e157cfd6

SHA1
5a3144470335a1e01a65951acfb9cbe0db9fade0

SHA256
85149f319695793de406b37b196ab86e3945c00d47a76d69339c984aaea2aed4

SHA512
fa98342c723028307eba4c9c2797c533122a900aa7d1a276914d1827bd410fd15bf8e9c4e82614cfd41266764eb071d23a9f12e3654833967fae1f9a1ae679da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
21314a9eaf72f3f2bd72eb4f971ed777

SHA1
cfc8d10fed08937d2dab47032993d3bd7866c097

SHA256
116b5630ffdb536b253d154c76f0fe9a2ee0d1090b299a0b1e907e9726002d90

SHA512
b0c74aab5caba055263423e13354c3c53c9dc5e2a38e1a6159593f9552d05fea018d233391dbbb989e6035015d6922814d341b9073dd31fb4c7abe4b28168b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e2cabcdc4d93cc859ea10f9a631438dd

SHA1
667410e2ed4f7f6dc2418edd500327ce01762de9

SHA256
6b53bd704c91ab5a0a198cadd18677fa3e7532d01faaf9023a04aadc014a98de

SHA512
f2485e9281071b1a0765a680924eae94ed97ac1ee409cc331406b689963f924dec65559d9d632d8bad2037f4e7131203a3bc07c5e77d2e21e7ee0d456adacd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
067aa6bf0255537f078aaf062f209f64

SHA1
a1d26950cd24673bb0136ac60265dff1778cabed

SHA256
3ca7af3a68816990d1d102d5393a310018efd322c82aaff863e25d78af9bf81b

SHA512
91b6d17cd3d60565f0548db770ee9d41ac43b871846419727cb0cd0f8fa9e0a8b312ce30ee9ac8dad1f3788396a86e4406a1be76a7976011f7abc3ce8661ae97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe588a49.TMP

Filesize
539B

MD5
f5328f2a8c69b1e0efa3914cc7f81d20

SHA1
4ef09e9762cee792b174e3d5cb9ee0b5dae4e94f

SHA256
7c4dcc0a5e87e02308ee31a32e22e4e0f3f97d9d71e32c5e0ca024fed47c2c88

SHA512
5747d2f08a2d9d505cba893a42f459dfcf96a7e28707da85a21a642b99f483bc1866a797954d8005bd1626a4f76d66a9e70530d01eb3000b3be342439b661c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
637c3aacc686f4d304034e93c07c2d1c

SHA1
2c03a19fefa1c30772a7575174ef8cac7e182b37

SHA256
dc88da7298e3fc6ca3a550dab92df108cdb8b0da4d80f1d52db52510fa7d6df3

SHA512
ceac6cda790e4147037c3febd2349cd4289b41cfc9c72aa6a055a8bd02ec74fe149e25e416f374efed05c4aca3e60a115aa93fafc5e152584a26dfd32c89dd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
15c113c681bc5ab35d66181c335d7d95

SHA1
763f58cc12caf153463726f4fac3d67d665b8043

SHA256
68bf39c2649cd8b6dc5d121770a81b1958238ee9cc2c5338cd61dd010ac744c6

SHA512
0455af708c7430acd06076524b7b755c0de93d8848983bde649c5e3dced56573f0201a56919d995b7d90ce8f8b6eff34078a1697e44e1b9be8b30b9eafdfc229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
80e71db75cd0f5225b0f6bc0b47584b0

SHA1
1bf8321b30f37d81918a11ffbfeab1e1a4bdf289

SHA256
5d992f6354704bae98addf859e3f30cdadfbfd4dd00ddbf12dd0ed5beb0d9e99

SHA512
fd4dea27aec894dd0b37b96ae9d536063ba1e2a16cc80d415a799a7843b3f4e911d9334260ea3e0b7e241ac6c464d6d78b3cd1ea8b1beac2da5161772ade2dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
4KB

MD5
dcdc2d88df62c4468fde8612db22fb95

SHA1
40d5753a7f3002f2abb9ed9805bb9db327ebcfba

SHA256
806dddf8e7e494aaf29fa0004bafdf8d073870c5236a53b1ec9a3480efa10803

SHA512
67a3ba68b8ba149a213d25311c270efcf9cd5cd1a7865b8367609361ebb0ed164989a0453f35cc7d89375ffd1552a2e744e666f5afe2674eb05fc3641ebe7821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
585c2373676c750b8dc0fb7674d19365

SHA1
a804e2d0da665ef1363f2cc528e4c30dd9598acf

SHA256
0d148c6c91f1a57cbca007ab1cb99861f87072578bbbfa3f9929863c40bac6a6

SHA512
9294cae8d686f82152f37a5b0bd5526e35ca30da0bed5a3cf3fcf3e16395e3e019242b70bbaadf63e7db680e0dee387505cfddf9c65b40307614d478ccbb3c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
5KB

MD5
7e2437dfad62fce42a2fc4e778174ece

SHA1
34dee6e2cebc9199e3615c22fba785a907eeb99d

SHA256
68f1e153eda0a8a07bbb6f633349e2530cc9f74048b802d00943cfe385ee617d

SHA512
15954b7732e5d3a3b3eaf9dbf2f32a9776a7e22216c8114860d2de3454f9839eebe77f66abece24eb86ed805edd2fa4466fda3499157ba37309dc483110b9a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
0a29e3a1fe6d5bbfd0ef448af1d9eb64

SHA1
35abd0638c6f0b2811f4aa2daf291f3be18bda1c

SHA256
91ad15c7f9c3e978c33100bd075ab808287023636d0df0b1f87e66ce1e675ed9

SHA512
fac71e47642ccc9d2264844bb80df2d81f8c0a14770bb727c842e712669746db2e440a05aa831ec5c565930e6c64c332888a5c2b5e12f56c9ffef70a233f2bb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_men2psph.gw1.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
3adb0007453b96135ba421be23663998

SHA1
65858c326af25733a4a85d84680a0c9f2d5c92fb

SHA256
55b33c987b52df0c93bd521308e99fe4615f8f9aec3ae62e6521e992b64aea17

SHA512
d76a112fd3c0578a5ca2037734f37dd5237b206192b35bba9af2a00bda25e2b735fcc49d964c13c352b4ccbdbf97e55dbb9589b9b920c5b7705296ca16240214

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
dbd2a8650ef9a5a671a0ac1284f9dd9d

SHA1
cfe6e88295b94940b4e9bac0dc480626fe3fbb36

SHA256
bfe012290d6e4c25d036264b3b84e3f17e04ac169643449f7ed37488d0d96d78

SHA512
f5cd079a7aacc9e29e8f079ff0526f38177d775c92d3ce06507ac7d7df236dece546bc591e792e679ab65e40aa8504fecfc64eb419cdd18d8080fd62c19e0814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\6d2aad25-cef5-48d7-9a67-08e6b64ca358

Filesize
12KB

MD5
b7001f903ca0d0085431252abc66f687

SHA1
fc6f9da8e98132dbf7a4a6d1678e0ff987816098

SHA256
9e73088804bb3551f731a41423cd34028879e58559cfd58fc36329a2e5cf2640

SHA512
f117bc5535b8d580a06ec08717fbfa18415cc9c7b87bbe688385fcac872b3968e94eddfd75e0e7320e6b7949042bfd420c599dca334322a9fd40f1717585be0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\814f535d-5a63-4b77-a2af-eae89516f4e2

Filesize
746B

MD5
73fd85433bef1586bc7e30991e89c148

SHA1
d9afa6e39e4b21e39e9f353cddde358bea0ca232

SHA256
0f311bd591bb3f098bcc382cb1b0b5555e1d319cdf4ab5612021f892729a949b

SHA512
e67db857afb183fa5a1d6ac6e9fa2469fb20892fee3691d3c5c2e6e45e44a319704b2a39407d0cc727f613cf24d73aee70f00d0d5e395f6648be8d4a0d2b8a51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
285fdc913c1a74e391625f4bfabf1acb

SHA1
4cf6d5e02e6dcda0aa1c7e7c137e4469441c36a4

SHA256
5803ae33731499f8cdf98684d5196d39deff0df11c3a2e5b0146c4985f46793e

SHA512
eb9dd2dd4063c8edbe680d198068f801420a48fb4d589abd419cca4fdbfd329fd8f11917f136945ae8db3fac48d3058308d2e5dcacf23c5e8660710b8f0104ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
995982eff661e217af5346b57167b540

SHA1
43e494c8e6f8df403c67cf8c768036b9ad138c35

SHA256
f52d2043383694c0d8b40264926f52e07d8d510ecb1d82ae14af43e602e8d723

SHA512
5ca48b1ac3d6912852b31881914beeb7c90cd0479901283ada4d336e27e5be01ea162037c4889168ef9cf7c44a7fdf5cf570bbf9d3e07a5bfd92062c5990d233

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
f974249e05f1cad315b704d817efc461

SHA1
4c4584c5adf1b2f382cf0d923c16e4a8587705ce

SHA256
42313ef7db4a57026dff295c55191f42e6194ab1d66ee9e4bc2977bda5cfa864

SHA512
4b58aaa8112960bac0996d69f06eb699e0f678fd8e3ca29d6cc76b562c6833214a878548bcae49c725d0112e73652260060943c078b34746f1769b12538953c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

Filesize
6KB

MD5
077e0a7982d5ab64d983285288fcc948

SHA1
0020e18f2841fb15df9dfc0b690bc3cd491a6274

SHA256
c151a6a9125f0bfd71a9d5e7991e303394d6be2bd9f1b691611057bcbd174a6b

SHA512
b0e8d38551e2db8d56ce1fb90005d56eaefc49ed70c737628658c289869c455fe2a66008c2c1815bcd39a0dfa12f382ecd8fa5fe259c42bd28069cb4974b592d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
db069b64308cab2ad451330ce997c3c2

SHA1
af30f14b2cf3df53cc70472cfc1d01f31a52630c

SHA256
174ff607426a99f7b399f07e216de1ea3c1ff1405372aa6d5888b80ab339052d

SHA512
016d012e7a4d2dd3582b7f4be047a44235ca37e45d9a4e18556e777c04c9432371b69bbc271e208c5c91ac95b114e324f32d2aed089d41d8f1546698570bbb08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
90a95f3e01fece5ddfeb7699ba5a98bb

SHA1
adf6db61e7c756282f109733672ff1ef8b11a35a

SHA256
2a30a7866cca579bf588dd3c9e3d6d799682fb622274bcb32acef9d324327b8c

SHA512
bf36b81960662443550958f0d89a4cc5455f360857dae6af45d76e9b8d54b08295470f032243cec4fd5b605a24d950f5ab77feb4f91ee63a31a3686a080c1be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a844f94c0cc8610d71f4dc0403bb8566

SHA1
f45b62f345ce0e7c514e9bf86d163f3b544273f4

SHA256
9900dcd59cd9a450eb93c38a80f4325dbc4fef929e405c05410187d553c5be97

SHA512
c56093c2d2d04f64c631841b595239f354f041a9176d259375a9df4784631d53871cef66d161eba7c65c8c4100bd820e54e50dce916e504bc2e6d50a63c9a3b6

Download Submit
memory/3608-0-0x00007FFA41663000-0x00007FFA41664000-memory.dmp

Filesize
4KB

Download
memory/3608-171-0x00007FFA41660000-0x00007FFA4204C000-memory.dmp

Filesize
9.9MB

Download
memory/3608-60-0x00007FFA41660000-0x00007FFA4204C000-memory.dmp

Filesize
9.9MB

Download
memory/3608-59-0x00007FFA41660000-0x00007FFA4204C000-memory.dmp

Filesize
9.9MB

Download
memory/3608-10-0x00007FFA41660000-0x00007FFA4204C000-memory.dmp

Filesize
9.9MB

Download
memory/3608-9-0x000001E2597E0000-0x000001E259856000-memory.dmp

Filesize
472KB

Download
memory/3608-7-0x00007FFA41660000-0x00007FFA4204C000-memory.dmp

Filesize
9.9MB

Download
memory/3608-5-0x000001E2595E0000-0x000001E259602000-memory.dmp

Filesize
136KB

Download