5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85

Analysis

max time kernel
2099s
max time network
2104s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25/02/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OpenHardwareMonitor/Aga.Controls.dll
Size

142KB
MD5

f17be368ade3f7cfbb6aa9dd734ce328
SHA1

ff123eb412975eefa4681f35a6c1caaee3180bd2
SHA256

830e520caf3e89dccaa3c12e3bfc992221c164f2319a2ba57e402499c24290e3
SHA512

4c9a91b5a1d86d49036e66ad9adfba6cecfdc76c4b025c0b5a120293a18c867d42b728d59208333e0e4272cdb91d86bff4025d4915e2883ea62260abdc8080bb
SSDEEP

1536:GYmlkg0y3iUXMjL1cbQVVkRnnD+Bf3TZvX+gA3v1Pbsw0C5BDdL3dSyGZ4s8pnqo:GtocbnU3TVO3v1TeC7dLdDsMqo

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533180677373362"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3032	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2976	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2976	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2976	vlc.exe
2688	MiniSearchHost.exe
4844	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2956	3908	chrome.exe	94
PID 3908 wrote to memory of 2956	3908	chrome.exe	94
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 4456	3908	chrome.exe	100
PID 3908 wrote to memory of 3424	3908	chrome.exe	96
PID 3908 wrote to memory of 3424	3908	chrome.exe	96
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99
PID 3908 wrote to memory of 2604	3908	chrome.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OpenHardwareMonitor\Aga.Controls.dll,#1
1⤵
PID:4664

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UseUpdate.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3032

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ReceiveExport.mpa"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae40f9758,0x7ffae40f9768,0x7ffae40f9778
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1804,i,18050893007947772961,871821325528129711,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4976

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4720

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:720

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2116
- C:\Windows\system32\dashost.exe
  dashost.exe {78551c09-b304-4548-a3f1b9d885352fc0}
  2⤵
  PID:3132

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.0.1027535274\630363399" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75f66bef-4c06-44c3-9cf6-e23cb8bd7268} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 1888 192aa5f0c58 gpu
    3⤵
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.1.2044002453\156641137" -parentBuildID 20221007134813 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1edda4a-e509-4ca1-b866-7eae02d67e57} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 2260 1929e56f258 socket
    3⤵
    PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.2.1021430625\1808206012" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88269ac7-6899-4c4d-8517-88c215f7c49b} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 2984 192af7a0e58 tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.3.787143288\16900179" -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 3360 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b1df69-2afa-4979-8f96-61142db4b5ff} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3372 1929e55ee58 tab
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.4.1439959590\879513924" -childID 3 -isForBrowser -prefsHandle 4628 -prefMapHandle 4592 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0041bead-179a-4987-9170-dbe97863ea13} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 4640 192b1c41958 tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.5.2077594854\1740239580" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4848 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {109e1806-05c5-4dad-94f4-7d6ba92dbbd8} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5008 192b1d7b858 tab
    3⤵
    PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.7.30280726\839789959" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36dd7974-001e-427e-863a-c1c8539384b6} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5356 192b1d79158 tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.6.1423352276\1784835489" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d04abd-aabc-4370-a1c6-0efd58b36d20} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5168 192b1d78258 tab
    3⤵
    PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e97ae47c4b04dfc3f8416e1e6d09de49

SHA1
67c979c6b0cbcfdebe7377e775c6a5b920613f7d

SHA256
09d05b4c2b1c0302a12aa5e09fc14778e42f6a0f5bf6e90dd47d26ba8a1400a2

SHA512
8634fb5c150df01c2505b31fa9d2c948d622087e165156c69d96360935eb67d320d5513576b9ace775ed4bffaa691c6d683a274ff3d5898ddae9c5318ab73140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e461dadcec3145db05e7e308cc5baeba

SHA1
f3c557e1afb6a29cc8d4e1b8592185e6b4bb6c63

SHA256
48db7d89f8b3e0062cd2dfd272b73efb8aece8d9e9da9fccf5cf963e95051899

SHA512
3c5b925d39d3d5a71e91750d7a29d260fdf7eff4b6bd06ed4aa226e4c95b362a992402cc97c013436d305c47a08fb489bd5b4522aea2f2997c7267018b02859d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cbfd17819c1bbe281eb404304ed7105e

SHA1
ed371b11d75f5e2e769b58dfbfdeea029a7ebc7b

SHA256
e0d49caffc3916567c6c34291f6af06b28efb5c19ec9ff9d442cd8968a33224c

SHA512
d592f5a65d30d446e2401eea391cfc27676e1daa9190f4be54785e5e4a1a287776dc4ed8d3cbb6562969ea29f5505be75effa05164740347f152a49bb095f3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a0a2210d081b7bad7e82f6afd4866045

SHA1
19aa535785a450f84df14ffe63c2eceaab1fc09f

SHA256
2b6813e2b506dd420cb2468af3dbc8589174231c5d32043031ab8c8d192badc7

SHA512
9681eb922e41a33dab32d5df0dc53c1cd204a2763a60e4dcff4154c61b0c6e924c9db415df1dae64ac29534d18ee138c723d2485962d22de04c8a8424b61f53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a073ad8cfd88dc16dd1af1affb445f74

SHA1
82551c953eb59fbc319f55206e1d80c21f7e2c18

SHA256
b1c53f108e19b89d2c04008ab32e8d524cc6adf68614977b958b20cc5be798cd

SHA512
7ccabd8df8cb55417fd891c9fa928504c96031b82c545a95d09f15908bc9521bedd3fd4b4af7670abbc7f36b8c7bba277c2b44a35c4edbce11b79be8877192cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ba6e1ac03a89ea7d50c2423af117ab0

SHA1
d7d3b82d28c7df0de16bb734bd88ac3674a600b5

SHA256
6078b015293a30c92787803e171c4ee843eab415ebca42b4f417b1d58c4d8d04

SHA512
506c9ea55f35ec08508144191f13be88ce39d8d07ffb2d7ffa70e248fe8e48f6ec14e646c997a537a21183537562715d356f9012caf78be11c36b269186cfe35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0659b251958db736e2dcad1a8d3a072b

SHA1
5b28070e5cba84b685c917b15835b7dba4bf59e3

SHA256
0d9a0f5b1584587a88ee7a7e7ce106ffad937c50c49b827841eaf5bd499840a7

SHA512
3681da7ba0288976ff186567ddb4faa00243d15a72ab718958806df250324953b25f02cab4288c03378288bb84c4ad51eac61b8f309cd28d3607a8e0520b550c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6f8adef49475eb16bdc271c21a1b5994

SHA1
927e038be3d4fb7a4f7bed0eb899985d7bf4af19

SHA256
6f4375e2025925a81441448a7279e5e351c62c2d4468a80314dba0816e81dfe3

SHA512
a6cb4f3e1828f062b55ba9e4fe343ce26a8b50f2f3ba1649314312a96f7bb5a19bd79d4db001406ea60859e19eea0349da8dce09310c3f6b2f80bfc78d63a6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2b159d03a40604a01bb448e15de3597e

SHA1
c523f2d321094c01609ccbe354e1090d46aa5034

SHA256
7c545c31db7cf4508be6deb4fff6a670048a6ad6b0f1be0641cf0c175ed8c6d4

SHA512
01e3c83567e22cbe8e7d4de73f7f7d757f09dfdd7fa6dea54a91c9ebd3b974e5e88d45cb6a4502d2aa69fc5370cca798b1981e10e5d3d81a1ccbc0e597150a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4c6332b7b51c7a22a6cfd9bf5ad21061

SHA1
dfe689925730299d931bf7c9021ff4d9fa81be37

SHA256
011e3fdd6dbf495580a807a68e1486c5f5c9c70f5c89074ac5ec2acde2f2e20e

SHA512
f1d4d57d56bdaed8743be822210c04477a17cb0265b543219340aa3d51796391d0c26aff0e9f4b2591a165f5c1f38d2cee381f3cd881fe74663afa7923df8568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-2-25.73.2580.1.odl

Filesize
1KB

MD5
32d401086cdca57bf2a5c232846c157e

SHA1
da6d484a8e3f3f11451d16e6273622e87b540531

SHA256
1a3518918ebee07a8c2c59af28dcbfba8eb4d48a6447beb1f5643fe41b0f3419

SHA512
3be79f17d2b3ed93d4bb0038351c783011687e5c623fef34ded0b5c90e8e50bb85a1c2bb5897d8115e28653b6d8e268ad4667053f753380852fa5738af9a25fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\doomed\30079

Filesize
10KB

MD5
2765d38476613312e607a5fb79b8446a

SHA1
7101e0717fe5195cd2096988c2134fa236ce6d8b

SHA256
f303aa6882ad57ca7c8efefe1d1d9e0f4263b11be9cbbed8d68eb4f30025e993

SHA512
dbd4be7419ff1c41752d8d5fb57122b29712e8359d9fe0967bd1e1e9e8e074eb27a70f232970b7b1d74e51934cffb0c93afc1813fbdd2e7e3ab2aa0e2553e9a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
8fe09b1b1a93758000aa2319c8d8222c

SHA1
2afd1f1042436371da722873aabd4881607a0bb1

SHA256
07cb90f0407dc3c5b0c7f28c565a1e50d0d4670a72a4c37aa81c38481bc590f0

SHA512
beec15704aadea3c94697551177461fdb7c5484a1a79495662c3abea8af13a50c00b7e77ba48aa877cbf783fbcbcec8d9a2defd452c99fcc83ac95006455f789

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
de446736c3b8ed524e27276264259164

SHA1
868b79fe262495262b02be93dd8a77f2ea575698

SHA256
b22ef570831297af3a00761c374a2548f143bdfd05afe9f28796eec257aa3a03

SHA512
c2d1840c6d75f218604f04c767cae1cb7a112f48c0a7f559d1eb0e0d13cfc9b73c3551b434df453ced02fe0f150eefe6dee902240345648d7a782719ec27bf16

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
77375d17a8241aa06af550428e413cee

SHA1
ec13b23081e0a9cd92ae4d944deea5f5e0f036e6

SHA256
45d3a9dec1354dbdaa71102c669564b4ed52f1981fd657550f6c1babc20982eb

SHA512
64ba1637e51aa95f61c25c46fe20e597bbcae509cb0f1cd71bf26aa1841b2bb4e06e2941a25cf94addeff2f097d84feeb7fbfbb05729f3cc921dd076e95da56c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ba4566d4e668584082266a4485ba5fe5

SHA1
0987db3506d4b1e972e3775f6556faa9a4ffa045

SHA256
66e50c41046d5ef001037dedb53999505bbf2dfbaf2a4741e24cdc7663ad9eb6

SHA512
7e700ba3680f4637b62d50080b485abdedad70b03eabe8483361a9758199a8ce0e26e046f24e380d97a22e93248f29bcd949e97a5a01f56bcd23fd9459b32875

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.4MB

MD5
bd09dc6f6321365f18293ae0aba85d50

SHA1
9dfe111af818548d522f53da70cee3e6b2ca73f3

SHA256
26cae4f37e7a12bbdfe173be7c95f5898d3b9ee51de325f1066fdf60af43bac7

SHA512
608a2c27334fad6c808e20674d014e55d4fff6dd0b1d2f5bc26a501b66fd50e4805e92a772f7b073bda9e8a43487afbbe40ff99d2ba62e42ff2c35895eba43de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
e48c45f3fd6bf016b2f2bd6d756a9ba6

SHA1
352d9f73748b8e32b471ca9e9bb8c284b3dd678d

SHA256
6d2a29e4b84f5aedc3d1848084d62af78eaf38afff57e4339884a6b0fec80c0b

SHA512
cf77fd8e950825190269fed560945e2592fd62a8a444603e5bb73f2d82eaf10f7d0a56bd0656b9ced2cbb7a9a249c2829a1e22ce1b69de44785fd80d98d05665

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\bookmarkbackups\bookmarks-2024-02-25_11_BQdq0UHuBKeF9mmhxOAwFw==.jsonlz4

Filesize
956B

MD5
590f2fbcd9bb03835bf9dde75767b3a4

SHA1
fe0d9cc805cb531df2811a908ddf3f59dfea8312

SHA256
1fdc2ed26c25f9ad280b1a188d5c857e4275e81b57e659961104e202e70b983d

SHA512
4963c060444fd86e3696b7e3631f56faf5b08a743600faf2239605585ddd797d3084b416b3e47e303bd3350e62a480391f39e52a5f52a1cd8bbfbc5e12773537

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\broadcast-listeners.json

Filesize
216B

MD5
25c6fad6ddc82311d27a37c5301e7cab

SHA1
3abed88fe4aa0628ec3adc738b3c9526b6b5738c

SHA256
2070c63106712892a341c063873ce5541e1c5f23bc9fa7ff094874f86f2a1c36

SHA512
dd901834322b56ce4b06b9ad3ef1241289e52a6bfc139d4ed74770023d14a939f8ae1ec69a9343ab30c07acc452196daeefcf87980f9f6da43d4e75758e0c4cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
40e811e179b423e76317d6ee9e206e80

SHA1
10486c832de612e8c9dde62c86ef304d80d8629f

SHA256
f25fdf1153a1aca6ef78c066ce99c2b2fe50c29896e5e72338e339fd400ae7b6

SHA512
2202b9452175772dd1b72e687e2ad64c61326a82a0508ec54b281ff0b26e0872ba318bd12746cdca4df3b3546a4340763141d02b78812ea0a6d8efb11d580317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\a4509c8c-83dc-4219-bf2c-239d36467f4f

Filesize
746B

MD5
d41b34d21ccc853076d5fcd9adbb8447

SHA1
b9010195b410414118645b1b454f38b1c507b048

SHA256
00c29a150e34f74d40afe90f16017bacd22b2a375eac7ac1e5b86f4da12e8f1a

SHA512
e684c52b1213571816fba34af3c2014e5449b2abfc848984cb14f96ed57627ecaf9db6db4606ede5e26aab56bc3ce5dc11a20da15a5513e6a9a5c299e24a90cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\ae51a1cd-63ea-4f9a-9b55-be1f8246a1db

Filesize
12KB

MD5
f962ec8caf005cb22105abc49dc77f48

SHA1
4cf4d3bb82dca5df63686884604f30dbb5855d30

SHA256
b9a68e89a7f89324f7e69e4c8cb9cc8121bc9ecce618010a216d0405a65e9650

SHA512
f2bc18377c39248b76d290484ea04d2ea547970214bf14927cb4dbbe0661123fda345a7a40bb8370459a76e16ffe19f74d78ee557812b83292ee25faa783fbf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\extensions.json.tmp

Filesize
34KB

MD5
1ac541f5dbc6ef5cdd66259c4370b73c

SHA1
2fad7ba1ffa03b1196e1f541578101e3a401d49d

SHA256
1e0a3c82294d3b1a264582e0ca9f331a11191b20ad8e338f151c47e89963e83f

SHA512
43a638c0142db8cbc07edce39b1a23862af5aba5bff6621609f6f7531d3a4442b9c48bf4a868be0c5af987ff072d3355f4681f90e3ad12352e302b3387a067d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
5.6MB

MD5
9a6a9b2f091216b1013f1476bdf144cc

SHA1
c54e009158e690c5a15c5ce6a26e207f41261f85

SHA256
2d1b32c53328592fc995df95009d4024b871cc51f2ad9886a1737c3dea3ffd90

SHA512
f751dee4d49f3c3544877155666211a023c4914ddbf16624bab3f2e5136d00c5c4346c3fdf462af7eca6a7ad65bd43d5b7de07e31d06f9a571e63b94ad422962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
e79b75cbbb32fc6a51d4cbc34d41828e

SHA1
ac7611c70a3fa759d1e126dbff2eb9118250aa4e

SHA256
da58dec38dea138818a36bdeb56cc58f4a8e2a25102ee9c64e92dd9cc116aa2e

SHA512
f2d1a13338922e0b4a5aebc9631256fcab6865e46134639555df27643a389b35ef8a9c04e06040498d68bd4d98c495c6a4becd7eb4f236a616592a787ec2ce3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
9KB

MD5
f5f227f1fd1904dbf62ebcc346795cdd

SHA1
90d0190ad7892b815aff3ce7ea4a6b9dfb1fc62e

SHA256
e3759c7507f8d3b96f8b025b2a20de5457168cc60c28f4b6a557b6583130611b

SHA512
2b538b4b0a127bbc953b798c48a14687ef7600ee266e8a4ec11e2f4e130b983a5be45fc10d67145c7f92081d275783ace3c270d4baf0f274b97978049d1746cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
9KB

MD5
135d3c263ac5d932d238de9ba754996d

SHA1
1e6a877bf761141d294590252304c471dcc31bc5

SHA256
fb788335946710e7bb999a91d21cd304a6f6ed2fc4316edb24800df1412f091c

SHA512
ab7531e07c7d4a8ca50935efd4c45b695051aea681b630ae51bdac2ac3d5ebf925379c7e6560785abca553cf0df59818eeec1955502b53e7341a15e8efaa59bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
9KB

MD5
b84eccf80d6863710d92c666c43ae40f

SHA1
9cdb2132da7b8bd7c12bea4ad6ecc62a1b8380a7

SHA256
6aef93ef047d50884a7fe6445726567d3abcd9f143eb8c93f85cc005ce847eba

SHA512
2a541243ce45ad6425f0ebf5c6c371c3ecc0ffb678559830a6a6b6b5d169b8044f6265efbcfb55ccf4e50c00c811f352df7321140059ee4c13994d1806910b80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
e3d0c955a0e7e1538defce369737dede

SHA1
d370d44604286a93ddebe7374e8b921ade78e2bd

SHA256
c45f41ef94ada4badcb9da89baa6fab545fcc22f6e69e3ee155f97e50cb8927f

SHA512
7c766b44136b5911ed621c806a8484d437df5ea747cf12bf6b027fb183b3aa3adb780ff49128884aa7e7388baa36c34df4e2cf6635a126637e7b38442a6491fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
42bcd02bbf1fcfd716b0fedb073e3a50

SHA1
6302bc68773e9c90dc04a3f0dc9b16c1abbde316

SHA256
4a916f81561124e6bc5fa8fabbb7f6bc9cde84aaa64dc70e56ac0417b3918a0c

SHA512
e58ac6e54b7cf6c5751de45518f5079fbe35659e50d45f0739b417dc6bf6f0590de5a5bdee912eb3d2a62efb471782798175a44dcd9c2f972792d49c5162bedf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b644499d0e4236a4427a1750641813ac

SHA1
3f497bdcb94de0c1b6e8272a2e6fb741a7ce3a1c

SHA256
e47572f549c6795b507f8b90ef8f05038e6b5a04a18eaca98531a1319e494357

SHA512
448e48d8e8959a9e5e4a836e38d4fff9027096ea1ec818e1422a1ca078b030aed8e577209d855097829ed9ea8b90e17ec81be8c320a9f53d34dd40058a839213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\targeting.snapshot.json

Filesize
3KB

MD5
b00021d8347391d7fadd887aceb87c38

SHA1
98cfc9bf64fb560e13cd1a3b38fb823d771036b0

SHA256
c81b1781d5bbb5ca7d1fcbefc9b0d7c94978066a438724bc2242e1f1f001088d

SHA512
c0d47269999c920c8fe1403e91f0ab4dcf51464d9940b93715a2a95a292da39ee4b5255f95f6116a84b14c4f3c340181435b8943e2964e6e020ff20b634666e5

Download Submit
memory/2976-41-0x00007FFAE8A50000-0x00007FFAE8AA6000-memory.dmp

Filesize
344KB

Download
memory/2976-49-0x00007FFAE7D80000-0x00007FFAE7D93000-memory.dmp

Filesize
76KB

Download
memory/2976-60-0x00007FFAE61E0000-0x00007FFAE6215000-memory.dmp

Filesize
212KB

Download
memory/2976-61-0x00007FFAE61B0000-0x00007FFAE61D5000-memory.dmp

Filesize
148KB

Download
memory/2976-64-0x00007FFAE6100000-0x00007FFAE6111000-memory.dmp

Filesize
68KB

Download
memory/2976-63-0x00007FFAE6120000-0x00007FFAE6181000-memory.dmp

Filesize
388KB

Download
memory/2976-66-0x00007FFAE60C0000-0x00007FFAE60D3000-memory.dmp

Filesize
76KB

Download
memory/2976-67-0x00007FFAE6020000-0x00007FFAE60BF000-memory.dmp

Filesize
636KB

Download
memory/2976-65-0x00007FFAE60E0000-0x00007FFAE60F2000-memory.dmp

Filesize
72KB

Download
memory/2976-68-0x00007FFAE6000000-0x00007FFAE6011000-memory.dmp

Filesize
68KB

Download
memory/2976-69-0x0000019CD7180000-0x0000019CD7282000-memory.dmp

Filesize
1.0MB

Download
memory/2976-70-0x0000019CD61D0000-0x0000019CD61E1000-memory.dmp

Filesize
68KB

Download
memory/2976-71-0x00007FFAE5EB0000-0x00007FFAE5EC1000-memory.dmp

Filesize
68KB

Download
memory/2976-72-0x00007FFAE5E90000-0x00007FFAE5EA1000-memory.dmp

Filesize
68KB

Download
memory/2976-73-0x00007FFAE5E70000-0x00007FFAE5E82000-memory.dmp

Filesize
72KB

Download
memory/2976-74-0x00007FFAE5E50000-0x00007FFAE5E68000-memory.dmp

Filesize
96KB

Download
memory/2976-75-0x00007FFAE5E30000-0x00007FFAE5E46000-memory.dmp

Filesize
88KB

Download
memory/2976-62-0x00007FFAE6190000-0x00007FFAE61A1000-memory.dmp

Filesize
68KB

Download
memory/2976-76-0x00007FFAE5E00000-0x00007FFAE5E29000-memory.dmp

Filesize
164KB

Download
memory/2976-78-0x00007FFAE5DC0000-0x00007FFAE5DD1000-memory.dmp

Filesize
68KB

Download
memory/2976-79-0x00007FFAE5DA0000-0x00007FFAE5DB1000-memory.dmp

Filesize
68KB

Download
memory/2976-77-0x00007FFAE5DE0000-0x00007FFAE5DF2000-memory.dmp

Filesize
72KB

Download
memory/2976-58-0x00007FFAE6340000-0x00007FFAE6571000-memory.dmp

Filesize
2.2MB

Download
memory/2976-57-0x00007FFAE7CF0000-0x00007FFAE7D02000-memory.dmp

Filesize
72KB

Download
memory/2976-56-0x00007FFAE6580000-0x00007FFAE6617000-memory.dmp

Filesize
604KB

Download
memory/2976-55-0x00007FFAE7D10000-0x00007FFAE7D21000-memory.dmp

Filesize
68KB

Download
memory/2976-54-0x00007FFAE6620000-0x00007FFAE667C000-memory.dmp

Filesize
368KB

Download
memory/2976-53-0x00007FFAE6680000-0x00007FFAE6832000-memory.dmp

Filesize
1.7MB

Download
memory/2976-52-0x00007FFAE7D30000-0x00007FFAE7D5C000-memory.dmp

Filesize
176KB

Download
memory/2976-51-0x00007FFAE6840000-0x00007FFAE697B000-memory.dmp

Filesize
1.2MB

Download
memory/2976-50-0x00007FFAE7D60000-0x00007FFAE7D72000-memory.dmp

Filesize
72KB

Download
memory/2976-59-0x00007FFAE6220000-0x00007FFAE6332000-memory.dmp

Filesize
1.1MB

Download
memory/2976-48-0x00007FFAE7DA0000-0x00007FFAE7DC1000-memory.dmp

Filesize
132KB

Download
memory/2976-47-0x00007FFAE7DD0000-0x00007FFAE7DE2000-memory.dmp

Filesize
72KB

Download
memory/2976-46-0x00007FFAE7DF0000-0x00007FFAE7E01000-memory.dmp

Filesize
68KB

Download
memory/2976-45-0x00007FFAE7E10000-0x00007FFAE7E33000-memory.dmp

Filesize
140KB

Download
memory/2976-44-0x00007FFAE8A00000-0x00007FFAE8A17000-memory.dmp

Filesize
92KB

Download
memory/2976-43-0x00007FFAE7E40000-0x00007FFAE7E64000-memory.dmp

Filesize
144KB

Download
memory/2976-42-0x00007FFAE8A20000-0x00007FFAE8A48000-memory.dmp

Filesize
160KB

Download
memory/2976-40-0x00007FFAE8AB0000-0x00007FFAE8AC1000-memory.dmp

Filesize
68KB

Download
memory/2976-39-0x00007FFAE8AD0000-0x00007FFAE8B3F000-memory.dmp

Filesize
444KB

Download
memory/2976-35-0x00007FFAE8EC0000-0x00007FFAE8ED1000-memory.dmp

Filesize
68KB

Download
memory/2976-38-0x00007FFAE8B40000-0x00007FFAE8BA7000-memory.dmp

Filesize
412KB

Download
memory/2976-37-0x00007FFAE8E70000-0x00007FFAE8EA0000-memory.dmp

Filesize
192KB

Download
memory/2976-36-0x00007FFAE8EA0000-0x00007FFAE8EB8000-memory.dmp

Filesize
96KB

Download
memory/2976-34-0x00007FFAE8EE0000-0x00007FFAE8EFB000-memory.dmp

Filesize
108KB

Download
memory/2976-33-0x00007FFAE8F00000-0x00007FFAE8F11000-memory.dmp

Filesize
68KB

Download
memory/2976-31-0x00007FFAE9100000-0x00007FFAE9111000-memory.dmp

Filesize
68KB

Download
memory/2976-30-0x00007FFAE9120000-0x00007FFAE9138000-memory.dmp

Filesize
96KB

Download
memory/2976-32-0x00007FFAE8F20000-0x00007FFAE8F31000-memory.dmp

Filesize
68KB

Download
memory/2976-29-0x00007FFAED150000-0x00007FFAED171000-memory.dmp

Filesize
132KB

Download
memory/2976-28-0x00007FFAE6980000-0x00007FFAE7A2B000-memory.dmp

Filesize
16.7MB

Download
memory/2976-27-0x00007FFAEEBB0000-0x00007FFAEEBEF000-memory.dmp

Filesize
252KB

Download
memory/2976-26-0x00007FFAE7E70000-0x00007FFAE8070000-memory.dmp

Filesize
2.0MB

Download
memory/2976-24-0x00007FFAF9530000-0x00007FFAF954D000-memory.dmp

Filesize
116KB

Download
memory/2976-25-0x00007FFAF6E10000-0x00007FFAF6E21000-memory.dmp

Filesize
68KB

Download
memory/2976-22-0x00007FFAF9820000-0x00007FFAF9837000-memory.dmp

Filesize
92KB

Download
memory/2976-23-0x00007FFAF9660000-0x00007FFAF9671000-memory.dmp

Filesize
68KB

Download
memory/2976-21-0x00007FFAF9FB0000-0x00007FFAF9FC1000-memory.dmp

Filesize
68KB

Download
memory/2976-19-0x00007FFAFA600000-0x00007FFAFA618000-memory.dmp

Filesize
96KB

Download
memory/2976-20-0x00007FFAFA180000-0x00007FFAFA197000-memory.dmp

Filesize
92KB

Download
memory/2976-18-0x00007FFAE7A30000-0x00007FFAE7CE4000-memory.dmp

Filesize
2.7MB

Download
memory/2976-17-0x00007FFAF6E30000-0x00007FFAF6E64000-memory.dmp

Filesize
208KB

Download
memory/2976-16-0x00007FF746DA0000-0x00007FF746E98000-memory.dmp

Filesize
992KB

Download