hxxps://nighty[.]one/download/NightyGo/NightyGo[.]rar

Analysis

max time kernel
1199s
max time network
1174s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17-04-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nighty.one/download/NightyGo/NightyGo.rar

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4956	NightyGo.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577986521893947"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NightyGo.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5484	chrome.exe
5484	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4396	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeRestorePrivilege	3464	7zG.exe
Token: 35	3464	7zG.exe
Token: SeSecurityPrivilege	3464	7zG.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeSecurityPrivilege	3464	7zG.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
3464	7zG.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe

Suspicious use of SetWindowsHookEx 61 IoCs

pid	Process
1184	OpenWith.exe
1184	OpenWith.exe
1184	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
4396	OpenWith.exe
2488	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 3124	5008	chrome.exe	80
PID 5008 wrote to memory of 3124	5008	chrome.exe	80
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 1940	5008	chrome.exe	81
PID 5008 wrote to memory of 3572	5008	chrome.exe	82
PID 5008 wrote to memory of 3572	5008	chrome.exe	82
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83
PID 5008 wrote to memory of 1672	5008	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nighty.one/download/NightyGo/NightyGo.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb3d4ab58,0x7ffeb3d4ab68,0x7ffeb3d4ab78
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1820,i,6005815456191371427,17004731348768561267,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5484

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2400

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NightyGo\" -ad -an -ai#7zMap28707:78:7zEvent17412
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3464

C:\Users\Admin\Downloads\NightyGo\NightyGo\NightyGo.exe
"C:\Users\Admin\Downloads\NightyGo\NightyGo\NightyGo.exe"
1⤵
- Executes dropped EXE
PID:4956
- C:\Windows\system32\cmd.exe
  cmd /C title NightyGo
  2⤵
  PID:2444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\NightyGo\NightyGo\config.json"
  2⤵
  PID:3104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\NightyGo\NightyGo\config.json
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.0.1711787799\1364252739" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1724 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f4f5088-50b9-4ed3-b3e5-217517456e54} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 1832 2ae6050cb58 gpu
      4⤵
      PID:1512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.1.1905481175\17131749" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02206784-20b2-4442-bef2-61779bf037e3} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2376 2ae4c285058 socket
      4⤵
      PID:2368
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.2.1986263378\2066234841" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2924 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9b02a3-fa34-49fd-bf34-f49458674a38} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2908 2ae6342df58 tab
      4⤵
      PID:4352
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.3.661104230\992797574" -childID 2 -isForBrowser -prefsHandle 948 -prefMapHandle 2516 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed55b022-9312-4ef6-930f-e5e0230ff3e0} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 3340 2ae64bb8458 tab
      4⤵
      PID:868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.4.882211556\211940970" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4604 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1143e092-7e3f-4685-836e-31d6997036ee} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 4948 2ae68559b58 tab
      4⤵
      PID:5260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.5.435165750\940830236" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d778dc0f-c894-4202-8140-e3127e20f6b3} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5228 2ae68556b58 tab
      4⤵
      PID:5268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.6.583289165\1383753813" -childID 5 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f69b23e4-cbf7-4e3f-9c7f-62997bdedc96} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5532 2ae68557458 tab
      4⤵
      PID:5276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e72a0faa207b65e178d305181e0e353d

SHA1
ba58ac1242d7f0857b1fcf442368fefabee2cd86

SHA256
749f978f055ac483bed70be1bbaa8149fdf371ba0e7988639e984fd93eb42447

SHA512
49ecccb16b6f6bee1069931ad2cc1728c4e55f0388764de896009245fed7a7726c002092b843be1861b76cea01b43d962ead318e933f412faf9cbff579b6b1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
26dc98044046cabc9f9b2a5f9b40b3c3

SHA1
6a49a0e5af30ee20991652d4bfc17704390acbfe

SHA256
65548f9f1b13abc3eaeb7ad6f343c1b8c14269c20bd848d455b71e7c95488dfa

SHA512
2ff2f5fef287da44e2c0623302890d1630c07c680e0441942e99fcee317311aa57a0be81bedca8950a8c27ccf18c68d510f2d6e299fa60c13cf5c6c96f54d195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
d2fdf518fef2b21f9ab4f3b1b3e07f1e

SHA1
88af0071f586cbf9c3bc6841498643aee0be2297

SHA256
6ede7858848258e4fa0bcaa3e305861aa483bde80683a531be384d498aef15b5

SHA512
9205ef609abb727a72aded9571e1d0365da3acff9df71c156e6a3e69d239cb348ef194e1441bde164d403099ffa659d4f6e6119785db8a969ecc83bf7936f0e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
752536bce6c5a0945de32c11f625ec7e

SHA1
175be8279e5f9d622d851de2b90b2576c73796ab

SHA256
e82b268bf5e4279d75603bd57bfa27aff6d53670620a614b7c4bfc3e809da870

SHA512
c0ab1e4d47d260d588b0b492d0db564d9700ffccb55074c3a4686e120e1c4f9713fbae5765e37489845bc9a6882f7fe45d0d5884ae2ed38f2d2b901109c508a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
7015c1bae645bc86b9c0332de1b4d81b

SHA1
8940bb728852e7bcdc1adade9c03ef2b10654eae

SHA256
a752ea92a15bc470ba96f44e56416843ee7fa61cb131f61280205bc009530331

SHA512
2c7292b3d51d04ec7201274dbbdb44cb632eab37ffdf75bb27fbfd5183984f6e13f86158bebfd60538d8b31b3f4c1b08dc7cda1ab72986ef0cecc9533c22c31b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\cache2\doomed\30347

Filesize
10KB

MD5
a3fed261d6ca0ca8fad0b8147131f215

SHA1
9ef965d53f02ff2f8845a9786aea25883e987272

SHA256
3426c5904a23a92fcef7631078b6d02a77955bd26e241340ec2d395923002a17

SHA512
839bd863ea60d75b4bfc2053d51db620c542dd3ce57a7280ee124d3bd1665f7ceab43800f7807becb84d289349b64c3473b1460f84b91e6629630acba747e052

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
6eb0bb54d78acf704c962925f3424e3e

SHA1
26cfa7faa9d1971de26bba9277ed55ce6212a723

SHA256
5ef73604ac8d889a784de3c89c99c0ad780e5b0e701654ec2504af902630c16e

SHA512
6636db4e4eb37dbfad70637c5f5894affe8f82d0bc13470393ae3d85fbeb982dbfcafbf9e3ad82f884882ed8313821bfe96e414f0f7662955034564a47e8b50a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
1adb3acca60ade1eea98c9a147921e3c

SHA1
bf9009a7750ee6741dcbc7d80f73a7ecb3a40813

SHA256
ccbeff3f250f3aae88c185332036b7bc43597fd0d4abe3cb211f1d7efb0a9ab1

SHA512
3df9288bf2955e2c0fb137f3f8551b51916073b964e5083ef1ba569eefaeec005ec18d34ea5c8bdbba07157316a07a48e1a851f83737eb538e24761a840b14f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
7bb0d91d09cc64e6f66e96e5ca062f23

SHA1
1bc68ed89c69468c57702cfdefc52602e05c92b0

SHA256
0f9f2f2b00ea9d94d4c52c3e63aeb4c13714157519c51269ad46ba3e3abc0d11

SHA512
8dcad9f2762b3a394611850897548a59fffcfebf0399daa6cbce5fcc25db303c77bb698fee030092e4c8d0b469ecbfcd9008e5ece6f9ba0c0377a0237817754c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\bookmarkbackups\bookmarks-2024-04-17_11_n88ne-BoA4Wvg9Ej7CBfDA==.jsonlz4

Filesize
1007B

MD5
2f1a0575fc32803a5c3d02aca567778c

SHA1
9f09319e7f2275cba1226ce82b9c4e8e5e812a52

SHA256
8a15e5f51c886008e8b25e5732de9b1a5e881d762fc77061110194bd4eee508b

SHA512
bdef8978f437ebf5d948a0cfbe6fd2ddd1f255795ca1fe923a0172741d7dc4eb03fbfafa608975c844e16da842e8bc6a2fe6037b649f2f56a848d28c97f58548

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\broadcast-listeners.json

Filesize
216B

MD5
923ae8f55dc39a136c84e648d7a0f19f

SHA1
315eb29585ff4c0473eb0fdde62e8726a87efa15

SHA256
fc560739133a6b00b279603ab29971b5268c2707f5d1e3f8420396601fbdf0c1

SHA512
c5f74be85c0053440b0c85d2df973204c1d60c83f61d3d980e1991f05f3a5b34d342728bfaf1af997659908868f64cb9d7478ef99b3908a61aa0fb42abc3cd2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\extensions.json.tmp

Filesize
37KB

MD5
60746cb7b9d544b44b63dcf52e38e057

SHA1
4c4e2ed5ff667e54c1938322ed64b1902320f9a1

SHA256
49b64e52c01a030d53eae39499cc9c2104d0babc34d41f0a27c14c943f85014e

SHA512
81877938258c47396326f86d74fd648174fe749c96e34c506eeb38b354edb7c20018a01bd650e1f7dbaecc55e674835d438afde80abca8d63176b039ad414408

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

Filesize
10KB

MD5
c42aef1ffe6cf56fefa8973f22cd6bb0

SHA1
76e5afde1bbbc19b3c1af979330931fcf1f8f228

SHA256
86b960b56987f44c31168004dfa3be7141923fe40a24a8bf15059d19e226df11

SHA512
cfcab54cd7054720770c557e907e8c33308d2e35fbd2f8293dae84d19e60594104b082777fe5f59bef5d31278db99357b70d5bc74d83def46ca920331d9680df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

Filesize
10KB

MD5
3eb1095672711c276e61a69f62eb3546

SHA1
9d6030fe7617d4e70339631e4ec27e521c95fd3d

SHA256
e38ae6d299dad95b1d35bf5778b17d43fceea8b774a72e613f09555286cf92b0

SHA512
23b2ef62999ad7b25c2be3cad1eaf104d823ec12dc43b27136ca39bada14785d8e133585b7bc55a9676742dd30d7e7f57680c52ee70fa80b425709fd8033239c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

Filesize
7KB

MD5
849454b044ff81b4a80e8bb470d19d68

SHA1
db2706e4c7accfc7d8c0ff6254e99a0a11e5af5b

SHA256
4bdf49ca8d5f022a4984a19de90cc8b396e9ee188dd69d9f8a829b3eb06f4953

SHA512
cef4c86aadfc4b1a047a58071d617260db6453840ec6d7c2b607f5301d16408ab84881a915b315a55a06b9dab3548bc46b627b77b74d674f068a199c8e264458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

Filesize
8KB

MD5
2fb9b0a7ed235cfddfed4238dd95d1c1

SHA1
8eec61138d8e2b4b025bd1b304f9e25387bc49d0

SHA256
d9984d758051d22bb3388aed63a6c8441606d145dd5618c17f25e289fa3991f0

SHA512
e12ddf3244456a10d08268adfc6effb6527472140ffbd17f2d4fc33bf20a6bc8886027b642932d27619583959f259f5646e0a96feebc8c04684feaccbe9fa7a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs.js

Filesize
6KB

MD5
917ae6f93a6286cbcc7246024e3862fd

SHA1
e4dffc3846c979c9a843181e182189482b3841c5

SHA256
6b7bc2ba314ab0f131d56f68affca8bdd2652260a1032aa1358f5ca23c2814ee

SHA512
99fe24bea98f67de299aa17de2a8c4f08c019ad5767f9cf236e2859cbc046e4c9e04f928c1c35c7a89c553ac1601a714034adf23e340b9e3c5a5ab838d8991cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7f453ea956c24e85fc89b7aae04335dc

SHA1
20ed49c6f07e13821e1a06c32dc79052090a22d1

SHA256
0ffd26e8d98f1431ac7070b516d4e2a80ec962eb724a90ae9958f208684512e1

SHA512
f0de578d111305e3fee1a84a2e016e3bd0dc8da731019430f372d8fa646e918163130f43ef8c09370c095abc6654420d033a9e13a8d1ccab4380c87d4d1ea132

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\targeting.snapshot.json

Filesize
4KB

MD5
196fa869a28f4536419059cd32117061

SHA1
3067c50a51c39cc549e64905b49fc2c25bafd654

SHA256
d61d595273b7ba76512ae2adcbfe49ae17a7caa3f1d8090bf2ffe20f25564c41

SHA512
6dd2b54610c6b8aef7d11d0d0e503b46f2bc713423b347b5fd41e34934bb098548d611df9d808cc18d967f27ddd6e0c6b02820e6481e48844845f7a2e29e7cee

Download Submit
C:\Users\Admin\Downloads\NightyGo.rar

Filesize
5.8MB

MD5
94b834ad8a680aef58980761c09e53ee

SHA1
2709a20f0083083546e33988b83bba4ccadd2380

SHA256
72d72607279e1add253c86dc2e664027dd1f495fbef456cb7415ef36dcf3901a

SHA512
f9cf3d2162c5b94ec0d539ddc6ffea7d99add0a06bfe5bb0d3a6ca0badedd3ffc0812db6ab696cc4c7158252240004cc26805e7d9ec245ae7cba149e5b91956f

Download Submit
C:\Users\Admin\Downloads\NightyGo.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\NightyGo\NightyGo\NightyGo.exe

Filesize
12.7MB

MD5
1e19d9cab79ab2f7089e9b35c09c5de6

SHA1
dc8f115c2f077f2626f483a757d664b4a903af4a

SHA256
87defc7dde33f78c15ee397d1aaef962eaeb21236ebc5ef749a49904df0bd22d

SHA512
0dc41e4da2546fee7bd72982f6f514a44df2c47f4a0a40c0c18fd8d117600e3ed27b2972dacc3fb91c5211c7c7194427e9b19b3404cbfdfbe83342aa4dcb14a9

Download Submit
C:\Users\Admin\Downloads\NightyGo\NightyGo\config.json

Filesize
278B

MD5
32dd2cf69aa5e24eb3287fd13c38c195

SHA1
7c2682d984f4211c5a2a082c156cee84542a3696

SHA256
c4522b95034acac58f3a65b8688a87f301d5425c7e235573b57a6b822f637ad7

SHA512
076869080dc4c97ef90e96f05bd4b6ad9c49c876fd2853bfd002301e17dc7d13429060731349b62b1bfbb6f2d1ab45ba3c28a5ba5e8ad2fbf0b56251a7bb89d8

Download Submit