hxxp://49[.]13[.]50[.]2[:]5000/

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
26/04/2024, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://49.13.50.2:5000/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-293923083-2364846840-4256557006-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4672	msedge.exe
4672	msedge.exe
1904	identity_helper.exe
1904	identity_helper.exe
3408	msedge.exe
3408	msedge.exe
2356	chrome.exe
2356	chrome.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4328	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 492	4672	msedge.exe	80
PID 4672 wrote to memory of 492	4672	msedge.exe	80
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4648	4672	msedge.exe	81
PID 4672 wrote to memory of 4460	4672	msedge.exe	82
PID 4672 wrote to memory of 4460	4672	msedge.exe	82
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83
PID 4672 wrote to memory of 2856	4672	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://49.13.50.2:5000/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc07ff3cb8,0x7ffc07ff3cc8,0x7ffc07ff3cd8
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,13661996532836827454,5395328296878340998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbf4ebcc40,0x7ffbf4ebcc4c,0x7ffbf4ebcc58
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4844,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4536,i,9565701147188997624,18387421557413659841,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5264

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1676 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b67a259e-442d-4307-9418-c953381ea0e0} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" gpu
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2841ce3d-8e55-4805-aa5e-19970bf2dbb4} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" socket
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1640 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2956 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ee05a7-f724-4f15-8ea7-c34333b9d0b8} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:5276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3468 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69ae4f2a-94d4-45c8-b397-faf2b06ed1c0} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4268 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4244 -prefMapHandle 4236 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7731254-76c7-4d8c-ba01-b3289d616308} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" utility
    3⤵
    - Checks processor information in registry
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5196 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed1ed78-21ec-4b8b-a9eb-3f0c77177956} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:6540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e20f2505-ae5a-401b-83e7-2e3a393733c5} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:6552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 5 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74a8c5d7-7072-4e05-94e4-1433d340be4e} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:6564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4668 -childID 6 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 27795 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {608b2a42-a9e7-4f22-b1e0-8f0a5a253bf1} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" tab
    3⤵
    PID:6836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a7e4a2e422c5a9520bc0d5a921480ef

SHA1
dca1f6e6e8af7dea4c7de5e9618f472835d0ac5f

SHA256
71154eb3bd3212f93cfcef9d48e7eed2dc92de77167e52aa40b24c42adce993c

SHA512
beff2a7f5fa9beb78844a3be872a1de7654b29af95c49621cf695c205b79bcdfc8480b88a3edc6139105234199948434958f0c27a8a471e7d0164b3c81aeb9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c194c001477e233dd527f5af87ba215

SHA1
4b8ac097173976ef4ac6ff397c2f34297312631a

SHA256
327cdb6a698aaa256158dd0e05f605d2223a69a2d642527fb14ecfd2fd771419

SHA512
39703d1a28ecb0952195bb539635279f7a84ce52a013d00f045c51d6649cab30c1a37613fe6dc641fe580cdc5cfd1fced586390e6d9febdf238f066101ed0c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c22e72cd298666dd4dec367f6235d7b8

SHA1
be917a5bf4617b2f72dc44fc26e6d34ad3efd451

SHA256
6a841b42ef5df230d8fb3462116512dd20d60bac2f51c1d6cb59bffa4672d4fd

SHA512
a728dcbd6c1e4a55045d9e8d34e50f2c1d247991f1e49b2d78eeb1a56e2cd0606b1d03ffd69069ffd34928a88b3c9f3ec876ae35c273b719ab4e5c9c0dd2804e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95cdd5afa4519fd242dc6230af762241

SHA1
8af49e2552d6e778a866bfa6b27dcdfef37492bf

SHA256
031ac60076956e1a2aaec2f1df1597490f8af2e7211214ec6b9cd663b7a321d5

SHA512
4bdf210a12ff65035d84ab29c5dce2d7a37bf0b8f65c6b6aafd356437e620a2cd1b4d4675fe3c4d168339411cbe195d1deac6a2e697c0f42e986b70b3bb610e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34aaf5aaf3fc33d8bb299f3de8fd0aae

SHA1
089c7641ba8cf500ed69594aa0087b984fbe78ae

SHA256
7ef65f90132ad78e81080ea914417575b0140d6592656f9e6b169bb0f29e32aa

SHA512
a8f9d046a4c5b8f8fa9ff6e24be0b59c751489a07718278efae16f5bfc09d0ad23957372c226208bda7009c86aed1a4729baafd467b6269e5a5e2caceeba9cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
4be68bd9c07ebbb004c53562bf63f815

SHA1
459eb13ce5269b06d7b1b61fef3e12bbb19503cc

SHA256
4c8019545a684dff7dfa1afe4a9b3eac0df76cf0f8edf05c46f018f3ec39a557

SHA512
f3a1c47ac364b5c115c7c2a4cf64ab0747cc04ad65870de98ef073dc3cfdfc0d278f554c8f80db5974e45072439c2942ac48bfa2b169e7b2df2a869f888c2558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f42f7711-8b5a-4bd9-831e-1d5bd7b9e51f.tmp

Filesize
77KB

MD5
773fc352d2255aa6049ecb33da4b6141

SHA1
0cdaa9af8e74b76ffd70252bfc3afd9b9d1319ce

SHA256
274c9c86ddb9a070532d6d69662853ee87e28e8a685868ac275d403968edfef9

SHA512
b263324b12d76b06e61955863151a98ecabba0160d71c45592b2dba460e21b4653a02eea0c1dd8a6b648340939b6a700e71d18843f25fc0138f4b8d3029558bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a85ad170d758e61ae5648c9402be224

SHA1
e6dfce354b5e9719bc4b28a24bb8241fc433e16f

SHA256
af0da8b5ad8127ae0ef7773bc9c4b145ed3fe7fbef4c48278649e1e3aa5ce617

SHA512
641414d91c993f74b6b71654522359d606c7f94ac0fcca6478d1bc33c30f4a9fdb9ce6f8e281c79a2f9b9670fda8a4ccdd80e7d64347c1f66d8c9ef024bcb09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22cececc69be16a1c696b62b4e66f90e

SHA1
b20b7f87f8bc64c1008b06a6528fc9c9da449c2f

SHA256
d940b85bc83f69e8370a801951eb6b8bb97efbb3aa427664105db76e44707258

SHA512
2b2e548f2c8f84d321ef2afdf31128065c3593b884ca8111b05800960b5378b99c7efa6165d02fba4c11e6e4b49b14e419d89f76d55ef574f4ac2b7d6ecb3d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c327b1224baa72c32f6118f9c1bbdd36

SHA1
f8144062613e0e715540e5606ea56b2ebc7eff4a

SHA256
5186d6a40bb4ef9d9abba802e3e6fa902ca3e4f8e025888aeede196799bd1588

SHA512
8f0ab792c4905096be6c682c35f9ac99f8eff7936f6bf79e334b63b2093f56693a635c670b09a729daa579b031d74e1ab599665298cab56ae92a052006cfc49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b2bce25ab623a4a1a80c38e524aead6

SHA1
d75f4948adee6c42aebf21905f5d0d1547cebf6d

SHA256
66a43a10a46037f2ac471b1f029831fde2b90f16fb6e0654b7ef1c3729432a1f

SHA512
a3bd82522de590f20b2f9fb0b26802b343557aadc731b5f3f6927d117de737dbd3255f79954eb00db1ae26c3cd77c4191e716ecd45016cbb0d3cface7b7690cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f57ea63d8ac35a50dff9cee1d3f4c986

SHA1
560ceff1b5d6f9510d91da8bf96e86de77fbb887

SHA256
346a5fc1e4904bb99ad4c4c4db77b2f3c9f97de4a1ebd9cdf6527eceed7ebd0e

SHA512
a7e49d7c5887d256aed14980264eba3332967a95ae5f288d8523ec47d2bd5f840b03d98287fda2e272d36987d00b71b24020bc7ffc59bcbbfa59440563420ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
23f9e46508ef58628ec03248e9fc532a

SHA1
bcd3c48a6171875894b6e5fbec32d88397e62164

SHA256
7bdd5df410fde3e58a889480dd0909ebe927d2097551ab976a277282f6b29bd8

SHA512
ff9d669be5d7609146e3b5d8729dcc62ed98608a403b063436e107da984967e8d27356c06bbe3a0d2aa1826ba9b346cd4f386e7b8c6b77c4598d9c1f62527aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
22603a71cf5da9211bc85f78c3c18c93

SHA1
a0b8f5a7186f8093d633eac4a4615aba7cc7cebf

SHA256
29d112594778343296e2e0ccb29b70c4b6249cc9c04b30eafae6942caea6cd0e

SHA512
573192e97a35e07eb4dbf109a6a5ccd406d59eff2a2f713f4e9af27f6fb0d7b32e5ed969bb57e3b361535fbd22aa64dbe0f6358361008aeaf6b0cd8011bdb8e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
72885938bebaed3b30039fe0176204e5

SHA1
23d8474d7b62a9fb3bdb7a4523cee1285c5e73aa

SHA256
307315cc941c2bf2c2274cb49ab70b82303a6a0c30664b54eb320ed3bc2f1070

SHA512
165dddb05711327230718c45a8c072c4fb1f0813b1b92404145d486890424e2a04505e30a7dca743544849d9947eb9889dc8699b004414deb90b9f6f3baa2fdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b3c6556e98064ffc6ae5046e9e322958

SHA1
6bbaaaee5ad234008573a087e9c05c1efb6ed822

SHA256
6388165449ea70fc408273ce5a6b12ff229770ea7de4300e8bb1dcd459ae1862

SHA512
7846d756061bcfb46b269dc7c53878e30235bf4cd4ede8cc4dc7b3b4f65aea3bde376582056765063b98b400f9520671345d91f11484fe1e26972939d3810579

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
47ad1c05802f938401d0908bbe056010

SHA1
e76109b79b9ebc6892a8e2b6dea7af04960d5fb9

SHA256
92d1189367503744338db59e60fe9ce5a666f9f193044dce58a441fb7636d75f

SHA512
e7dfdd23b8b3a5e57483b8a0df2eab64c4e36d5f0556a1c7ab2fe850989d2ae5661038e31921dfd98798e84ae7db859cbeb4f12be402980e85f0ba4831f0cd85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\66560aa1-0d35-444a-98eb-2cb49612682c

Filesize
982B

MD5
7e6fe83bd4484e5c45408df5833c7e97

SHA1
b30642432d8ce31cb3f23bcce37b3331ca66d728

SHA256
6a2d3a9d7e056370af834dcf6bd891d5614abd13f5a028074b743452854de226

SHA512
9f65ad93596e2a8cb5cf10f8cec90228b8bf5f7a0eaa86dd04e054132f720fb7d9ff875ac0dbde076550fca258e4bf96bd0e11328716ac349a61155e192b90d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\b0b1e2fc-7c9a-4a39-99dd-b59146880e46

Filesize
671B

MD5
679178fda56257f139485cf007c2eeff

SHA1
a2eabfc7d6a1ed774efe1f4c090a006287b5d244

SHA256
38e9a9d9213ccebb8eafb6bb8425052f5ff1bec8690ef65eae65b957c904440e

SHA512
ed7feb2d911553e90c74385b228e07c4b818bd05a45df047e2b8a95b0ef5650562941fb61d0620fa04ecd3d08588c53bf63f110d3cfe3aa796fc93c37ed297b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\f55b32e4-2716-4adb-9145-a35a915671e0

Filesize
25KB

MD5
b11a0ee8955bbaf0d7eb499e6ee30f6a

SHA1
06efaa4a4b513c8ac38177c708360a7c7ec87208

SHA256
e40fb11afd247b998a7dde73c7161741654545b5bcd8f2ecd12a5d0fd4b92212

SHA512
7e0daa4ee98dafb5736253f85d7033c412b6ba1f25f8c5c6b918be34c1b1b26a8719ac6890f524612b1d1024877427006618f6611185318ce2df38035d50742f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs-1.js

Filesize
8KB

MD5
e72e2381b116bba3f848e4be3fa640b6

SHA1
8789a7939ecbe0da8a85d9ce5459bba0d7d6db69

SHA256
f4924f240a0bb2bb3e2d8766f355b0771ad1d881b00caabba43b503acb97d9c4

SHA512
64dbbeea6e327429ea71f5184058e124b397f81d52bec6364af5eecc77a0d726a5f1454b7d2bd97b6898de2f304fcf5ee2b36a6db20686cbd1c559292abe30f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs-1.js

Filesize
9KB

MD5
26acccd6d19c313903bc482f10edb297

SHA1
2af62f6b8e791f45b3ceffd8de8add3331dd311d

SHA256
3647ee489391d588ce508c48fb705999cf9f4e653ae49c7d4e488875aacaee55

SHA512
7bb5a8eb2df384824d8195a0cea1bfc9aab5a5060ed0d6eb0cb2317a9e5a34df60bda2981ceac333d92b3c54ccf2e618e483ed49b0ce499b270f31358b25bc73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs.js

Filesize
8KB

MD5
84df6425a2d88ccf77e03818e1fa382a

SHA1
4af4e612175f041c340189123bb248b861aafcce

SHA256
e7188c5c25c4bcc1a5ed21b58b032c8ea615320c7f7865536bfe1789c39334c1

SHA512
23f0ade14d2d2af00dda9099bc092ecf17e8247510a5ecfb7b2219a8b37ba14fb54275f5275840c9ae007cebf8f24aef95c6b0f47d6ba3becc64ebe963ab65ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
cd367ebd0884dd8f67241f23d04ff7ec

SHA1
67471d7b713f78376f273890507ced46c8346a1b

SHA256
eb6bfda10573a5efc12ae96dc7e1fc9446ef16ed868d6d0d6480c06ae3041594

SHA512
63d21bcb8bf4c2fc4dcd9c47a2067e89042ab0b84e9b6cbd3402a1cd7da5226e72802182b591755b5d2894966a91b1fc77b8945e406c62a22222cda2dfcfe656

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
614871a05e94a9818f84e93c0f37cde9

SHA1
75d95dc2fdca9ee3906f3783757398eda2bb15ef

SHA256
121b1a88f1f9b4be44649b949b783bb2d77951670bf6adb5584d2cc54d648177

SHA512
21ff97146c2b44e3c1bb915fc86942bbfded4f02eea6ed6d8424013d742578f0f0dbc3c2abcef5403240134c7a82fb589776447ea11117cff444a88874cc48cc

Download Submit