Overview
overview
10Static
static
3processlas...64.exe
windows10-2004-x64
$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CPUEater.exe
windows10-2004-x64
1Insights.exe
windows10-2004-x64
1InstallHelper.exe
windows10-2004-x64
1LogViewer.exe
windows10-2004-x64
1ProcessGovernor.exe
windows10-2004-x64
1ProcessLasso.exe
windows10-2004-x64
9ProcessLas...er.exe
windows10-2004-x64
5QuickUpgrade.exe
windows10-2004-x64
6ThreadRacer.exe
windows10-2004-x64
1TweakScheduler.exe
windows10-2004-x64
1bitsumsess...nt.exe
windows10-2004-x64
1pl-update.cmd
windows10-2004-x64
1pl.cmd
windows10-2004-x64
7plActivate.exe
windows10-2004-x64
1pl_rsrc_bulgarian.dll
windows10-2004-x64
1pl_rsrc_chinese.dll
windows10-2004-x64
1pl_rsrc_ch...al.dll
windows10-2004-x64
1pl_rsrc_english.dll
windows10-2004-x64
1pl_rsrc_finnish.dll
windows10-2004-x64
1pl_rsrc_french.dll
windows10-2004-x64
10pl_rsrc_german.dll
windows10-2004-x64
1pl_rsrc_italian.dll
windows10-2004-x64
1pl_rsrc_japanese.dll
windows10-2004-x64
1pl_rsrc_korean.dll
windows10-2004-x64
1pl_rsrc_polish.dll
windows10-2004-x64
1pl_rsrc_ptbr.dll
windows10-2004-x64
1pl_rsrc_russian.dll
windows10-2004-x64
1pl_rsrc_slovenian.dll
windows10-2004-x64
1Analysis
-
max time kernel
1268s -
max time network
1273s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06-07-2024 19:00
Static task
static1
Behavioral task
behavioral1
Sample
processlassosetup64.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
CPUEater.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
Insights.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
InstallHelper.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral8
Sample
LogViewer.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
ProcessGovernor.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral10
Sample
ProcessLasso.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
ProcessLassoLauncher.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral12
Sample
QuickUpgrade.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
ThreadRacer.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral14
Sample
TweakScheduler.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
bitsumsessionagent.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral16
Sample
pl-update.cmd
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
pl.cmd
Resource
win10v2004-20240704-en
Behavioral task
behavioral18
Sample
plActivate.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
pl_rsrc_bulgarian.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral20
Sample
pl_rsrc_chinese.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
pl_rsrc_chinese_traditional.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral22
Sample
pl_rsrc_english.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
pl_rsrc_finnish.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral24
Sample
pl_rsrc_french.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
pl_rsrc_german.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral26
Sample
pl_rsrc_italian.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral27
Sample
pl_rsrc_japanese.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral28
Sample
pl_rsrc_korean.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
pl_rsrc_polish.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral30
Sample
pl_rsrc_ptbr.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
pl_rsrc_russian.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral32
Sample
pl_rsrc_slovenian.dll
Resource
win10v2004-20240704-en
Errors
General
-
Target
processlassosetup64.exe
-
Size
2.5MB
-
MD5
079d9a59d53120f4835d58728a8a1614
-
SHA1
8deb42134fe9d06e91c36ae196b0448c1ddc5e80
-
SHA256
257f8251ab61b944b75deafc681030a20b6dd5ae03b8540d8f482a6c291efb96
-
SHA512
cb572655f3a7b2c8767b9813b45e1ab8b76d16f6e7b29b922b0ea756091fc55663c4bcc935a71854e1049713bb51b3bc5c73827a3885bbe7ac0f84ef0303a14d
-
SSDEEP
49152:K6+yyE+nj/76iNaWWHLjbZx8RI3DMl949upGnH/FrjWdTlxUZRS:Khj/76esbZDDMoApyfFrjkfiS
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
processlassosetup64.exepid process 4036 processlassosetup64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
Processes:
LogonUI.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "231" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe -
Modifies registry class 2 IoCs
Processes:
msedge.exefirefox.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3642458265-1901903390-453309326-1000\{F6A63B67-014F-49C6-8315-1288574EAA89} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 936 msedge.exe 936 msedge.exe 1612 msedge.exe 1612 msedge.exe 4736 identity_helper.exe 4736 identity_helper.exe 1660 msedge.exe 1660 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 3800 msedge.exe 3800 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 912 firefox.exe Token: SeDebugPrivilege 912 firefox.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
Processes:
msedge.exefirefox.exepid process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 912 firefox.exe 912 firefox.exe 912 firefox.exe 912 firefox.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
msedge.exefirefox.exepid process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 912 firefox.exe 912 firefox.exe 912 firefox.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
firefox.exeLogonUI.exepid process 912 firefox.exe 912 firefox.exe 912 firefox.exe 912 firefox.exe 344 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1612 wrote to memory of 4856 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 4856 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 2084 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 936 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 936 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe PID 1612 wrote to memory of 3420 1612 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\processlassosetup64.exe"C:\Users\Admin\AppData\Local\Temp\processlassosetup64.exe"1⤵
- Loads dropped DLL
PID:4036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd1b8446f8,0x7ffd1b844708,0x7ffd1b8447182⤵PID:4856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:2084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:3420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:4152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:1628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵PID:4540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:12⤵PID:2588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:664
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:1068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:3856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:4452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:82⤵PID:3728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:3716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:82⤵PID:3676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:4040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:2488
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:3244
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:912 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.0.1773487849\887653861" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {931adad1-4e0c-468d-9fc3-f35ea9b2d81e} 912 "\\.\pipe\gecko-crash-server-pipe.912" 1836 1fc24c0c958 gpu3⤵PID:4424
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.1.1618575362\1090854837" -parentBuildID 20230214051806 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70bc75f2-5488-4f3a-a253-8a1a34d47730} 912 "\\.\pipe\gecko-crash-server-pipe.912" 2400 1fc17d88d58 socket3⤵PID:2376
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.2.1474303951\424337465" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {311fa2f6-046d-499a-af04-2b18b2497340} 912 "\\.\pipe\gecko-crash-server-pipe.912" 3108 1fc275f5f58 tab3⤵PID:4728
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.3.1994452487\1312067526" -childID 2 -isForBrowser -prefsHandle 4188 -prefMapHandle 4184 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {048572b9-c5d1-40d2-9ea8-016386d280b0} 912 "\\.\pipe\gecko-crash-server-pipe.912" 4168 1fc29b41f58 tab3⤵PID:716
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.4.751390104\1069253762" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4724 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdd079f3-b546-45bd-b53a-8e9bd8ecbb4a} 912 "\\.\pipe\gecko-crash-server-pipe.912" 5124 1fc2c338858 tab3⤵PID:4844
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.5.2020419207\1329941027" -childID 4 -isForBrowser -prefsHandle 2908 -prefMapHandle 3024 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c7a78cc-8bce-4dba-bb4f-99476fc87a2f} 912 "\\.\pipe\gecko-crash-server-pipe.912" 2904 1fc17d3fd58 tab3⤵PID:1496
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.6.1748764176\705555073" -childID 5 -isForBrowser -prefsHandle 2840 -prefMapHandle 5356 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf78755-a5ce-437c-8828-832236041c35} 912 "\\.\pipe\gecko-crash-server-pipe.912" 4724 1fc2c339a58 tab3⤵PID:4684
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3910055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD506b496d28461d5c01fc81bc2be6a9978
SHA136e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa
SHA256e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507
SHA5126488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91
-
Filesize
152B
MD5de1d175f3af722d1feb1c205f4e92d1e
SHA1019cf8527a9b94bd0b35418bf7be8348be5a1c39
SHA2561b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924
SHA512f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5df544cc91f7bf0afb35087fc636fc539
SHA1a43b66f24995eb6263b13f711d7fb2307a59524c
SHA256f120fcbc39cd380725f8b8c86dd0e904758ab896d098829a55fc8b9b02b85002
SHA512dd57dce5574d782727969567446ab11c691d9ccaa248e9082a45afbad12cc38f786ff0a89e8c060e4a2dfe440212e95980cfe03126a35723aa04c2cab697a37d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD51eefb1e1f16848d3ab24938d2a1705c6
SHA1422f958eaddb8f0989cb964e5fc73386be9aa3c0
SHA256536808de4a51e32ae9adcc286e5ef45261186879310ff437ce92eeef8f57971b
SHA512cfc49907184c44ebdce3ce4bb6bd614b506ad54088734acec09e4e1ff9709deb9f79d4b1f9f146eb166613f085a81561cc4a2f651b071c5478ec67fe9078ba6b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
733B
MD586bc1a992156631e165ae8e6a4e714ec
SHA17485340ab9a7f7e86c0cfd7479353a137a7ce8e0
SHA2563863335338ca0ca9937a7975e9fa0d6f3808d6d5f54938d4e9fa92acf478ad0b
SHA5124d573d86a6dbf692a91790d3286d2e13e8b7af89e35df478dd251fd51f9d70918a3d11772f6aa736f4db29ab7513f84de78b37cd91ad189a8614cdc388ba1729
-
Filesize
881B
MD5966b9a3b18d48d23a2122dd259ba982e
SHA1d84bc24718869fd30290bb53be1a482be30b5016
SHA2565f37a4a3a98628a4064ba83bb0508ea56d0e058f7dca74db012e74237d4336bb
SHA5121cd0c8495f6c1c623db190625f022165c605183717ad4bad5c848917993971af30f21a7e1fa105c429974b6729be69ef270d1fda305adeb309e11ecc614c1551
-
Filesize
1KB
MD5b44d06b1ee4d4b57ebed65a41124f13a
SHA176e5ca701479fb0a06fa790bf6b775235f1aba62
SHA25668b4c31765083bc9cd5f3ed828292db7dff2457f5f8f8ac7496a3b7696165c6a
SHA512db0781b08367e1fc576b8bba4993a7b8236b1e41d84e974a7e4d926c4115bc5a2fd04cede2785d6f3e7a95973cf732506fd7ed2a8670bbf88e89eec8c71e3e84
-
Filesize
6KB
MD568403ec94b22893d903bf430707be9d0
SHA1f66caada7f89268f3a3f285e826da7a1d52e78cd
SHA2567f6cb3012b316d03146d38c2a6bf7b97b9a50ef880554b7800bcba059972d7c1
SHA5127f12065e3b464e722452a9c1b9f7a1f13e8e4f699cea3bb291e21903006a91bbe908d2184747ac32772ae69f39c9b0497b73f326fe95333371d35f86ff8f8d64
-
Filesize
6KB
MD52bd680f5da191a24eda515b7e724e1bf
SHA1ca5927d50aac5cc5321e0c88d6a2c96f7a613ba0
SHA256293645e26cbad7cbb0b56092a1c87ce142542f828826e1a9357ec13eb704b904
SHA512ca6815d2530858d36093829a951ca9d59e375c215d8f090898f6c915fccf3c7cb266b5f145f71a9bb71c9b3528d13b234172645d63ad5045511d570772107fe0
-
Filesize
6KB
MD5fc54cefb9acdb919e2e85e34d134c3db
SHA1fc2915c09b8fedb2ca1477deea77ccb9788a2f32
SHA256a661cb5e951597d6971bcf6fc5a43c050b1935cddfbe77306be2bfbf39bb3f7e
SHA512501d5fd6e8245e346c701141c30ac66079e60a7d76db887c22d4c16e333a8dfec60661384076e547344326799fc63c2b29d2d68f949325d0216c196c3b2591fa
-
Filesize
6KB
MD596c86e53409385382360d4c74f190f90
SHA1270a839586db283cdcfb45b95282464681e093eb
SHA2562ab7dc9e823dc27d67433f9c4cc6edad07c59077d7ec22a8813dfa924b1c1ad3
SHA512132b59314e9293245d7139858157a9a969db9554e0f048954374a39b9d36df315a0052ba79ee88f1af7dc06c783050918105c08eff2e9178d2d07e569467f9e9
-
Filesize
6KB
MD591be22c6be35ddafb65432436a75497b
SHA1652aa629363597141a19e0b65befa2026cbc9140
SHA2563903359f7fb49eb036391426dbc590678a097beb34f3f1ce395fd4990286f144
SHA512d8503964b955104de70206084a4ca3d1a25b31a6044d500da3e9521436890ff2272f94396226ca15dfec13157ee69d0546d38f4d3b3a7b3651cabebb1e2443d0
-
Filesize
6KB
MD540b3338e05f4a2a0f1c8504d563fc78a
SHA16e4e629a96b7fe0b602366c91a0391add7bb9775
SHA256d71607856cb3556c83cb579efeb24bc6c72be6f1f181fcc907555e41b7e0a687
SHA5122969d5023aa05de539739f8536294feeba1c29263ea973bfa436794a8c8fe93b94687f0eb8a049144fada59e38a193315057441a2fdbe433daaab63d0096cff3
-
Filesize
6KB
MD55653e764464a1e4ef798311ed945d0f2
SHA119c1f3c2f63fd8e07f8931df417d1dc03aac7e26
SHA2568c73b05480cadbc851be828d2df18592f47a779acd78eb6182240742d390c2bf
SHA512a57332dfc7f11ca7503e713c61f354323f2bee2094a42f5c7766bbc911005da63e8df58c99b438f2a03fa1aab048f7f4e55c12e3110a04cc515d57f5bf968417
-
Filesize
370B
MD51c2d2d59fd789308ccd1ced6f8f0ec5e
SHA1f0870d4060f3982a14f34164847da43166560708
SHA256b68d38664ea1d2c642f60386745db09873fb380fd4b7bbe43f1dbdd6dfd263ce
SHA51218b15a0c080d78b43adce7cfc0065924295403178aea8d4a9db9098ff3d5ca8660445dc7f2dd8e440a92c1d3138a621848617d5558892dae6de175477c2a6b65
-
Filesize
538B
MD5f55d0b37c3917acc14c8c299d4dd0f42
SHA1ae2e928bb5c02bba25ca6a39790f6a6ce24ade8f
SHA256e52dd123622eb91659d9024fedde8949f8352b83aff3ccfcabd3dc1a70aefdcd
SHA512b44ddac708c7c9bee3bb36fddfc2350c399669de2eb21fef34296e09133a63f0b385bd0a5b1e8ebdf906e38d81d8e2f46cdee452c4bc0033df02fd8b808a7645
-
Filesize
203B
MD5101c6ed48a72e61e93e8e85a69ef3434
SHA147de831cb870d0c2e0bf508869e3cc9e321c46db
SHA2569c84f9335b65af56c6e519d22207ae425c8343b4b99cd7302e3021fb4ecc9ff7
SHA5120ce465f1e9c3585c34c937a2b6173a26b15db594c0d7c885a7973f7cc9d7b79a8d46c4f62c918199fc5395b9e5473f9e1a8d3dc1c21a18f5eede79805ccd45fc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fe198cbc6446ecd8463f3e1e3dd6ed5e
SHA166b0e6a94b1c5c55d153c666a3a60074955d8473
SHA2569f4c9d44f370e698d1e01efc701104dff4c0a9be054147c936685519d3fd9fab
SHA51219d699867175a22e4dbc1d614f701fa16b1084b4ff2a801c063e247e47cdc3aae113be63b2a58970079542bf64f06cf3940970d527a6d3f98574e12018765d6c
-
Filesize
12KB
MD5a675171456f0296d282aac4d70715acb
SHA14899d226040c995cca63518c4859d1104e63bdd6
SHA256a830963fc34acfdba200d0f084c9f43ffcebbaf3b8823ac123f52ec4ea8f4859
SHA5127088208ac67a1b0f8ab3f54327413ff368d8088afb32043b5eb3e4658a19d27c1046ec986c3ef5a6ac8787e56cd1afad3868ff6559da5c7ebbad9414c24e033b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
Filesize25KB
MD5411b15eff4b8b9d4e370f32b2b28f42a
SHA10bdfc2fe1c461713fdc8e516716bf74dd8a2163c
SHA256b4c30a92849957d8dcf35253ae035eb8c9b8f6a5b512a1dea9b1b6fd88484a0d
SHA512a4474696eba1a702b2f66953ad184fe8d6e71bee6c857c2ef1679297c0d21a3ba6a79719aef49859db04ae7b431e91ff013f135dd34939adb4e6749d28520b4e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
Filesize26KB
MD5d0b8a4046ee32cdd5f42ee1fe73ff5da
SHA10f05c8eb50bda186c7646e118929d873e7c30212
SHA2569394d17d1b00fbfe95c600559b1bf9cd3e20d53f3b371dee98ff3ddee657511d
SHA51299b9e00e2d6c0b72b93bdba5d4a6098fe97ebc6aa4c8b36d09a1d19bbe4e5a8de09c8fa741d575385ab9e33269c73b9610d667d72913d8e1dcbad1b122c26390
-
Filesize
5KB
MD568b287f4067ba013e34a1339afdb1ea8
SHA145ad585b3cc8e5a6af7b68f5d8269c97992130b3
SHA25618e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
SHA51206c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
Filesize
7KB
MD59739a8df727a77a86f8fd4e2cb40c1e1
SHA15de7a96cef145d0c956946ca5bbdb3e2f40fd853
SHA256d7c390c4ac09758c5d822f9592da5d21dd802402fbe1c3983b56a460068e5484
SHA5124940ae60607569e2a9d2f868f6740dd8da16f83dc19cd79472a7ef208262eea681dd8a750080f4e5c86a9391491ad4d3b4f9a875a95e96a3f2215595df3e7d5a
-
Filesize
6KB
MD5ee9a860db0f3afbab1dab2592ff635b2
SHA1cf57399b854804fca3963e492468e65caddf948e
SHA256b78c88303b560d8e4b2f865c75088bdb4d3a9dbff21d900eb1b1a2cb3a4be8db
SHA512281f40acc2931d2ffddb5cbcf7c58b94a9748b7c74093a563c9b3302a200afbbc2c85b81cab0486982325d909bbc1b340b7b185500bc2ddf9d80def1d58d8880
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\sessionstore.jsonlz4
Filesize418B
MD50b1feea5efc3901a4c843e3a74cc1bc8
SHA1b32755f348943e4a157580e6830bc8d74e2079cf
SHA2567c250db545a897a9c5b7f91e86dcdcde3972ac1acb8cff8d2666243d5e9ddd0f
SHA5120ef50227f3c03d5b964ddf60c3f3ab125f8ecd997c289986441b0c9c8d39004347b419e99ec5b0c5b622b9bff2e74fdfb7b707d833c5908da3dce39636e39b20
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e