9fefb8a2fce1ed95cb1f3c00cb196d95c92712e6d4825421ae9fa0d447bf1dfd

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Aquantia (Updated).rar
Size

58.6MB
MD5

7f90240242ac9ce1832783e78402cf13
SHA1

4d4f99baadb461bbfbce4e1d5fd1b9dcb2cf0776
SHA256

6f42ec45e22c27ccf1f73deb5f4c436dbe21539120ae8260d068cddccd61cf7c
SHA512

c956e09dc17c0bdd96cdb6eaa920124d1ae93c34fbc304a218b058f1b805b52c603a19e21181903a9b26f1f2888a68260d7f5f879052692533c1cc728ffb49b7
SSDEEP

1572864:dnZe4gO+XB+IMEnRKOaHy4AoHM+ZV9YVUKklNFCb4+4lGh8YRMBo/:dnZvgO+X8I/RxaS4TLzaUKkluuoMi/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660745378197435"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6124	chrome.exe
6124	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4560	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
4560	OpenWith.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 756	4560	OpenWith.exe	91
PID 4560 wrote to memory of 756	4560	OpenWith.exe	91
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 756 wrote to memory of 5012	756	firefox.exe	94
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 1728	5012	firefox.exe	95
PID 5012 wrote to memory of 2848	5012	firefox.exe	97
PID 5012 wrote to memory of 2848	5012	firefox.exe	97
PID 5012 wrote to memory of 2848	5012	firefox.exe	97
PID 5012 wrote to memory of 2848	5012	firefox.exe	97
PID 5012 wrote to memory of 2848	5012	firefox.exe	97
PID 5012 wrote to memory of 2848	5012	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Aquantia (Updated).rar"
1⤵
- Modifies registry class
PID:3676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Aquantia (Updated).rar"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Aquantia (Updated).rar"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ed1f121-d538-445c-b54d-605eac0f48ed} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" gpu
      4⤵
      PID:1728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 26669 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eeb05bb-7430-42fa-93d1-6fbe353c9f1c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" socket
      4⤵
      Checks processor information in registry
      PID:2848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3412 -childID 1 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 26810 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27203238-826c-44f3-b567-0faa2c2f231b} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" tab
      4⤵
      PID:1112
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3776 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc7fa653-23a9-4788-946f-bda31ac272e7} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" tab
      4⤵
      PID:3520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3364 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2de9160f-33fd-4624-9a2e-8fb49c361cf3} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" utility
      4⤵
      Checks processor information in registry
      PID:4508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 3 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17a6d8f-40e3-41fc-86ba-9cc995da0054} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" tab
      4⤵
      PID:5756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5776 -prefMapHandle 5780 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c568e3-d928-47cf-8d36-db9c0a15783a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" tab
      4⤵
      PID:5768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 5 -isForBrowser -prefsHandle 6044 -prefMapHandle 6040 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0dd3493-6900-44de-81da-e5bb7f9091a0} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" tab
      4⤵
      PID:5780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Aquantia (Updated).rar"
1⤵
PID:5996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Aquantia (Updated).rar"
  2⤵
  - Checks processor information in registry
  PID:6012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Aquantia (Updated).rar"
1⤵
PID:3544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Aquantia (Updated).rar"
  2⤵
  - Checks processor information in registry
  PID:2096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Aquantia (Updated)(1).rar"
1⤵
PID:4796
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Aquantia (Updated)(1).rar"
  2⤵
  - Checks processor information in registry
  PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaff4cc40,0x7fffaff4cc4c,0x7fffaff4cc58
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1720,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3656,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4576,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5104,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3560,i,1093519656390577065,3565664518215548247,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5472

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
50c00709c8f1c85fc747f2f186bb3a2c

SHA1
c512934e67ba2163d4d432bc3d45b50f2e0cca26

SHA256
6bd3777994b69379d6290481d3ee48727c21df6fd36527fbd2a2352ce8a460e9

SHA512
2b4fc67f9a1bc98ecbaf3e77da435477180ae478512fc251350319453e80f36b152f51215e7b4d31a8ec3e0fb4a7d1877078a7d36bcbd113a4fc53fd599a8f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
f7a5f1c2d0dd4bbddbad08c7ece92f68

SHA1
ee4ea8490e867481d10e864569f4c674afb3cecb

SHA256
4d2597c88abf989cfb6bbca0c3d5dbed33913283770391098be2016093776dd8

SHA512
621a52897726b5e8d2af53c3568e04c776b00074a6daaaa0179f2954e84eaaf0169b1cdebf8cfa81c5d3621ca3df0d01645782b421248548ec60a2f69f19265a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79ddc49f345103170d3f694f37bbab3c

SHA1
5098d7d0c1a9d4e16a764fd2aae016026aef1a88

SHA256
8b53a4fc3a136cbe3f46c387a7ddc91bcb4afb48d101e8b504715bbb11d07e29

SHA512
f4b017c16501af35b7ef16e512f1753641e53e36bb51a97346056835cdc44c62572b36b422f72b7935de09f5d89a89c7f3ab064f47ddf4254ed67a38d3b09d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c57490e83f1aa189f38572e260aeca46

SHA1
13a72970da5380b514ed6bf49dda40fd73c91c4a

SHA256
b93f775f71facaed6fa107a5a473030a22ed3bfc4417f322579c4755c138ccef

SHA512
92c5282e6ecaa76222caac7bc4fa773129f2abdd42eca51bb1683d1a4d302b592610e684831ab6dbd311db7cc14aa230b3f8864d3ad62af49d70843ef8f06249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8bfe98f8b1ea12fa878e4ffb37ba8f2b

SHA1
018fd28824d128d7ae57951b78fda115f14cc161

SHA256
975f4827840fca86ff3bb81c8a94cbbf0d812aad136e6aac0974cc3acc960b3a

SHA512
64c3dbb1a49ee0d3bdea327e90f59de699671e1ec005eb9913a77da1c2cde85832bd83d492818e50bce0318bb606828ab6d8a99cc19d062abb3ee969bf5fb4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e08e663fd7f3859c0d02695b0873e6ec

SHA1
7d693fb6801c919a6743bc3b00d4c5ecfec0bddc

SHA256
716776c78f58e98562fe04cca96c4938ca86ae10d7c3a039176b2a2dd7a165a2

SHA512
270f0fb647ae3ad22f0d311786507b58ee21876e1f10659e92a324d44aa549efc1eed9e2ee43bcdbda6535b2d5b0e8f48f1d506f98536371a04d8f636d8f4484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af53ef2a66a636422a26c262061e9afa

SHA1
99677930ffa50360d756d8d4d148e2cafdb69430

SHA256
5096f522b77b0cac6d88c54467a61acf82cbb9ffd84f1c534398052e7f510df2

SHA512
d0aa9b30ef918e0b15a78f9f7414ac19306526786adcbb4d40e7d66b641a11ec9b5c343538e015ef29e8b3dd7365c71f6cc67e6397dbe8a401cc911eb5b07a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
c817a83dafd7783f7924b6e8d6b889ce

SHA1
10946b8721024f7f594a80e9df31cd5142fb9900

SHA256
8e42b533906703abf76075df00dca81e5271223ad2f441794c2e0c23832a4af7

SHA512
7dc585de2938b5e3c53ae7582c43313458b157290287a90f4240df5b6e281faaac4e03a1c9c1bbccdbb9a25e36ef2f84c6cc66ea658778e2315c017603c6d619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
575813f9dad182a4c6a68e89be887a43

SHA1
3d0144a2dc8e237cf4c90173ae577c5b631cf03f

SHA256
4a6b200be0aa395b7b6551fa4b5c03e4eabfeee6c1d38de6e64b5dd4580b6634

SHA512
0605cca576b57ea4ccf15f75dcee095df584f05bd4be84981411cb4a73ed3dbc21c674c274e0aad09c82dc25e4b241354f3e0cbeb4472a085ef081a8f5990b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
4b79b54c9054bf03964be1f6e8c1cc4c

SHA1
8b8d2d767e826daa6c46759e55a41089c6de4b0e

SHA256
7e31e37e53405be4ce42b52f47c211f1f124776dcfa3d11c72b7dbe3c7fd2188

SHA512
d35d564daf833d2899f23ea3a9613f7a928d64a8d755bea7219f68edabe127b7495a2d2f5ae88b8be0d05bbed00000d2b4b65a89b0222189040a916b13d8d35a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\AlternateServices.bin

Filesize
8KB

MD5
19f5578af42e4ff78f3b3e3850209aef

SHA1
927e717150c2d6e302cd5f20050af4cd5657035f

SHA256
851b24f59a92ee1bdf35d4d526eb30125d0c3fe4b7fa15481b829f3ef58b94e4

SHA512
6ac53ccf1d132b3c7b967dda4934267ab07263abede8d751d909bec0d5248f73b89ef0cd56945e42b5c5f185e643f92b0a62aa9e94a3ed60aea1744489950437

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f7fa0ed5e8c6be9d31d3100c84af21d8

SHA1
58d311952fbd4d32ec4498e98a4469a3cb157856

SHA256
30b24cee55e24dd543c7500b1821ecf145e18c10fd3d51be6c5c8e9d4766b21f

SHA512
102fe6c5ff7d0676b0c243b434ed3ae7095ce0589b4162cbe49b7c3d658ef3ac3b7bd1afe68439e636698bbf851d55701eed8f8c0071dc6a9a51eb92746248cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cc66f0e93fd4bb8afefc9d8f03a81969

SHA1
ca7f44934279912fed17ebca27e2e9973462908d

SHA256
6e5d5cbe9cfc70a6fd0b6c6958144a272abc4bac1233b17c788fe3d7edbd6975

SHA512
dae625e659838d8b1e2120274fa5a56075ca5417df07ad6c31c282ba0f25889a7823e4752e0bb2f01fab3edd5c7d3dea256270da2b27f141b253743fc96272d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cc07f156fe00cd627e7bbbdcd86ea85c

SHA1
62a7865736586ed4ddc63de68d12dfe2c2e3d0f1

SHA256
c6833c2b6145b3e8b8f6cd09c94ee9f5bbf93a114215aecd82dec1aa61f61a82

SHA512
4574ce6eb8ab7ae0707ee66764221a921b0aa49ce755ba1753aacfdc9960e3fdcff2e4d1d873196d9a9cf8a268b7f78416036694a3bd2dcd4551b2341cbb63ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ae6077800f2d0808026349d86edc04c9

SHA1
4fb07b5e7ca5aad46c53e0a731d92031a2cb2023

SHA256
8dbfb9e46306faacf2d4f0ac5722454a3e83bbf2174f3bcd3433a0354c51ed14

SHA512
26fafbd9cf26afd9f555d630a27cb7f4ff02f0cb94557dede3a522b6ac765524d213a532ee202ff30aa5c4537d9e0857f05cd55fc2bed78c7d960f04a708fb77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\pending_pings\02e95b91-d942-483c-b089-33ebc67bfe5d

Filesize
26KB

MD5
c9200e667da5771cd11cc8dee2d5e12e

SHA1
51cf2858f969133362c55a08d698382760d3f732

SHA256
1365e0ace5dac5a257268ff6dfa0e0da8515e7ebe4a06d1af1e841cc7f11522f

SHA512
30b47080d037251037ebe424249cb849a357adeca5c01d98dcc86b3c28b75d15f8eb6c94d08d22593099124715b769d35123fd7d83ced9f986ef7c61645a0798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\pending_pings\0956859c-1929-42cc-a1d3-f6e283a056b6

Filesize
671B

MD5
c9485a97b616134206e18d69e3269da0

SHA1
4dec23415aa02579c3a05c7d98e7001e4df759ea

SHA256
8e6b008e6de2a209456bc76a5aba35650bd36cf459c02b45cdbc16521b7f4432

SHA512
94401478f375e1d00e1c783651f6dbbc563e88645e91ee73393cf10824bd533faacc778b46b3318effce3f6b6282ba10aadf8dcb075fa4cd132142d35237f018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\datareporting\glean\pending_pings\446b4a2a-90a8-4445-a3b7-c703d7310240

Filesize
982B

MD5
259c356657ba2391cab9a78e773d51aa

SHA1
36f2bed7b0ff3768287c00b238757d82f7b855ef

SHA256
614180225a268afd57f048c6a6b55edf039bdd862362ef4f125d1f750b6bd36c

SHA512
58201d9a948ff9852ed3409709721fdda0ea563aaf5269ffbbf1e8f82916dd8f04fc29a98a0b38e6645a5762394a69626a5c6ba6935dc2a776783a87979a54fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\prefs-1.js

Filesize
11KB

MD5
f244ac0be2f4538aa164443e39b67686

SHA1
062d51dfaa43c8bbb21713d345eb95d0506efeee

SHA256
814f978b495dc3bdd5ef1658e04fc625dfd426d138be7c0da2f1e367509cf94a

SHA512
24eababd9d79314517031305950f70a218b4cba2639047a0e02628cdcbc6abb88cfc4527a2ffb4cbfda7bb9d430309bf022732b59e78cca827d8bcdbfc35435c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\prefs.js

Filesize
8KB

MD5
50a65b5a6f2321f81c251d92e0f98de0

SHA1
756bbdf0b9b5a32f07e442a0a73b5fca78b58c28

SHA256
c6bb52a003fb447da0ae1be73fb0b7e8cd82fd62aa5f15bea4fd962c8553d2d9

SHA512
55c7cc95a6a9febac3348186b0ece5bad150ff071807a884b21167aa23cc521630c53de82bae40640a3389dd81154ae993160730ed414c553531888e7ee91758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz8w575m.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
fe5fc7873f67a34c72245d5269b5aa65

SHA1
8d7fb52acfa0eb963e203636145a74f35654b754

SHA256
04c43b6ebc3d7732c756f08dfc27a3a103f2fd3cabcafc84a849dfb70688e157

SHA512
43d3f6fda071a52bd7432db9fdf0e58ef499113228cea1dee715cf8b1cc8062aec5063b718d788f86d594c3cace6e567647e21f10d9d838f7d125084ef3222ff

Download Submit