2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
138s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-07-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694444993029903"	chrome.exe

Modifies registry class 21 IoCs

Processes:

explorer.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

4756 explorer.exe

pid	process
4756	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

HorionInjector.exe

pid	process
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe
1828	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4860 chrome.exe
4860 chrome.exe
4860 chrome.exe
4860 chrome.exe

pid	process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

Processes:

HorionInjector.exefirefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1828	HorionInjector.exe
Token: SeDebugPrivilege	1432	firefox.exe
Token: SeDebugPrivilege	1432	firefox.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

firefox.exechrome.exe

pid	process
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

firefox.exechrome.exe

pid	process
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
1432	firefox.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

explorer.exefirefox.exe

pid process

4756 explorer.exe
4756 explorer.exe
1432 firefox.exe

pid	process
4756	explorer.exe
4756	explorer.exe
1432	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HorionInjector.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1828 wrote to memory of 1888	1828	HorionInjector.exe	explorer.exe
PID 1828 wrote to memory of 1888	1828	HorionInjector.exe	explorer.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1616 wrote to memory of 1432	1616	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 1788	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe
PID 1432 wrote to memory of 3344	1432	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1828

C:\Windows\explorer.exe
explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4208,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
1⤵
PID:3340

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b835bad-f5cd-4950-8523-8d67dd6df339} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" gpu
3⤵
PID:1788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7f306e3-6fda-4e7f-9c86-e0e01a43c22f} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" socket
3⤵
- Checks processor information in registry
PID:3344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2984 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23116c33-8905-4e1c-98e7-2da296ff57a4} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:4328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2652 -childID 2 -isForBrowser -prefsHandle 3912 -prefMapHandle 3908 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cbd767-8ec9-45c1-8896-b80e3c79331e} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:5192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4540 -prefMapHandle 4828 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c00a1da-9a99-4557-9089-c07b94d5d688} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" utility
3⤵
- Checks processor information in registry
PID:6084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 3884 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88af751-a4a0-4006-be87-8cef74b75f57} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:5604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7425cdf9-5b50-4cfd-9e16-bb114e1b2db4} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:5704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b0b666-dd41-46ff-a60a-9f90d7af86bd} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:5692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 6 -isForBrowser -prefsHandle 6108 -prefMapHandle 6104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84354309-9b93-4e34-af60-a59c50c0e519} 1432 "\\.\pipe\gecko-crash-server-pipe.1432" tab
3⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9c091cc40,0x7ff9c091cc4c,0x7ff9c091cc58
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1756 /prefetch:2
2⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
2⤵
PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8
2⤵
PID:5996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,3984430167380684489,3345604389981381192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
0b95238787867fdf5fefe75c0ca87537

SHA1
1dd1790511dc9a6a3f4cb92611ebc80d51d3f5f2

SHA256
e390a6b82e2984190bbff01733a63b39cef7fc57bb5b9da49ee7ab2b74b5742f

SHA512
897152bdc78149889421d97674b8896c52aa811beca191a8b46eea4f8cf8262f5e9f8a1e98e04e11aa6faa8d0c2d056cb8d5eaa0af3927d3068ff49545ae00b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
3a584043526df6d25143a76bed72853b

SHA1
1f9410fc370f1e27fbcdc5a195e4d529f7575e8f

SHA256
07a5175e132c2f3e1898e8f8d755f8726aeea49fd5dae4fad8f39edee63172a9

SHA512
4a6e9d3f5f0eb141aed7fe1745bab2c44365d79889dd892f3453c230d1511bfc7e1a22ea6887ac7429d87af8a91646cb5888c3b01c6824a16212f930aba010c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b875f79caf6fdaccb80b4056160c123a

SHA1
c31b208ad953790a8662d0463ccae32465ca4489

SHA256
5aff0dc70258ef1e416e3ba31bf17c37ad413224f84f156e55fb12c11cf90a81

SHA512
4240ce8243504b0dc5558d4e2a09dea56f48832ae048e1300e5685cf51ea99cc043514464292d02f6ba07424a84ecbbe82a2029e8893a900c90b2b0096eba5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
657e2006e803eba6d9dd1a3d1b5e376f

SHA1
720bdab175c538e70915a9e75c44f857cdc1c632

SHA256
ce815c772da483d25d7eb20bbc304c8291b0261ad62083ee030086a9fd8b2fa7

SHA512
36be14d1d4881c044bb900a40acf89c59d7b3fac0407f4f0906cbd188f30452b4db89bed42f9304a28592558c198b01be3692e76dd94abe1fc995e85eb922c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c5fdfd3ae982d4cec01b013bc7e45d4f

SHA1
df372fad2880b990529231bd7c2375911529acfe

SHA256
04dce2f2912c6077eb12f50ad9bb16113d41cd0a0b34bc3c2dc6881610ca171a

SHA512
27ea97e63d7838b1bc5b9db3030db3e8496e4bce86a93b003ad98b162f98b55045498b5b3a4a877010c21228dc5c8f41fc0e24db9055c44c6f18e14a6baa2ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2f4507e05fdd2e0a4c8cc0bd3523d1a6

SHA1
ea240da09f1ecdb6aecf63c05967869c9bf20197

SHA256
0510b6f2aabe98c797c918fe4148cb6a329c6b7cb60825b0e24a1dc747d99b9e

SHA512
3a0fe1baae03cdb9246909a892fccd1f757890b792b8c946bb7dadfe6b2e1c9337da7d847949c7d767de24739b1ec4c640a66e734d2360abad8688a5a88e6c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
5bb9c9f238dc60445de602841878a2ad

SHA1
d5b389eae7fd391152fe0dfcb503939476c98eb2

SHA256
c0e1f08d40ccf5ac931116e877758746d1c232e2023c943381e4baa5ad12a0b6

SHA512
7d0d70a6b0d00b1d5b704a9b09ee80e7d7263dabf68823bdcb668a0c2bc964d338bf635391edabc863cee397fb2a9a7b5d916b03dd309ba8418d7ce65f5d2bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
202KB

MD5
bb454dad4994500c8a6438087aa8cee1

SHA1
6611ca401668288f76fd9a5a7f1e1bbaa0a1ef6a

SHA256
0c36dc843d7fc96fc896f7dabe08c8e1e4f49153952fc675db3d5b03c5b64a10

SHA512
9701ed363a461e29df1cf9fa00ff995d687425783a4fe09dc3bf7ca94408bf42873d51457c1ae3141fa20e2e7b29f95516d98464d890d24f6ac7a63ccecc0bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
202KB

MD5
b38e3a28c770c2239de999fdf6a7b08b

SHA1
b736604b5ea310a5e58b9400d7915360a0a9f313

SHA256
cb8c66e235865b66b71be388363f2e75a6af516e4f1acf397ffb1193264d67b4

SHA512
a75a419dd3dd36d57883331fde0ed814fcd1815ce68c6f9dad10bf6ca15c9bb4382a6e4d10979d7464e4fc902bacb54505658a5468b7a131f384ac625a52eb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin
Filesize
7KB

MD5
b63e5c8f88aadd9f693ccd7eb3a7d216

SHA1
f29ed19c8f8779ac126585629872c0fedfdcca9e

SHA256
1e0501ec60b0d0a692efee4362b1e18018facca4c35d23689bf06dd95232e359

SHA512
22948fc0d68bf5d1b1375130cac4ffb047a9bc2995196b6233cd52f205a17a564c31898edcc7f2f8f967e2d51d8aece3ce2c55d8747c7e2d5514930168b87bb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
1c2f3714d2f9e4819e5dc506f6bfedb5

SHA1
db6220b8f218ca27bf6b4a5005a7d8d026dfaca5

SHA256
15734e37c63f0b9d15f20c99d59fe553c56cca32c6a5097cc38c7428275a6603

SHA512
c5ee3414b4c3b358810bc68d6e0a34b98859be11901c9e794c4ba51c85cc410177c067abcbe5d1b9302ba7f051958fc4f507321458447389c948fdd10ea72152

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
5a8ffd6d0bf7bc56f2161d0283ba53a8

SHA1
1e6a3829e057d987e7cd19822f714ed3fd69833a

SHA256
54b93ae146179925db490a152b6dca73d45e31355a5557cd3a7c92d4d75fb9b5

SHA512
5dd23f308424dba126afc62c74b71de9c4aef83a5a0cec651504f7ac711aca7d6646aec75e88de061e5f4ca9ee7ea116baaa999895b06d472f5965473b42b44c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\942b4003-d8ab-4939-8e54-a672b026b470
Filesize
27KB

MD5
7f5c30ca49c113ef7d2033c015772b13

SHA1
d326787a3e207d84b3b6fb5939f1cc7108d982e8

SHA256
dde8fcf963dc27883c7705fb941fa09974b82326f7e7bca1e09c931d5cf6be20

SHA512
3ffa007248a472c18d0c62843b13982d6adf47e95fd3ecaf65ce8ad4de09568c4f009b18c32488dd9f7345ec460d076bc96899beff5f2c40f6b3c9ab811cf50f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\a2964501-10ec-4bcc-b27a-4ffe5daf2c51
Filesize
4KB

MD5
ca97e8c782f3c0661e29ccfe5624bdbe

SHA1
19b6e539aa9bd307c26ae64c908e3627346c61db

SHA256
12c1398cdbad928538dd04ea6cb8eba3d2464e7123d1461d2d2b88a25b4c8d52

SHA512
794b82d8525a021b43445945351e54ac76cd381fceb5b3195b7e3b14ca6c1b1465fb2f1d8a08b4a5780d8245ac5d64860150fb5771994d8e6e5c2f9ccf0778f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\a533dcab-b315-4e4d-89b0-45f1cf54d930
Filesize
982B

MD5
9a6a45e520b51f2b3825f6f0b8795e2f

SHA1
f93ee687115d54f5b1560b2ce5eac5b8d2af73c9

SHA256
d76520c940e9db546911494f2d7a0fb6785e305c9a3f086feb9b0a7d7d9d973b

SHA512
cb4be112f608d615f9bcdd7c39ad44d98515898b0cd19d10f443f6a15e1a811496ddc84b7ae0bec0f73fc9bfd0c87023705d859928e396c56fda5b7620fc64eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\c5d42b97-0cef-4924-ad91-398dc44ee5dc
Filesize
671B

MD5
d7e91453a2c3064d40374a9c458bfe01

SHA1
822f95201133e9d3e9d47d599199d767476caca8

SHA256
d8273378e6b71930e809425c2d9524798a77dd24ec3274fae204bbbee0e9e491

SHA512
ccf5cbb0fddcffb438a01d845c0e0e87ff62bde39cf3d43a5e23248898844ebae077c910e65bea113db2806903381d7d35dc12908f59e489ff771fa5303915cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js
Filesize
10KB

MD5
dac4a3f56b8f85c4f35271cf34ae81fb

SHA1
a207647c06f3ab688916ad29d6824c6626a77506

SHA256
8e63dffffe957fea09bcae6d11b0c15359bf64457de011ce1db7c4c34f7694b2

SHA512
da5900a64313f65a2c368bcc2f915d9878932369975bf0071b1236ddf822ba7ca61e6f6cf251549b22ad35752241b703b04765ad64cc5ac43c09cd27a21846c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js
Filesize
11KB

MD5
402c72f8ef3562000a119cf82cc2c151

SHA1
43882355371c8912772301a08b05fa3a126e8a89

SHA256
e26074430e0f13a82679da5762329126d840e9f9c7f5cf1c008e681d52003924

SHA512
e61f90aa46997a89f3435039b2fa2645a7c14cac4ddca38ccf4a9c4488ea95c046e52e9f5b130cf55fddde0ec21a85f713315341b04e5e8a0681784f87d912aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
376KB

MD5
877ef19c0102a243d32fc4b1de1a369f

SHA1
586e6d7581dcf866a00e28eaab0b825fc1ae4440

SHA256
89fb24e7bcba73da357f30923fb717673e078d8dd7c28a474e2ee43544652f1d

SHA512
51e16a8c0b3b0a3a68cc2f1c335cc9199fceb6cbb9fa395eb3b01c80bf9f9036e2da3e8c13e6a6e2c2143976b5fc24295b890b8da57a7cdbf4afbb73ff213e51

Download Submit
\??\pipe\crashpad_4860_POIZMIGCBOLVJHUB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1828-8-0x000001B0489F0000-0x000001B0489FE000-memory.dmp

Filesize
56KB

Download
memory/1828-9-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-12-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-11-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-10-0x00007FF9CE303000-0x00007FF9CE305000-memory.dmp

Filesize
8KB

Download
memory/1828-7-0x000001B04CAD0000-0x000001B04CB08000-memory.dmp

Filesize
224KB

Download
memory/1828-0-0x00007FF9CE303000-0x00007FF9CE305000-memory.dmp

Filesize
8KB

Download
memory/1828-17-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-6-0x000001B0489A0000-0x000001B0489A8000-memory.dmp

Filesize
32KB

Download
memory/1828-5-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-4-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-3-0x00007FF9CE300000-0x00007FF9CEDC1000-memory.dmp

Filesize
10.8MB

Download
memory/1828-2-0x000001B048A00000-0x000001B048ABA000-memory.dmp

Filesize
744KB

Download
memory/1828-1-0x000001B02CAC0000-0x000001B02CAE8000-memory.dmp

Filesize
160KB

Download