a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe
Size

89KB
MD5

7cab78f145df4f96e4ba8239be447927
SHA1

10c266f5dd413a08fa791477091e35df5158df6c
SHA256

a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d
SHA512

29493717ba9e54a4e1afad3ecfe02dc25d06125b675ce5f6f51196381941f9d5c4ec5ff50b816e6a3c960d2942579070217e3d9b69201e7974c1292183736e39
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf3xne8iO+:Hq6+ouCpk2mpcWJ0r+QNTBf39m

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{D030CCA0-B51D-4352-A813-AD005AFF6362}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{F2BFA9C4-BD3D-490D-AA19-ED8575F9B840}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeDebugPrivilege	2444	firefox.exe
Token: SeDebugPrivilege	2444	firefox.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2444	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3716	4872	a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe	95
PID 4872 wrote to memory of 3716	4872	a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe	95
PID 3716 wrote to memory of 4796	3716	cmd.exe	98
PID 3716 wrote to memory of 4796	3716	cmd.exe	98
PID 3716 wrote to memory of 1340	3716	cmd.exe	99
PID 3716 wrote to memory of 1340	3716	cmd.exe	99
PID 3716 wrote to memory of 2248	3716	cmd.exe	100
PID 3716 wrote to memory of 2248	3716	cmd.exe	100
PID 4796 wrote to memory of 1760	4796	chrome.exe	101
PID 4796 wrote to memory of 1760	4796	chrome.exe	101
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2248 wrote to memory of 2444	2248	firefox.exe	102
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107
PID 2444 wrote to memory of 2020	2444	firefox.exe	107

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe
"C:\Users\Admin\AppData\Local\Temp\a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AA93.tmp\AA94.tmp\AA95.bat C:\Users\Admin\AppData\Local\Temp\a23a5230ed4282ec4305cab8af0f1c63607196759ecf1e372ebf75b692fa366d.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4796
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa3e61cc40,0x7ffa3e61cc4c,0x7ffa3e61cc58
      4⤵
      PID:1760
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
      4⤵
      PID:1388
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      PID:4112
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1752 /prefetch:8
      4⤵
      PID:3688
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:2820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:3344
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4652,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4264 /prefetch:1
      4⤵
      PID:5868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4812,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
      4⤵
      PID:6152
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      Modifies registry class
      PID:6160
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5068,i,485296361271117423,6045981314598860469,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=220 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:1052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {260ebcf9-e251-4760-a5b6-c2e9a7d02f84} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" gpu
        5⤵
        
        PID:2020
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2416 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f919b2a2-03fe-478c-9578-37b1dee809d3} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" socket
        5⤵
        
        PID:4440
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2948 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e6b380e-782d-4069-aca0-dc22a2011760} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:3788
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed6394c-f47f-4710-a3af-c4cad1b89f5b} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:5192
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4320 -prefMapHandle 4168 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f5be1ca-1d5e-4876-913b-7a4616a45597} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" utility
        5⤵
        Checks processor information in registry
        
        PID:5808
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {068cf5eb-50a3-4b71-988c-c8e05765f147} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:5820
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0efc8809-2aae-48d8-8e64-202be1c2fcdd} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:5832
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26d715cc-91b0-4b41-9814-fed85a25485c} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:5844
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 6 -isForBrowser -prefsHandle 6200 -prefMapHandle 6180 -prefsLen 27039 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {033445c6-1862-4abe-8fba-ea9b9508a4eb} 2444 "\\.\pipe\gecko-crash-server-pipe.2444" tab
        5⤵
        
        PID:7008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3836,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
1⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4032,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1
1⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5424,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
1⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5440,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
1⤵
PID:5032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6124,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
1⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6320,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
1⤵
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6328,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
1⤵
- Modifies registry class
PID:6576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5660,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\74011307-cc2a-44af-af85-3e68b9dc994a.tmp

Filesize
9KB

MD5
4bd255c16c8bf1dbd3521805b3d97a9e

SHA1
bdc940d30d60990d0704bb3b468db9da9cb37d7f

SHA256
04009682a568b5ea3706977efaf2f16005d2982ec69f116f8c6012a71e9d533b

SHA512
65edcc021cc333761944b07006da696ee697f5bba2110ad10d92cba7239508958e7d6085edfe328b3d214bd64df7d949553fd5a6a7fe57a110f4c32ad7046e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
d2e4aa8778b9d7dbe3755575b9a4fb3f

SHA1
c79718d02846d110c553aeee884b45d6a0da77a8

SHA256
1411ca7b9fa733656864c8b41a98ed672d84fc1561df1566a420437d314ce01b

SHA512
d067c671d000b400658c4fd3e22142c910ce16744d177adfae9a51b51320648e3d7a0dae4da94062cb576ae5be61e4134d4dceef0f16b5a85ac4f6c109be50c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
994709c30839275e6b0f2d16dc44afd2

SHA1
f982a8930282881e9c9d30c186c405b5e378be1a

SHA256
4257e21918f1882ee1c90f6fdcff7955ccd95afc99055098431e8803a6529315

SHA512
54781b7c159c958f931e7bc9c2ae82b4d1084f49218a9a46527853bce567fe98c9d1af0caea2cb96cdf80c792017b60cc692f52151b287622c2ecd847f1ea4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ace05f723326ca481b9483f17969c2da

SHA1
9636863e88c515976bbb5f04a8e30ad3b3066508

SHA256
a17501ad043d7bf86c1d244987c2fe3c7f9ef686cdbe48fb2b42c5f296b63ee6

SHA512
37e4564ea8e3287459e97732e54296c19890e99f82c32637365f408ba4673a9014a37b0bdaa8fbac9e9f0cf64750c7ea8bc02687c245cc73ee2e7b80412f1917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1586653cf60639d25220787eb2f3e48e

SHA1
4ec34b8b2f650a65823bc0dc309cd550fbaf96ae

SHA256
716b6f06fe74de5da7b0d987f32e9e2d76325ee72ea2ce65b3bbca8389a61460

SHA512
299b4b61fc6c67a95c9156542bb6d4474321d4ef9ba2d219271c4ba5565f2ae1c4581f294c8cbccd6f2993214dbb9c56e5766b0a202effdd6c9e0751d43cd80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5b80e77cfb8878e270c622d2ad7435d7

SHA1
68d9a2eaf341b7d787590addc6875799ef4efb26

SHA256
620ff04f051272105b7c49ebe8a628c0789921495fd6f2ee8ae06c11f16c53ee

SHA512
fbb33380abc1fde43c21a1c5bb3b4db91c429f1e1d79c1703c619a7e6212102e30c92493cc679b9370b92df4a2edc0d651d829b370e2c2136ec7e46f5ff3f4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2007469df7159bac2171cc0a83a053e3

SHA1
d3c9ec5168cf4931d06576383a722301b751fcc7

SHA256
dc4600bc7df0a273a6faa6163847427c396ea51da7f0d7e34358d5e0dcd66105

SHA512
6bb9c884d2ffea0b1d35d2e605f34d257f2835ece2bff0c79fbc42a872d04ea5d497af2e1eaca1415d73e33d2a4d7eb96b3208be20c5d7bf6a2aad7df8c7ee08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
964a2387753561012c17aee2164044ae

SHA1
7bded573029b59cf37e12a9c014a43b776cfd6d5

SHA256
5ede5ef9e751c82e2d127a40e641087f80429f3c6532c56c431e213b26742fba

SHA512
3d3be375751b07fdb9e9d7fbffab5c87d0324f1a32addfc727802784beb964504a68bc797d4e6cb59515bff576af5225b054bef7af57a4d36ced8ffdba30a8dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d21315d05094ea9b3e937e00241e1f22

SHA1
1d402f9e37cd7cbeb0e4a42ef8db491c5f035a42

SHA256
7a7b19302f939ab0c6e9de34b04dbbdb8bb3ec8bab23f1a43a071c1d58087dcd

SHA512
ae406d1db7ec7c09c542f6f20a8039bd7fb2c38601cc17babd9e720441535b8bc719ec913d013bda267e465253fa85ef7ae1122e2696a10638edc1c2fb225752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
275c573f4760f2fcf82be9264d21d2a0

SHA1
82c0850afb60f33520b89320c450c2eae91686a3

SHA256
2456ac4a76f430e79d282bf3dda92ebfb40574f7e8d12e304aa477c83f0b032f

SHA512
8877e07576c9e32fb8b5b06b65baf06974a15048929b9684b98c3322677cc3269aaa1954c1aadc7ad863818dab7583549e8fab5bc75122195acd7a9ff0ba47df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc0e34e6ea773d5b85395fc4fc7d3ad5

SHA1
3ac603cad3a1eabae38d699aef84a7eb75779f61

SHA256
2499e37078a5fb891d2e9385cd9f5a2cad04e24c81a26ed7d677320d0cec8ff7

SHA512
007712bdbae09bc4a4fdd8ade485c0b446d3a77d12486e032ffcf16867b0e2ed258eb7f63b06e1f7365c3408ee90a69a48975026d67570a7f9cb9a0e6e40ea56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d250b6699fdc92f660ccaad7331c4240

SHA1
246925ec4e530df844785db9c7aa63dc6d5e3586

SHA256
ef37ab17ea30de64371213515095db6aa22470adce5ff46e717259b25427c85b

SHA512
0f4359a238f27cb295b1108df71bada66255535e28beaaa13f1a00b205a35d34fd811d25f46088ba9a961e228584d3ccb0221d20fb0a5d8b4a06f06b0b416264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16e570577c2d1ffbf53928156765311f

SHA1
536d74a8fb51142f812b644a9d1d7d5f3a81f4fc

SHA256
fbb60930d9d6f6924e687d628ec99fdf62d118d4563f0c1b00504047bcd90e5b

SHA512
ae3a237597da7c71421a4ba72d7ea4f2c24b06a08e5bbb48eb01f0a86a5286deddc5e7fd0ea43a4bf61653099d2ac4796343b3fbbc39a201dcb6c1bca26e4ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c60fd9784a921478a44d22120a4825b

SHA1
4cd380ec075de928cdaf6bf4a6c008356c1ef832

SHA256
fe3c575831a78d7e0054c288b0a36ff78e5474eb6bec3bf020b9f9a8ebef53e8

SHA512
0e4d12ea98139b0fce036d7219a77059e310bc813e0e2d1b54e16e0751ecd99110bc120df432e64f55545edf8477ac452839719255d5858661fc588c580ca574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a04a71dd8e5e49c1ad5a8e12912fa9e

SHA1
69bea4151b96ba192d728e471e29df8dd6974b3d

SHA256
aefc79f1a41ec2827830cccc1f2a066678d665ab8f4dc4f558047c2818cfefbf

SHA512
549115183c47061725d245f9ca3ce411fb54559d4f6ef2e374b3345c37de2e2b4b08cea463f77f59cd067b57ec02b9b0e438d67d3bc2251afec9b1747180c86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
33895ad88a60ce374c4610911ac4ad95

SHA1
3497e3f60b30d4839ce12d9170c84a15bc3f2215

SHA256
dc7ef30e3cf4b2786da1b5f2d0d1e611939602f0e4a5da18db17d8e290abee18

SHA512
8188c8cfb4ef7065560777f5561f6b1bfd4c27d3566420db221e418d71e3d2bb19418b38737057a28107ad3a0268b38aca207c484181f4b972f4700cb9a49f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b94781cf54fb33e285e574158a1aa72f

SHA1
ae428623f8a75ba37210b6f1163f05a09bdda2ca

SHA256
5cb9b1399c1f0e447d899f0fd3b227d90b8ae9410d0234c56ea313b4dd3b2826

SHA512
170a6cd416e774cc337082c30aa4f5ef9970e68b9cf595dc5e63a1378e200eb9825cc4e2a396282ae662c3ce20279b6f94fce5299bb1d9769d3fb31da6ab1cec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json

Filesize
38KB

MD5
a2aee746ea7cf09ad5afe56f75980bda

SHA1
b596f5fa4523cba0fe25ae0756f904788f5b614f

SHA256
7077e6ed25867a6e1b936cb1b096067ad592c9263e0733d2d85b8232609e86da

SHA512
0f8205d7c4c70ae86767812c8d82a35d98c009a6125d358875a50e8171f36b19eee8bc79845a2afb892eb0eaef45aa2f23281e37677e00926dda91c1355fd1bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
b29afe1da0f3e71dde3377897a2c7060

SHA1
b10088e96df1fc504fb31a80a921fc699ef1b724

SHA256
dc757404da1a507d22bc0b05eb11f8d1d1e80aaade19f10d2ef87f1165fd49d6

SHA512
00f7ad48e42ea4c86b5377c977a8f3894c87df380448ca638150ef85e491e8e3ac4121ce0866113091dcfb2271ab3b159b4dc158926ab67dfc53d5d648071a1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\AA93.tmp\AA94.tmp\AA95.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
7KB

MD5
c1864758469389a3bae6726bee33725f

SHA1
cf0fb136b906d8dd5573c92d6b8e5cb80943804a

SHA256
a7a489576315a27808ecfd226073290fa18b15060e3117fd0c964fa51baab9ec

SHA512
85ea2308e472a0b65ca1f4462ad54b0bd70727d7b597de528fb8427cdc91bc7e4a7a2a1ffbd9f92b1200f1759192d1adb1119105c145ebad7b58bd6311b1d8fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
11KB

MD5
9279d5fd00fcf99f61c43a866bf26146

SHA1
68324db1c84457f26c541ade9b90c183658b0e77

SHA256
5e0b8532b9b1fab807d79b23681a4f0423ea93deb2369e154b60bb28a327a875

SHA512
455f730a2cd98d5d391f6ee03a05ede65eb0fad86eb29de5df55d70b30bea75fa3b4eb9d6f2aecbd50efa15c72cd85011551a7ef07d0ea1e4fca37fad40c74b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
16KB

MD5
5a1e77a65af75f6979d4955fbe4c3a84

SHA1
b6b6ad475392e662f7399486ac03f503fd2ccf62

SHA256
55f24fc7ff9ef68abe687625162dda5ec7934438c25af6a9aab2df6e2fbd969e

SHA512
eb9d2855b364cde15d5224fcbe428b7f0cd57c44f48d47ffbe8a82b3ea33e7819789170c01d1b07e2f191ac9deed460a11b960814f396fe367fcf6f9e81ae392

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
2a8f28a6703d472e72fb698764deaeac

SHA1
046828fdc41b17aab3ff71ec5223f41c134c1267

SHA256
a0186c91a693b0ded487de0dad67614fa7a610b34b54b501ba9881bab0c820a7

SHA512
b530e6c4a9bc55d4f7e80b49288410fc679d0195ee511692f0358068495ec6e8ce2f69bf36c63e6a4cd7a12ab152c1451ebf1313a93e13cbb98a69a464cd724d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
093cd7eb75bab16b08ccdb03a77c5487

SHA1
6be6deb16cdc690cb43fbad270c639e7e624a448

SHA256
447c102f0300a44f0bb8d8c2a74686bcd2cc85c1a0dea51e97a228d4ea818ca8

SHA512
7f2dab204ad14bfabcd73f2f9ca850551aa170a339909b646365efeaaf6b5634cf7d072cd1991b5adb3a4928d209933955d5be21407cdc5b2b249a571c1e4e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
5abb11154286c0ae31c8ac1ace28d568

SHA1
5dade79efbeec16ad3ee5de861b602b944cc5750

SHA256
a83daceeb7cf8b3029719bdd9f2eb2c71502299eceb79d6a46bbcc3fc987b23c

SHA512
84a859b74036d5ed2ee0a9804cc1bf557b6e853e325233e0ffd7356eabaade5c910f5d0a749c56ab71d39fa035673de9a3af00f7dfc841bf59079696545e8f7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
181263aa64f1a533a9e404d66a0d6cac

SHA1
8aa6f136a5d990ef4f5c824621ba8c70bf736666

SHA256
1a6cda59ec3668849bf5acb6a996d5969d7083e7e2ded8dd23f294d083c3aec3

SHA512
f37a1306eafe568ac6bee84102ad5ffba2984fa0c862f2be429bb60d505454898da2daf1fad3b682d6fab1cf14665fec22d6f63a46dc4f48782c0d1d613c28d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f1d822c8600db268e87ceb47e5f2d8ab

SHA1
0c2ed2a9c10101ac279edc56e6ca66dbce394440

SHA256
a69cbcbeb456fec9c5d862cff2d4ee09378099c56b6660332fabd37611090773

SHA512
6f1df80b2d277991611260d24537151a610e0724a68c83d2cb949b38f52a9b7c248323e5ff5881511a83ec93d1e5a60abd1c47009cb63db08841d5c1a24d4b46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\3b9f7e94-fcce-4c91-b9db-89eed3c30fc3

Filesize
671B

MD5
9033a5332fab4ae6e83bc7da1938f0d9

SHA1
6c574517f7553796222296bd0ba144426ca1d8eb

SHA256
1cb266051809b5566f5ec4804b1044fcf7f3e57382663395745e0576098aa50d

SHA512
8b3492c0ce891e6f617608d87c976c1797b5481a29b373d72a3129c322926b86ea90017e5e16017df5f9590fe3457647d127cc6352dafaeb278f19653d9aeb6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\3db4de99-148b-4490-8ec2-babe2244a61d

Filesize
28KB

MD5
b5c218808b68fdb2c0c16f2a45ce2c91

SHA1
0cc28a03320debf077a0836ce51941a20e7a7680

SHA256
8eac574350898834fb8480292420bd4514b7633ff20cf4317283c109ae5d2c0c

SHA512
f7dc327209df4f157303c97d2be597731fcf21382e7d80afc87077791458a8d9b28933ebe51211e2a391180224875873eca5b9d92950426025968b68bdf37f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\d6cedb10-2aea-43f8-a148-6c7e8a17e86a

Filesize
982B

MD5
f3b451e472e380ee3dd69d6f7c340fbb

SHA1
63d8c6ede983a4417d6076b363f22da404a6a3ce

SHA256
d8c2ea94bf7f7bb29059eddae907a029d4cec645bfe560547d3e3e032608a104

SHA512
9a64614bccf385004d0afb93879cbc661de42f12127dad083d74be2042c0f4fef53cb2d2d4c8f6f5fd0e10ac2ed81115b448a16305eadb6d7c763de6fc4f081a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
a853d920feb7bdfc462db693b82f7adf

SHA1
5fba7e4cf5bd9831ce3d4799f1e66ac7adcc562e

SHA256
da50d7928ce61bbcd2e98785e9b44cdc709f281059253d8b2f4f7281556f93a1

SHA512
8b400dd32347cc6039bb4861b9f234ca425984501d37b48e232d06b4646818507a3315378ac2c032f050c60ef8e830e7ba62dfecffd08a6b84ee6557b487cf77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
1790c3083325ac1f24d3aa96ea40a641

SHA1
80192a038e86db8944c3569d870b45c6fca7705e

SHA256
c1c62b16dd6b33a8a8137f1938d8c139a7ed464ba06ff674470ffead82dd0a12

SHA512
083bec9bb5c6fb75dfe4085c2527530742b780d184aad0218151e332da36ba5584042f6089a029282e94eb9fd7e585a06c0b3989a5954c228a2787f0d12e9595

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
01191a60fd228dd3e131a16fafb9c597

SHA1
19f1db04a46fe30f0c57f5817e56bb08ba081a46

SHA256
c8113263d4d0e104a4db71b35d5fafcf7222fb8610d0ed9d5b00a478c39e2446

SHA512
3251e9248f3bb722bbfc670694b14661398bf77b5cfac056811ad810dcebad1654b8da4b1c41a2b82f2b0baf58d51e937f7140bd14d9764b40326a1939aca715

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
1701b1fd93721007e4e07f7c88ca0ab0

SHA1
9b0785e25166eae650dd22ea37772f53011b3547

SHA256
9b3955a560d77f7a942383ed528234737445b3be4bcf667e2bc834f83ee08eda

SHA512
5ae7c87c9962d79c8e530a7b33705a0ef6e21699d37cae0ceca55454771802c7d7ff5d00127acc441db4998e7b18a835af5ab4ae89375acede0b50557c62648a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
c834f10956092edab91e0bcdbf6ab422

SHA1
651268a0b1870e4855271d59b5a48b2f8543c0b2

SHA256
ec744646081c783a6be25f33369e3b8ca796e8fd9752fc7b36b76b34f0d8e123

SHA512
011bda9b895da7e1c3d0c3aa87692afc731879467f33f0d49bff895301ec38650e808a24c0a1350cfcf8c3a6c115a6e368d29bfa70b3268c1a4c519c0b7b4530

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
20940abf4bbc56141b6f4c9631a10aec

SHA1
01ca707f8b6c5ccab1822a979c150df592656efb

SHA256
cef3cc99a11107abf5879c69cfaff25be94e39241dc63f9350959ed71f42da72

SHA512
b35ccf95ab1cc2a72cf1300add01b59528a259b4edc0e462b11d0718003e3984dc81cbc5aab5f72693880ab507637703ae0439a50e2b1fad8617b28035a2b397

Download Submit