hxxps://drive[.]google[.]com/file/d/1YFjKIo3xkBgLwZM9hw4pFgG8mGaaWB9c/view

Analysis

max time kernel
189s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1YFjKIo3xkBgLwZM9hw4pFgG8mGaaWB9c/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715100821495420"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2172	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
2172	OpenWith.exe
4656	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 4292	1408	chrome.exe	82
PID 1408 wrote to memory of 4292	1408	chrome.exe	82
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 2660	1408	chrome.exe	83
PID 1408 wrote to memory of 4708	1408	chrome.exe	84
PID 1408 wrote to memory of 4708	1408	chrome.exe	84
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85
PID 1408 wrote to memory of 968	1408	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1YFjKIo3xkBgLwZM9hw4pFgG8mGaaWB9c/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed34ecc40,0x7ffed34ecc4c,0x7ffed34ecc58
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5076,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=988 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4924,i,546902703636175758,18148538948733870550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2172
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\halloween2023byghosty.rar"
  2⤵
  PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\halloween2023byghosty.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b928e70-e8a1-436b-a304-2a36db7131fa} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" gpu
      4⤵
      PID:2740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0a1b65-63c5-44f3-a410-8aee912a1fd9} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" socket
      4⤵
      PID:1960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2928 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44eebe3b-403b-4e52-b2c2-6b57bce9d9f0} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
      4⤵
      PID:3472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 1396 -prefMapHandle 2896 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b22c7ccb-57fd-45c2-a7f9-a0ece8a59656} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
      4⤵
      PID:3260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4436 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 4396 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c470b2cb-25c8-48af-b6f9-f4b6e627c45f} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" utility
      4⤵
      Checks processor information in registry
      PID:5468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5400 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65838bfc-f1a5-4e97-9522-bd9ce14e8a1e} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
      4⤵
      PID:5576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5636 -prefMapHandle 5644 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3a4613-5011-4c08-aa5f-d9f399363c21} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
      4⤵
      PID:5636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff9b1dbc-b8a1-4e23-9031-e4023d69bc37} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
      4⤵
      PID:5548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\halloween2023byghosty.rar"
1⤵
PID:5236
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\halloween2023byghosty.rar
  2⤵
  - Checks processor information in registry
  PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd8c0b8e57e578c9ca90fe643763e137

SHA1
c68305e1dbd44d94bb436aef2cc825cca4cf7179

SHA256
32cdb95e79ed5a8dc0d0ddc29b6999fc596e81964e9aefc164f4abd06ea96994

SHA512
2f99994a6d59a49af54dda9ab828ab9f80b6f520b9f0dd349e393bdda630fed42dc4a657f910e4628ad03fc9ba1712826cc30e4d1d9a8d5a71069049da78d37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
72fec34b2a610927aaa11863634cb40c

SHA1
08bb8c19e975b872b4dfdf80f623eb3f013ec067

SHA256
0635e5cfa780460ba008b105a3775df448f044089fd9b043ef7acf19c9b80f98

SHA512
13ce9681f29b03d2487d422f3b0a6735b79b3f7ce47840bfc27eca47d5dcb394168347767051829c8550c77458546e3aa5ed04c64faf0f0a9e4ac26a8f0b5b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
97e775bb909c440e1c9995c5a46a49b3

SHA1
611754768ed4e633a4f8569b0bade33aaf70ba09

SHA256
431e31f9dc0700e339e2d6bc3a23690778973c1c2d218585440a6de986d28d3e

SHA512
1f0f4a26fb1862c08342197de4179e19dd5d5a5ff18caf9196755855207cacfa1a582cc6e3697fc7d0cb5331ee2108b8fc53f66ac19f022080ddc5e2d7651b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5e54d8c42d0c7fc683e007cf4ad6bf45

SHA1
2e84457971248394cdaa0c64a1b5b615d4b8b3de

SHA256
e68abf5cb968287c532d7e04de34c3c055cff2aca64df7d6b73e40a8cf6f19a7

SHA512
9420670d4d5c1384016cbae565bb227d480e8f736f5eb7aab75411bb69eb1a7ad8da6891e2432e6b8a4a6086e42a6d9bca76b87d3a129ac3e5ee46eadf2d3ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b6b4202ca3f32e21532f17a4c117d15

SHA1
3cfdbcad8e2fe4c88f596dd2012218cf4f9a7a36

SHA256
672b1cae05377c544a5e78781df17b492551d4afed6e067ed3589b3762ff6be1

SHA512
42d9b3ae023afbacc945eaf60e2d3f971632ef7b156932184b41c8ccb8b5c037100f9cfcf56deddad0b476cbf916cb156d3ffd64d1b70d4614816a407ed54bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae517a7b9c49f5eb74e18f17f39f4280

SHA1
3907d0b8d247f9293687c4c771f1bac6fa610da9

SHA256
4d7f11892c659d3c632fb1a4d5e12b7e2a251a2fada827b7e22bc261de8910fc

SHA512
51db47b346330f3935635d5ba7082103d5b801491982a84a8f23fa0092b43ca78f0667f0f4aa5feeceb6c9190580dc40fe4bcf2bcad5687ef68de148c45d2a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7debe31874b3730eb9407b955904db07

SHA1
76f6a6846d08d1c6c46238690430764258e3f84f

SHA256
15d1a83a997fe8eff56a13acc586aed1af8906e3cad3adf80c455e16db8cbc1a

SHA512
18d551fec3b156b5ee5e7e6f8bf332bcb0f7aeed7bb2ffc083fcf5a4c15631b80a25a005273a7f8cdf3ae7ec2295bcc83e5efa25be8c151765b0045d8d6e1ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e992c6694309c5c113f92d17bb7d7178

SHA1
2b039debc3e625f3e3814596f0f3ae83143777c3

SHA256
90c31909bbebe59d89f94835b575d3887626341a26508ebf87fa531bb514925b

SHA512
f7e04c9a8e240c8e6f76d0b1f5f36c780580376cb038bf0925bf616858ea2e5528916dacaff9af6e7b86902bfd8f755b4619a637e40fe87df4d9f81be0dd30b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f82363597836a3323778870c4356d62

SHA1
2e72a2619830662064e2c5b2803a95e48bd53b81

SHA256
f5b9f5958567f7ac192e85050cf5eb2f4bb6fbf0e10877f716bcf962bbc999f3

SHA512
46762c8fb6978cceaea0f8e13f0cb0af5036442bf641f571430645f822d63ae651a4ece7043ba34cfb10170486c6eea4749199e0b65b0a3f7b874cdb3d893ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52d733d56a9960bd414014b947839231

SHA1
1b30a1affd3bdcc963e762edfc0b46feb8eeb5d6

SHA256
aa13a63dee673d35eccefdb53befa79067603e856c0b665de64623064facf95d

SHA512
dc7118e8c333503b350e5f2ff890a2285b34130c6fae142f2f7641d391572fa8db94e0f0a3728a0b5cbcf1b4f2eb007efd291c9232b7c06015441cf0fd7cca79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f34b69217a7b87bdeb9fab24677865af

SHA1
c2043977c5cafd1f43d5af9d896324226bb9370d

SHA256
c474fc9a110f83e64f4f91bd1c5347ee8f293d0d5d267a796fb3a09e78fca18d

SHA512
a6468cd7d9feab48a1fdfa838bc1c8c1dba3102a268016994bbd3840f149bb427672b2ec9ae62e9fb1b5983ece92d59f33b57703165122677e978ff047221258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7560930be9d99e5b5e13b16988b6db5

SHA1
8e8c490ea9ee2eae257893acf99a9c06761b9f48

SHA256
ece0efc439ad45631b22f4ebbc2625a7dbe2dfc2a26632d8a3432d196d622e1e

SHA512
b717d5728a0566fd68f25a853c1e9e3be4036dc1495597af73b3d52ebd1c47ae76326406ab39adfc30261cc6bc1c5ba160557490a86403fe00999f29de12f32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94110d3cf4fc0758a2ed6f8133820f1a

SHA1
055d6dde08fdeb07999616f2eb29c5f25eb1ebe4

SHA256
37dd2b070fee7fddab59773880f473afe1110439e2d4f8b1d2e570214e1bc55d

SHA512
708dcb1512f0e6c08cc540b41a5b2303c4c5de08779c31b0064aecc6687886be1a3aca91c7c530878969030aaa4f167c18b3df9994ba940f1133de4bc666bb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3e37ee7f6070deebfaf3bdf887a02e6

SHA1
1c3da13ec64abbd180d1ce6a66e2d996674bdfc6

SHA256
ec313f00ba59e939f4d6aacf0cfcf3b145c65bfad12638e69ad4293deab7ba48

SHA512
4e4c4aaf5cb95f42ed5609a4803e8a23b29e9b45283e8aaafe902ff2009283986c91478f843b3d8f075f51d3affc353a025cffeaeb5c88933b743bf2b17865ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
430f1622d97dc8187ecf24ce2d52e7a0

SHA1
021896035f3b899974974ca1c00fe890ca9b9714

SHA256
a19c855c0c2475c1e926a9a804feb634c06d77b4ddb5d6abd361b913cb69eb05

SHA512
741099203f662a022222b4ba5001abe3e5d78dbcb85ccefa28d25019f7aa2de2de4a5a1d1edde0a2db3f865fcd3a4b882738c1c19798b6a4aa74f48f9fde209c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdd055ceebb30bb73831cb041f28dc5a

SHA1
1541f5d45295a5bb2ca11b45a94237edeb7ed9ae

SHA256
c384c2b9ea91621cab0a41ed5ab6aea0a3e44437ba69adbe3592b30e29f06502

SHA512
b370c9227128d8ed4e82c5547886d1b9bf91dff19077b779107e44179e2d572ccba32abb997275eb604b8fa376ff866bda890fdec419cc84364c1f21f4fd3503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6fd8fc738225cdd743a55c0c56a827d

SHA1
dc0211adb36e609c27276d7d379b344676ff9002

SHA256
9b207946078d8e968b9fe376c6d53027b2b36d7a222e4b976f82f11c12a08634

SHA512
01eb7a68019157b52c3067d9e3027345f4f53d4c62af27d8d70a63a450600337dd8055b84189adaf2091cdb063890b2755a3ca4be1a42ad1d3367940b5130cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
585a7216eaf383d2c9eb9e72b965b5de

SHA1
bf77a4e1ffad6c422f79667675874ef967ed4e25

SHA256
cdccf58970eb23bb07e28d92ba358ee7b5cc4725812619c00a498e62d06debcd

SHA512
c1a069bfe1667ab593c265caa0f1173cf9dc1a1e6336927d38ce98d7fbf0c7518280150a82d705b2540922fc9fb4653c10d9647033d2eb3c72b54c7254f2cc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e20fcd02ecc42584469485e476cd0120

SHA1
919ec205adb97d43438a205400007c9f7e0ad90d

SHA256
97292b11866afdb61c145c61180df0c95bb921c33bf324de18f06039e29146c7

SHA512
73d99340c89455d665c967e1c15f4216a86eb99e0a9fc079c63da43682d40618120bc3828f244cd00fa840d3c53f666c8033796862c28c10e3be81bbc477ea3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
091a515de91e1209cb11c1d1bb3156da

SHA1
3afd93b6642da86cb6b84ff29bf5e7a5e682d586

SHA256
3443a41d839a33e7e627d9ca259511a108a3e2fafafd7687de4e93445ad6701a

SHA512
18a615b5c1e234a657fec9b14042c63a0d60a8ee035a9bdf24764a0c2ae18c735daec5fc29bb2e8b4ffa8f9c1261be34dec4ae696c5067a23a3a4c766a2326f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
6KB

MD5
ce9310fe8b89874266050af815a70a9f

SHA1
192f4bac5455e383a4369c47c9392890ed4d6c95

SHA256
b874294695e9b10f9417a9050b07af694b7153bf25b325ec15295e6be247c7f6

SHA512
1289f86e2cb30a8c98ca0c7ac125d19f529ae08ddc7d7a69c047af16672be046de8fa962f455217e81aff0dc11d6e4d3a3c04a6cba364a716a5fcb76cab45e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
8KB

MD5
5dae32f1e5187ac7aecfd3b1815334b5

SHA1
e537a2bbfc802f0cb07075ff99227ec3e8e1784d

SHA256
a39e4fac889f9c7dde31f09c43ef7e25ed0773c332f36d54e0434a65a9c3ff19

SHA512
7d4683ca3073278307380cc41caeb9230948f106fe15be473ec239edff3fa3664a3e6355a2be9a0a1f0877cc5547d87d5211c1807fa5d408ebbdbb83f9ad1489

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6832e2a15b9e60c24c1577040732f2f0

SHA1
1404f8bcc488872001d42bf73215c23afafbaa30

SHA256
d14b26b6cdcce4cfa28920713f5a2d31d88ac23697d5dd8ed046afef4c7e93be

SHA512
36bea9e20428416e4484857900f4f329df0f0b2ec6be3334b74989e76d635205452db5579ea03f5750111b91ccadbee6443936c5a260870777eb5587a670fda9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
3b85e1397c3f7b558028b0ff9ca3ee77

SHA1
ea392abc7089a4c088289000027de139446af0b9

SHA256
1f7a5bdb327024f736662599e6d8ffb9e3f9e1152fb69423c7898dd51f39ad7b

SHA512
18a9a33ed765bf9d503de44645e75bd36ad867ab7464a350da4f514e9833861c908ae8230d9387e44bd913cb481db9aa8d935ea37fdc3707ee6358ff577b4aea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1b8f4d9c4be21e1ccb970973c17a9159

SHA1
3278ebbb0627db36e86299b04931c6db8b93061f

SHA256
e27f40594391a542ec3bfa73d9b5ca8cfc33587569076180a36ac90fc72d0da5

SHA512
7aaf18d49119f3a5f14ffffd24de3f0eb801a3f315a064bdea61736910d3130143d4008685002246f9cc9cd34e5a08226eee834fda527b51e8fcf8c32455129a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
15fce3377858f208a9d9f37b4dab07e5

SHA1
ad4b0ee5c31b0f7ab810b0714891c34f1e670953

SHA256
86710cc0b8afb928cdbbfa380bf54606961f918675d6297acff4592c2420f7c3

SHA512
e4f90122b82e0a47e48c577a562cf8e0fbac5ae4c3255b1c9afbce7042cab39e3e7911fc95a9ac7684702192fcc16a53d38e2e4c881a46d0d7dac4c3caefe9a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\2e6a0c3b-4dc8-4f03-a58c-52786061de5d

Filesize
671B

MD5
843ada95f0eccae5dc639c6ec96b7305

SHA1
b17fbf073d5e4a41f7e36e7e79a7c311250d504d

SHA256
33cf7f2cb4a12ca2ea379877b03795ab247c461cedbff4c3a09ee5e28b84bae3

SHA512
d7e753e139b51610e033be4425c6b233f13d77d5fff0297dd7b9b52eb7823d2a52f62f45187e5242f7a24d629dd5973d2eb353dbca9c81a22bccff26b202e3b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\3d81b80d-3ffd-4eeb-a6f3-5822e31e0413

Filesize
982B

MD5
81bfafcf8fbb0640694bcd2ffed9fe45

SHA1
dd25b7a93e8a7ae38b643f4539010cf7ee1121d4

SHA256
77f449fa7a0672a6b9f4edad03a16c155a745658f12f645ad4ac35078cbc56fa

SHA512
81eebf43db7ab609601db5107a70331901dd9822bf8893b54e5b1bef93c3a06adf506f2ede6fc03997cdbc1935e66d8bbc45638b8499699e97886d1a2e1250ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\9575cbc2-5919-40d1-b4c0-2c872adcf1f9

Filesize
25KB

MD5
28485a6df328f9cbba76ee22a053639c

SHA1
141d62f3acf7336dd782a102ffa85d13434bd6ac

SHA256
10261aae49d81779a0915d9edae66b2abad1b3ad0b0d01c7711223291801c3d5

SHA512
12c25c3c1beab83faa4f046ea8edc6071ef041eeea3401006bf09b33c318f50e3e14e957ad506bbfaabd1590ac46c360d211c9f7fbe23e375c4a65b54056a851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
12KB

MD5
822ae9993bb461aa1bb8c4ab126d413e

SHA1
5a8cce8dab5d52c29490758ff142c67da6100ce4

SHA256
b989b8c0149094493e2de1fd2a0975ace340633f83a1a85809b316db94b9e355

SHA512
676e498984e04d2c7838e65b060e0b07b3db923182b3538cb8b25f87e3fedc65f5bfc340c4f20789482bc5443b389b0733ef95646cd100d3505299bbcb2f10d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
11KB

MD5
ba1d16f2d47396cea1d3dbcbefcfcc27

SHA1
021efa42bc67d76728bed61581363a84a7eeef7a

SHA256
9b5e4d157886990a75d39ff1f8fcc57376c7e99218368a87b4a9a264c6d5684d

SHA512
b05467bd0aa3b808a1bcde1058140d03c2014c518a8bc3c2f0aa4d8aaedd774c9d3562aa7b29f3f4cc85e3cb2c102f16b7076154821525c7b4824ab7db23ede5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
11KB

MD5
35e27ad9d8dfa14a72b556fadf27fc44

SHA1
083de43eb38f6f05a07f1f604876a19567d4ee18

SHA256
6b74c05a6f9b5b16af1537e39316ed7d16d75bed60807e9d97202165852b2c2d

SHA512
507a4d33615d22f00fee8eb78ef208690a6e1457380ca44cb244d8745fcd4c7cd60b2f8e0d29a88c325830aead62207b92e6c7fc02b8e51ec533e9739c43cd95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
10KB

MD5
3cd5bd3bfd2aa40f5a0cf70ac3d0a8ed

SHA1
5ba4ef221839c7971dfcb016e1b6ff09779fef7e

SHA256
0bc59a60bb2730d9dc8ff667c773fdf88c562609e262636d1969cc55d6c10738

SHA512
3665d034002099c1e570bb8b95bac203dc08e0f2af57a09875d5c0021ddf942198f73684f8c0e6fe2587ec30d26ed17a25d9f448767f093539ffcb47e3b48998

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4f27d2954adbc626312a0a0225b3ac0c

SHA1
f36f818822b6be950ec2cf70175b68baa5b9eacc

SHA256
7b47c1fd4bb425c66286cac9b602850435759088007004b49e0fcb585e9357b9

SHA512
717a257be7ee9a4be64594b2e8fdd61e4e9a99210522211c863750edd066aa36413e8040ca2212527ccaf42c4eeb489601a06668469ec0e0e8cbccf66411fdf3

Download Submit