16e82e279e1dd906532533c41f94d6b6a1185b81feeb4c9c499dcaa346f79ab7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download - IPTV Smarters Pro.eml
Size

2.2MB
MD5

d03879fef0a565418f368cf821b77300
SHA1

ed81838150f457145b35cc2e247b191b091e9399
SHA256

16e82e279e1dd906532533c41f94d6b6a1185b81feeb4c9c499dcaa346f79ab7
SHA512

392a21fa5be5bf72c2bf0c4a2d02688cb7278c2c7e2ef65975c94e319abf604d111822b2d07a0e54cc0658b0a626f8398d049937b00533b7c221c38a1c818031
SSDEEP

49152:NV2arqLavDytEfpO7+FmX46yR9ouGiu4fVKG3YFbe:NV2arqLavDytEfpO7+o5yMZUA0Yte

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730433105335019"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\download - IPTV Smarters Pro.eml:OECustomProperty	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe
2984	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3960	OpenWith.exe
2984	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 3052	4128	chrome.exe	92
PID 4128 wrote to memory of 3052	4128	chrome.exe	92
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 1976	4128	chrome.exe	93
PID 4128 wrote to memory of 2276	4128	chrome.exe	94
PID 4128 wrote to memory of 2276	4128	chrome.exe	94
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95
PID 4128 wrote to memory of 2364	4128	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download - IPTV Smarters Pro.eml"
1⤵
- Modifies registry class
- NTFS ADS
PID:1028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f16dcc40,0x7ff8f16dcc4c,0x7ff8f16dcc58
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3804,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5132,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3528,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1120,i,9153101136332328683,4216052099929946551,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce9234b3-8766-4bfd-a196-b8757a3e4832} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" gpu
    3⤵
    PID:2896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {596351ab-0038-4403-a0a8-de892371fc00} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" socket
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -childID 1 -isForBrowser -prefsHandle 3360 -prefMapHandle 3352 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b90ab66c-c8af-4fb2-9722-0e5eb00d3645} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
    3⤵
    PID:4296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4332 -childID 2 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a8dd253-8f88-4044-921e-2133eb727615} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4932 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9808ef1-8211-4e06-acc7-cbf4ec4c418b} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" utility
    3⤵
    - Checks processor information in registry
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5188 -prefMapHandle 5220 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21df6079-5b0b-4864-ab8d-5a10e16f22d9} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08e0fe44-afbe-4abb-9a40-5f9d49cef660} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a69163-951a-4862-a5f5-c6c58f35e646} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
    3⤵
    PID:5752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8fa73f1e-3f2d-4c9f-a93d-536734106d9a.tmp

Filesize
228KB

MD5
f698f284f28448a00009b5648f119a63

SHA1
e2f9d526606c4f68c24d5339513f4f79933485a4

SHA256
6f2f6c12da6e9b96e9190bca821aeafd59b3e67e88e1cf6e13b994a34be53988

SHA512
57618b2297f9af5cb424f5cc626f035f47f858c0de827c22da01632495b0f7b6e1efa1bbf72e5616a360f410c216f1c15e3e53a74f241000c0909f9cad8ececc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d23a900f0f0010ebbdcd6f8775dd2b3c

SHA1
1b971f50e3b6e414336a5bac2c8c36ded2a3449a

SHA256
eff7d6ee0f8a56d11c6cd8009d2814c090fd51f22a4879fee4d40db8fb85cc47

SHA512
e473bd766976cf724190cdc52675f76de65a64de014566d4127ac5c697f55dfe4a924bec5bfe83656ca2b215a41462be5cc0e6e2c445517d3bc75fef76086552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
612367008c9c7079057dae843a094097

SHA1
b489e113960cf70432d77631f3745d9b52f8118e

SHA256
753f3387e679b8f589738aaa836d824f2e9d936d52aa10771e553e0fd8601bfd

SHA512
3a0dee63bd82631598270c4b5629de9461e818b7701f3947f8f34d793bbe0f8e3d064e2361a79ce5da337a43e25022ab24952ec477f960f4693999e8cdf0e854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d43f4aa211f0d9ffba0598178ae038d1

SHA1
f2308be06764090c1f3f7f5315bcffc1b7208382

SHA256
ce97bc35b72946b1bc3acb49f994a61af53b11ea05b7cff677844e71f50ad5ac

SHA512
14b78d8c95ffb0e28bf3c8781d63254c02fd5d8e8591faca4b91011e1731963e3f5bbe11d7c9cc974d721bc9bf8d582b0d15cd9d45804afa6194c28e763c02d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd1bec4aedd6b059a35aa52438a2b52f

SHA1
b1e49e80a10dba15a7775c02a6bb4249f5f5077b

SHA256
53382979581c71dfc3fab8e82586c0ea95efe92f722429d40d87402548dd5f14

SHA512
4a5bdf1c5d404dd782b2673ae6b12d29b0e199a5095cbcd259ea2f3a0013b4f914c2e33aad13eb28862dbc9587ef6d8457ff7207b0a58a9fe6c4542fe91dddc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f36197604006624fc3e6a3036af0c22e

SHA1
4682aca7cc49259bd1438f8d954af80c4979bbe4

SHA256
65987feb7315953abb6293243a92899a117fd81281fb663574fd247bc1b5f7d8

SHA512
b219ac9cabdf1e1df640144d2486a64f8cfe2bc585df27469966012db4feaab0d8304c8ba909131a27dd5d6f1747dde7e0f2d155353576ea5ba38b8034c48953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ef5499164e122ffeed754c35ba4829e

SHA1
f22fa8d8951a8f746714b364825261a3d42ef4f8

SHA256
ef20afab4cfe8600b7c0153f6d04bdf95ad1e55bf9750d5ab43ccab3a61f5246

SHA512
6307fff690eba944a2aabad50b775d2bd83d5416c1d7627013a21aadc632cb63f870b4ef1e434caccba87c2a42145f7198b6f1032bba7e2d40ee0b4e08c37233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c8f9deb125939ac681285bb84bca59f6

SHA1
d30bace4f0ee3c41fb83281c6f1977d80770e857

SHA256
f260dbb24d739516fe60e05038efbfffa8dfd68db62932f62cc482aaf38071a4

SHA512
33bd16d79db30c0aa6905f9517e70ade5f6fcb680c38b333fa5e06c9e24c58203b2aceda6a87927ccee0847d92671a02fedcd0b781ef2af08f874422cf7aa540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
254fe4f708bd17b1382481ca93b22933

SHA1
7381ccdba6bb0457b7560ba6f33c3808274f21b5

SHA256
d6a0fbb8d2382fcbedcc64e1da6e1d9e34ea9238868e7ec507843bdaf493222c

SHA512
35320f1e1bd2dd752375e1b8cd9d2ab2382c69a5dc228a9f5d4cf8d5c6dce6c03f89725514b19b641d66f51ebbdb65cfd7af38113bf9bedb5232d52758e97fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5eea5d1ea818945954393ce1ac02ccf9

SHA1
6bbc9a54f75883b079d5d955987dd04dc89d9ed2

SHA256
248dcff5028bec783b8435d89f7cf06f500e448e144dac4397b6cc7ccc112374

SHA512
d36f4d0392c73cbcf9725135911279acc459798e808a4f4f643af4bf53b3291540d2e20e9d6cdde43af9a97a68b6dc824e0757bab9641031d5d4d66f0528a031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2df9ca21627a18766f97dfaccbfed682

SHA1
6187e799a056d68bee8ee676e1fd32c54a13b51c

SHA256
76375072cd0f4afc599406a7998089dba48ae1319e60120e62c959cf1a1836cb

SHA512
977f329fe00de4da26322e9ca6e2593029333b79fd6d20228214891d9d1327bb08b64a060c7a0a8835853d0aff0425909aaf07c93bd5fdae93e2cf05a45597c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b129aa6754a93c58c3db313254506694

SHA1
99119192ade6ecc5f9a2023a0f9898d0f8b2a688

SHA256
68f233b04a97de0bd152c08887ea65e2eb8c1a58b5632341d9feecd91115110d

SHA512
3a4a8c9d2bb2fead2e88846f3b14dc80f8b48a739edb536fa7dd9dd2811ed9be7344ee4a9d470336c24099935db7d51f6c0be31e234a9cd623f95f2c8a4cf19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d4f0c7f2d52855db188177f2c1f85ee7

SHA1
6ac442d77156ffb52b43d56128d956226f18d4a4

SHA256
ff71d07ad6d6d444174e61125ced3aa5bc050800184af770f4e75aa7900d67ab

SHA512
22d20f1b130cae3d64d08a1f45d122e16f87e07bc3d3e8163e79dbf883ace96d76c43a663e858136ea1cc4e6486f89fef3726be10aa2cd36dbd53a8bac077fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27502d6fa3475df1732a0517ee66d8f5

SHA1
240bced8bf4c46799b2806125995cd1dc1110c84

SHA256
810d2f7720055134a6066685da34620cdb863066ae823ce63cb434b2276968d8

SHA512
a897d61f6a57968f25131f38e81cddb05d9f2db4ee96b983786a2c3ec4efdc3ba6ab89f648cb8d66c0cf62f540af103933cf54b0d591cb51e308002bff4c74a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48d7fd11e6c96e155583fc4d44743dc4

SHA1
12a500250d47f4499c4037583a14933e43414ba7

SHA256
ef739aed13cb0f529820e95b9d6d8fdc38239e6de5a874f73b8bb1b69dfdfeb8

SHA512
fa3b5e09b4c32e822bdae7d2029c13a9270b136d72f4d3253864ac2d76a0342996f3e9e5dacbe771221a8c0fcb25cc89c0e169ed329534eed7aff11404646947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b8181c9849c565734299235527364e4

SHA1
551c2e8a4f2bc7dbe7ed79acd8ba7372406975b5

SHA256
da7ca61ecdda8340ca9fbe4964700a9185a517d3804837028200c3afee097651

SHA512
650cb1a6ae42b5cdf3a430c17f538c9e169a03c0476fba8e95447fabf7a3089c2dc507b2ee6da43ae617242a2d700c495ea98965a3192c83fda80a47bd3d4993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
618e03a9db8a1163e47bdeadf9f1fff4

SHA1
a879c2d6d1afef0f433417ea1baf3b04ffd6d738

SHA256
3f5cf2493fec7f0c63b77a6766d89fb4328e5b749d7c30ace89464f3c57268e0

SHA512
3b9c9c8e8abdae8c2adce87e204cb1c3cc7f34a29e35ddd23bf8ee2d5ba3f3f7a98b9cce283354b138ac02f32fb31948b721ac7d2e44b4bbdb2dd491958ecfc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d25c2c9cf54d194e74981ab1effb991

SHA1
ae7e3ea97161d3c0948bd14b59ed74e7dabe5dbe

SHA256
c9a3b44894459f876f206c43c5e33aea20793ae70117a3513463c667302bd466

SHA512
a67268599e0b47ca537f3865076f26528e4150ebe70199adeed1a09e90245faae00ee39dfdc4228cf13bea51f1353ce245146fdbe5d3ea4884dee80f64d98310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc1d821ffc56981abd2535e8b1b0cd0b

SHA1
96b6f2955f2d3afae8be05c2ed2e0bb88294445d

SHA256
84ab0e485413bcad0ee4f804a4e898f62aa26db3fa77cf6d72c5dc4940426db3

SHA512
9872d8bad1b166875c3801319361b5329a6888b1a3a0034392cdf116a1c221b3c8157781797eb23e17f0bbcb7e48c220fac8a90d495f310425cebfc553b43fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
153d9f38e84c150f9672836567749b6b

SHA1
b938e690f0919ce6b73f80f4c0ca6b51c1309f6d

SHA256
e33979e1915e2326eacf4493b332044f1f31f63e631ad7d311c7175a4492031c

SHA512
85faa65b188bdbae605422a2e328bceb722d3a1437ffacb1e85bfe1f862895e6b8074145927bc5d019edfdee20855b1fa1c71b28b6629055bbbaa13c24fe2a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
722adab7c0cdad2495e3fe9a5d981b10

SHA1
d167576391ad451a68081301eb559d70b5319566

SHA256
432267f9ab7f2818c8d251d0359c05f3d15bd52519515054fddeaabd4b614f35

SHA512
1f304ebeebf7dab01181a779a6ba147cb914d7d6c483425c80e51b0e3ddc17a78a8c1cb0bc466271b98d7ce778d916bcbe574014c5aee0e8e2b200c7110126ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
99e73583d11d2fc09ee81c27048432a7

SHA1
0f4acb1bdf8850f62ccbacf961898c61a1dd71d8

SHA256
378f27dadcfc46e0be3f6cb73ac1258f73156b08f39346392448870026d3ce38

SHA512
d51988426d79df9cc58ed3848bc022f046eeb3ddf436ca9149cef70328e702668d463311b8a1cdb7908dd5326bcca1c4bd74cb87ee3e1af883abce1e674ea463

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
1f711d2a0f4e2af1a1d337e1e88f19d0

SHA1
1e54740b7399835a1e5fbfd91470022593fdc66a

SHA256
6d77e4292c020aa6368a260bd73f59bbd50c931b98259795fc606e4112c683cd

SHA512
328d76b2cb45aef276157eaf59b0f299b831d25ae2e8e03a93bcea80cb3839cc64b0a13e8c1878014db8c33a7d3c8d0f00cb93b2c1faf3ab31ec6475ac8b2e62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
41e2027299cfd7ec2b50ad420f3389d4

SHA1
123cb82c56cb6b925de6528eb4fde5b4dfce4299

SHA256
41ec64e9d3bea57880152639c35dd108046549afefa355c49ce9f43c2c4e7bf1

SHA512
3f3b3da3aa8f1598417d4992f8ba36b8711837f1ab4eade39c3930f2df3f95966a64e414506dea11b7eab5f8e7882415b091dda46a0d00ff23dedffa350b3646

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1f9f316fb08260ec2d4d34c3f7111667

SHA1
418caeffedf9eacb4f9a38bc6f6ea72a5e655827

SHA256
0cc8ab1db4e711351ffc86f56ff95a5688b36554c7ef00fd13433f305dd923c5

SHA512
e1f089cf80fb7b0549721775d429e2546c539a63469b2ca22d827626243724b879474b6011583a13f380827940dfec929ded6a8b2e1002d2a81788643ab79db0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\223bf8da-9715-49ad-92a4-ef4c5009a5f2

Filesize
671B

MD5
5e6be56f4abea4685997e2238a63115a

SHA1
82f6641b67ae33946f8fce54d711e5d8facb1f5b

SHA256
06f3693c5703e4ef12e4ad275321f260c654339747bab7a913e6d3e482a022b7

SHA512
b502c639ca6bae60e73803e463c298803171bdceabd8b67fde4505a4dfa8d8780df82ce153ca4eb19c02a143bc1e2219b220d069e3841d673089d824ed4d1a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\a1643f52-60b7-4f72-9d20-9c9c570cbd87

Filesize
982B

MD5
82e170a1b350327dd93fdc8753990bf3

SHA1
702c40d811d1bc127ea61c29c029caedf35b3c3f

SHA256
1023bd042ce10d2eb86cdb1adc3821694fcfaf96a5151838e1860cb6dd39079b

SHA512
ebc7cd54a97a4f5c0010ebcf0fa8f75576758347a527285887f28673b4ff494cd314fb25664d78d2241c7dd1f791fb1a1b0bb31165e261885bace9a65a34d825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\f5dadf52-a619-45a5-9462-44137badbf08

Filesize
25KB

MD5
0f0d53de1023bb9b05b4d259c7e53e51

SHA1
f9c2d2fa2ff44925c59104a04616b598422662b7

SHA256
a2d6b41a5ec6d1c06b3d10558e8776bdb4e8aaa3038876b7ae15b24668325545

SHA512
aa5b25ca0d9f5df1ef054faa9a3c3fab27210bbbbde64d8922ae7ccf8e223afd705f269ddabdf43941ebfa79e258816026d759b5bd98a7e9651d43732decb836

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
59b56fc4cff957b14d33bcb7cf5f97bc

SHA1
0a9f54a0269ad08596941036d1153e8cd1ffdb5a

SHA256
21a2cb74399e7e57ccbf26a90d888fced08fd9f37805f11132d8a77016f2a8bc

SHA512
add620576fc42eb3c4400c2e4270714af5f09a08eb8883023cf4082c4fde8cf84871a068ddfdee9a508b46cb3c3c5f22de35c67935cbcfb55e7e96d713a3fb6b

Download Submit