Resubmissions

21/10/2024, 09:32

241021-lhmfcszglm 7

21/10/2024, 08:45

241021-knx9daxcje 7

21/10/2024, 08:41

241021-kly3wsxbmf 8

15/10/2024, 19:54

241015-ymst6ayajl 7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2024, 19:54

General

  • Target

    Rensenware.exe

  • Size

    96KB

  • MD5

    60335edf459643a87168da8ed74c2b60

  • SHA1

    61f3e01174a6557f9c0bfc89ae682d37a7e91e2e

  • SHA256

    7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

  • SHA512

    b4e5e4d4f0b4a52243d6756c66b4fe6f4b39e64df7790072046e8a3dadad3a1be30b8689a1bab8257cc35cb4df652888ddf62b4e1fccb33e1bbf1f5416d73efb

  • SSDEEP

    3072:kGXc7vE4k8sWJnmiWpJtCkGwJ1ED7qztG:RXD8sWBmiW0wX6Gx

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rensenware.exe
    "C:\Users\Admin\AppData\Local\Temp\Rensenware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 416
      2⤵
        PID:352
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExportRegister.hta"
      1⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      PID:2840
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68b9758,0x7fef68b9768,0x7fef68b9778
        2⤵
          PID:2888
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:2
          2⤵
            PID:2784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8
            2⤵
              PID:1628
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8
              2⤵
                PID:1808
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1
                2⤵
                  PID:3000
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1
                  2⤵
                    PID:2996
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:2
                    2⤵
                      PID:1044
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2904 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1
                      2⤵
                        PID:2428
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8
                        2⤵
                          PID:2072
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8
                          2⤵
                            PID:532
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:2364
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                            1⤵
                              PID:1192
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe"
                                2⤵
                                • Checks processor information in registry
                                • Modifies registry class
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                PID:2920
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.0.510283587\1237442315" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {622ed73c-f5b7-4385-8fa2-3e9e3d65b9b3} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1292 125f5b58 gpu
                                  3⤵
                                    PID:1860
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.1.581387175\202849938" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03cbe176-1a51-4e0d-9193-15c08f3797a2} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1484 e6fe58 socket
                                    3⤵
                                    • Checks processor information in registry
                                    PID:3052
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.2.1001236367\1382439874" -childID 1 -isForBrowser -prefsHandle 2056 -prefMapHandle 2052 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98605513-be65-4e0b-be03-aa0eb839d817} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2068 1a57e358 tab
                                    3⤵
                                      PID:1612
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.3.738298015\1282876837" -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3a6007-89db-42d6-b60d-db7b4b335acd} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2856 1c571e58 tab
                                      3⤵
                                        PID:1616
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.4.83986225\1511631436" -childID 3 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d454f2f-0918-44af-84a2-98053dfd3727} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2992 1c572d58 tab
                                        3⤵
                                          PID:1580
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.5.1562752627\1360629244" -childID 4 -isForBrowser -prefsHandle 3724 -prefMapHandle 3776 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d64c9567-5f0c-4a26-a73d-d184c694c07b} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3784 e67e58 tab
                                          3⤵
                                            PID:2908
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.6.1808011261\886275644" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0545a741-6580-464a-a652-4924e51c5c5a} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3884 1f1feb58 tab
                                            3⤵
                                              PID:2952
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.7.1706755894\108593315" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42133ff-453b-4fbe-9306-3b83a6f25927} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4076 1f1fb558 tab
                                              3⤵
                                                PID:884
                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RequestComplete.mht
                                            1⤵
                                            • Modifies Internet Explorer settings
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SetWindowsHookEx
                                            PID:892
                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:892 CREDAT:275457 /prefetch:2
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              • Modifies Internet Explorer settings
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1852

                                          Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  50a117376d60edff1ec4ace57ccb6ac5

                                                  SHA1

                                                  06fe4c49fa4a7b704fde7ce8bc67b05ff8457dfc

                                                  SHA256

                                                  a15988e09e044fe567bc1ab14aac77bc0c7c2c34824bf4145fb31187e0f2ad10

                                                  SHA512

                                                  95cc3528ceb97870570f3e45a8a7e3e5fae5ec77ce6fbf5b40b3c8372bde033ae2c6df1a0d74af66ed390b4c406a33decb8570d5b4522d97db181a39fe5ed111

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  e99fd98a9a9d35f9e820d5d8ea0a6917

                                                  SHA1

                                                  7b6de5c9f6d99103eadee58a379d4569c45bc7ad

                                                  SHA256

                                                  46a2cad669ba1bb2a6321fbb023029631ba84e376a50b036bc803fc4472c0450

                                                  SHA512

                                                  b4b48ca7c0f5e94e25d8005775443245636b686323654ea1c4a33f133ea7738fd794dc6fb3eda62a9027c12e576f7fea8709356fb788ccb3b4517a3bdff92954

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  5fac7f657f4a10ba2b80c4636b5d75f3

                                                  SHA1

                                                  b54c881a6b052507cd5ab3344a9f454128579605

                                                  SHA256

                                                  0f4b97322883770b5d14b372af9872e49e873e1fe97f06a3c7a47d3a899ee3fd

                                                  SHA512

                                                  23a2ffa15f9cff6e8316cd3d5db5c4cc0c608296761757e366db24fb97c003d9c4cf0104cc1a3d9e96a59ac26ef4dfc35e052ee2d393be974341505c55c0ac81

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  51f5c1374f36008a5f042a567eaab73d

                                                  SHA1

                                                  dee4563c6d12c50296a897d3e763c5ba1a4d4a49

                                                  SHA256

                                                  9bd975a37818e161f8c48eb52540e9ddbabec727c82fb12dffa96de9567c0313

                                                  SHA512

                                                  c57661b141774e4dee8dd79a671942c29e9bde786298bcd01af4dbeb88b55db34d80257dadeed6ee22d60f4c249e6b7e904e610aa4549deff174f775bf4f4276

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  5f9ade0d99cbc69e0b90b6aa34a46f99

                                                  SHA1

                                                  47062e22f4715308b999440b1188d7423c9ed9cf

                                                  SHA256

                                                  7ffb0e8354426eeca7ae3df16d19c9e411539f9c26d6c5cbebc34aad4557f086

                                                  SHA512

                                                  6322fba44e92898e28347e75426072106c48691101fa26ecd4f018dccca0f7beedff6e71c1c5d880dd637869596cb61cbe63ecffee3d1cdaa86797cf74fb0a68

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  c59d916b06d2126689cd6d84607ad715

                                                  SHA1

                                                  989c158597c1ca44799060be5614957416458363

                                                  SHA256

                                                  111f7d2bfea0cf3ba6577c29f2759a9b96ccd49358cebe0e53ea6edc75b92c0a

                                                  SHA512

                                                  224fc321275298617dc37c5cc3429be090cfe9215d133e12516dcc06eed8c9678acd185e7c4b2228d5befe8bb38e88717ba6aca7f1d41431f2896e996b45e6b9

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  342B

                                                  MD5

                                                  7c169649b1ae04b11de3974c182c4c91

                                                  SHA1

                                                  cb72800963534bc0c8e1478424af34292c7777c9

                                                  SHA256

                                                  918f87ab87b6a87cf16503a4b75e4a955d4a9055ef9d7ebde45b434743aaec4e

                                                  SHA512

                                                  c0a6e5f3bfa4826d734e0719319b8aa16802bbfb2be0cb19f9f74a39d9f094fa14db1bafab768110504920fa002b7788b93d063a0f7cf0e8ac2c79092c0121cd

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\68136518-182e-4312-a95b-2869fe689c18.tmp

                                                  Filesize

                                                  341KB

                                                  MD5

                                                  7dfe6818db822ebfa299f53acafea717

                                                  SHA1

                                                  c5c459689fef5d8f8fdc587f346c87ce6a803517

                                                  SHA256

                                                  53202f535ffb7c673e40f443861a4ad5f5852b66a09da7ee33c3e556d1726cb8

                                                  SHA512

                                                  8fa7851090bca2da9ff57a0b48ad24773dd51f9188e17c3a97e0155ded731e4e1ee4dc908914b9fad688804174b30bb3630e3dc0cf45c388d94cc0320ed5fee8

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

                                                  Filesize

                                                  16B

                                                  MD5

                                                  18e723571b00fb1694a3bad6c78e4054

                                                  SHA1

                                                  afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                  SHA256

                                                  8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                  SHA512

                                                  43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                  SHA1

                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                  SHA256

                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                  SHA512

                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\activity-stream.discovery_stream.json.tmp

                                                  Filesize

                                                  26KB

                                                  MD5

                                                  dec04a7f2774d92e21734e65bf7366db

                                                  SHA1

                                                  69e90f5c5a206f3959996890d3e86b3f3c9e98bb

                                                  SHA256

                                                  0be172bac8829bceef014718865332cf8b2bf8e66e59d9eb1517b1be4f378000

                                                  SHA512

                                                  324fa3ca39cdff2694d0cf2252e4dcc793d3e0c3ea1be7461bc1f7c9b844bdba8512b34dba037f50dec6329ec1dcd52308c8605c3237456b898126b54009b835

                                                • C:\Users\Admin\AppData\Local\Temp\Cab7BE7.tmp

                                                  Filesize

                                                  70KB

                                                  MD5

                                                  49aebf8cbd62d92ac215b2923fb1b9f5

                                                  SHA1

                                                  1723be06719828dda65ad804298d0431f6aff976

                                                  SHA256

                                                  b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                  SHA512

                                                  bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                • C:\Users\Admin\AppData\Local\Temp\Tar7C38.tmp

                                                  Filesize

                                                  181KB

                                                  MD5

                                                  4ea6026cf93ec6338144661bf1202cd1

                                                  SHA1

                                                  a1dec9044f750ad887935a01430bf49322fbdcb7

                                                  SHA256

                                                  8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                  SHA512

                                                  6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  a07e87e8bc2f798fac2112be790486e8

                                                  SHA1

                                                  5e3b476654a17c6d73d8bac607384f751ba059e5

                                                  SHA256

                                                  74701446ee9c87bcd49e66b8594a7cbb4b33fffc14899bf39d6884a099c8438a

                                                  SHA512

                                                  09100c1ab79f7748402ef34deefd2b91ce13d474d96507296b8cddfb6eb580991adb9ea39c7ab5526f39a2b9c9a1034a59e601f9ac36ed453ec66c42d9750f02

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\b774f617-eeff-4de4-87e0-5e2cfbf8a084

                                                  Filesize

                                                  745B

                                                  MD5

                                                  c7912cd1307e93b95e98a5beccc82e80

                                                  SHA1

                                                  8fa06af12b3b5ceca3b40dba55d7e1a2e527a4a3

                                                  SHA256

                                                  001fff757383db86ab63c2391ba49d784b7c546c1d8095010ba8a0cf2ad079ed

                                                  SHA512

                                                  66a6e910cc72eb8b770575d2f2e14fa6542ed52e6bb2d692afd629c4b5261d96291d91964108daf4dfdf174002f4a4d3e53377d13229fb961a66d2434ce275b8

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\ddac637f-2755-4757-8b3c-e51ff7a67016

                                                  Filesize

                                                  11KB

                                                  MD5

                                                  d36a07cd34f22c6d322b1e65cd3b74f3

                                                  SHA1

                                                  d638460d119e2d6a3c8055f909053573eab6665b

                                                  SHA256

                                                  e7f6316b90dd5d75dc55f901c6f01a7f9aa3c6e5e9c19f2e9e30fabc42af619d

                                                  SHA512

                                                  02697e0f5ba2cc854c31b653c46d3930a956f71d1e8c2c5e4c02308e5c4a353d772d8245be8d0d1b5b02570dc0aa6ed473ef63c41525853f05694f0f3e5b61a4

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  ace46823e6e49c3b1148c167235074ce

                                                  SHA1

                                                  12e648760e96edb50e140ed8cf3c546dde74fccc

                                                  SHA256

                                                  bcc2e901b3fd9160836ccdd90e014b3d88de8700740939e00bf294ac14b4bd3f

                                                  SHA512

                                                  a53f3aef894c2953474b3c43b6d3c3e9b16152f25b83a33d4ceffc5cc6e8714b5a95b194ca147d1bc0b5dbdedb4f90655978bbeb075b085af4c0b679f36ae6e3

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionCheckpoints.json

                                                  Filesize

                                                  259B

                                                  MD5

                                                  700fe59d2eb10b8cd28525fcc46bc0cc

                                                  SHA1

                                                  339badf0e1eba5332bff317d7cf8a41d5860390d

                                                  SHA256

                                                  4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

                                                  SHA512

                                                  3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore.jsonlz4

                                                  Filesize

                                                  832B

                                                  MD5

                                                  efdb2fd165aa1a3816e640dceef782df

                                                  SHA1

                                                  b96baca51c586908a13bce977087224e59e94ab4

                                                  SHA256

                                                  49de012e359db3762da510413cbe61e969eae6b10f9323135a0e4ae0f7e05e25

                                                  SHA512

                                                  df0c70d2d528a828b666ccb7de65bdda7c3cad71649863ed1e0185a2a0e2400f0951ce2e16ee1638da8d65d4438aebf68e60c15136608b8d648783da590351d9

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                  Filesize

                                                  184KB

                                                  MD5

                                                  6a7e2803a02dbe0e8300bf3763327a5d

                                                  SHA1

                                                  d7fe9269f9da086391a5d8dd6c9091a86a5afc3d

                                                  SHA256

                                                  5de402247656ff3aa96503fe6f107e1f54efd2d7794dd79d308a18e0073ca746

                                                  SHA512

                                                  f5f74e567b88925d92a72dfbe6a38bf1db46c3909dc5cfe0867e4f74733bd86e24173028b94b1b7415bb9af01ab7db6ac890c0183bb0323c8151d51a82ea7861

                                                • C:\Users\Admin\Desktop\CheckpointCompress.cfg

                                                  Filesize

                                                  363KB

                                                  MD5

                                                  aa9ca635b02b898317f9d7665e78ee07

                                                  SHA1

                                                  8f97e73ad1bce276c4bc3a575827d18b710b18de

                                                  SHA256

                                                  518efbcad8e00f29153f9081a6fc8cf3236a60673471a50ab421e7b3185b44e2

                                                  SHA512

                                                  808cf4a2ab1361556e9fea3fcc1b0c798e28f00e05908a7dac2fab2e60c02e2d39d2862c05e100a445d62c6ea5063d3a22a9e0bf64558b8689b42387d8a11f54

                                                • memory/352-23-0x00000000005F0000-0x00000000005F1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2348-0-0x000007FEF56BE000-0x000007FEF56BF000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2348-26-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

                                                  Filesize

                                                  9.6MB

                                                • memory/2348-25-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

                                                  Filesize

                                                  9.6MB

                                                • memory/2348-24-0x000007FEF56BE000-0x000007FEF56BF000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2348-12-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

                                                  Filesize

                                                  9.6MB

                                                • memory/2348-8-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

                                                  Filesize

                                                  9.6MB