Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
59s -
max time network
60s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 19:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 5 drive.google.com 8 drive.google.com -
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 3632 msedge.exe 3632 msedge.exe 3600 msedge.exe 3600 msedge.exe 5020 identity_helper.exe 5020 identity_helper.exe 5380 msedge.exe 5380 msedge.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe 6728 AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5664 OpenWith.exe 6584 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 5888 firefox.exe Token: SeDebugPrivilege 5888 firefox.exe Token: SeDebugPrivilege 5888 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5664 OpenWith.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 5888 firefox.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe 6584 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3600 wrote to memory of 5000 3600 msedge.exe 83 PID 3600 wrote to memory of 5000 3600 msedge.exe 83 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 116 3600 msedge.exe 85 PID 3600 wrote to memory of 3632 3600 msedge.exe 86 PID 3600 wrote to memory of 3632 3600 msedge.exe 86 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 PID 3600 wrote to memory of 4496 3600 msedge.exe 87 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe485646f8,0x7ffe48564708,0x7ffe485647182⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:82⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2734756319896960608,6647682650385480811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3120
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3076
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5580
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5664 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\TeddyLauncherV2.apk"2⤵PID:5816
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\TeddyLauncherV2.apk3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5888 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d45a7510-d7f0-4107-8521-6bc71c5abc74} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" gpu4⤵PID:6076
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3617248e-5393-451a-af94-6cf8c969061a} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" socket4⤵PID:2516
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2740 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bf75fe8-0285-4b1d-a093-1713e1adb17b} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" tab4⤵PID:5140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c947b93-d75d-4c33-a6d3-a42d146287e8} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" tab4⤵PID:4412
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4348 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57c039c4-f4e0-4a8d-b367-a329feb7d854} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" utility4⤵
- Checks processor information in registry
PID:6632
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26769c6a-2641-435c-8608-e6977dfeab68} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" tab4⤵PID:6964
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b5ccc02-1739-4f4e-95eb-d851fc90e1a4} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" tab4⤵PID:6988
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {087e4d55-12ce-4536-86d3-f9beb165f838} 5888 "\\.\pipe\gecko-crash-server-pipe.5888" tab4⤵PID:7044
-
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6584 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\TeddyLauncherV2(1).apk"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:6728 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:6828 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C1BD159A798FE82264F9A8FAF52A5BCF --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:4360
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=740C35C1BB11EC96AACB1EC5A5F18BA1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=740C35C1BB11EC96AACB1EC5A5F18BA1 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:6928
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E5AEDB5B261443B719B86A727CAFFDA0 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5440
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62DEF300AF6D6FCC04BF57A725CC9AA6 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:6164
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8FF6447CFC3D3174F70198D65C72FAFE --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:6288
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A9B77D3A570EC19130E48E62E4C5F8BD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A9B77D3A570EC19130E48E62E4C5F8BD --renderer-client-id=8 --mojo-platform-channel-handle=2484 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:6492
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD54fe6a538ac769dfd67bbdb5b19e11b3a
SHA10c953362077d842893522da361d04311074a5497
SHA256ba5f421321807b874d5b148175af957743080a21c13bfdc84a98b9536e5966fd
SHA512689dd709a0ec9deb696cad3130f2a4eda08f483eb0b2f97ce89e774a3e392acf25b98d3f3f5d4a2a713a487092e920a66e676637989e44b0d47322aecd2f7c16
-
Filesize
5KB
MD5df3ea6c9a35a5b48856049cad61ab3c8
SHA16bb9c13d12f8187c4a06e1a8e58de62a28fd016f
SHA25606f6eca4b832931f59a5671f7e39988297c1286ecddb4bc188eeddaeb51bbf8d
SHA512081a1d5cc046e0527f3ecb99d899f7c378d4c5f6e363572a165ee03428e39cf9f2c08214250280a1239b5179a0e8416c8e33dc58b22667de9510d0cf7b4c8c4a
-
Filesize
6KB
MD58429b063169eb1f8f954ca58687b8145
SHA120720840a0af307f5fdd00956096397bca5b93c4
SHA25601b9cdd9ae3f720082be8f221f8a61568eb67195138dbc19b0287e5c5566daea
SHA512e15f6e7a7f8b9cd9725af08811f15e92b5e68f3909c934c7bb695de10965c6d9919167342bd7ee22762e873a66b38990d77bdc606c48e11abc8a6a1b0a60042b
-
Filesize
6KB
MD52ba15faf433ed93dbaa8c6f21d02ef2c
SHA181ead80a2495fd7c22b8d61be42e81a5db541890
SHA2562e9a28a3442338b2f0563437774151bdd472cac071e6429d6d6e319fbad963a0
SHA5127492461c0c70c321c2a24a362a80530c4f76c08fc4956c463fd71c24db90752698ed0c1696cb768bf9802197d4060c9cab781665299b051d89e8fabd10490c0c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58bab7a6037e529ceef384676d2e24db2
SHA149d17272dde653135348143ba6612c1b40256459
SHA2565878dd7f95a0a7a4b89d2f5b1c46b4d193d20bb6c2ce24de1dcd8e4438e0a4f9
SHA5122af376f76d189269ea5c6fdc33f6ffe14698c2de65d1e0266f84c6993edfbed4788e1533bde9455dec9ae287aef354361b90c474905a29755d31429b77a50905
-
Filesize
10KB
MD5c687ce39cc3d68c38fca6e9799d974ab
SHA1b414185d5706126e43ee7770ec2ff17e6141d38d
SHA2564818f487369297bd35b3d9a0b8f1cbfb10cf51b39026c650741d084053e64533
SHA512691776c68bb932b8984734888494d1a0803bba21ef0cda8e027e30df87e18dd28c9fe64e03b63d59785c3a9871457caeef6f58eebee02164faed1825870bbd0d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json
Filesize19KB
MD5a7ec731c5ab612d5e35367909dc9e3a9
SHA1ef587357128a59b533524007293d877e898a9f81
SHA2569e7075e1a6b7ab45daafff28d2f67de2e2f6e77712c73f9a109c480b0f221746
SHA512ec01ede2b052069d98fdf3001e0fe8f4b2404730a2e14b2bf5b1e68f71ec5fb3bf4d68844a3f05bae3045bc71cae8cffb6086464ed31df519ad4ee6be2987689
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
Filesize6KB
MD5c2252bd94edb619bbb2d2976a997ec06
SHA16cab5f2de45e8f6cdb8b6a2d1edde7b591909b9e
SHA256b849150ead0e9bebf8823a3c348ef262bfce00db7bc2c5682d6c8e9536d85618
SHA512c49f428264c1dd8978dfe088d6df177263652024e6461b0efb0b97d6c87ecc656f25e16150da6ed93f32c302e916c7fe2e0979c562da19487484780a549f5e9f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD55a466027b1f27ec0e555b1a067331374
SHA1cd3540e63b268f3e229aeec017ac846f4f548e6d
SHA25660137ffea55469c0229c2daf15a8478e5e8ac99f64506e308fc7a37b16303bb0
SHA512c1af27af84f7af0444e8641ca63716c381bc5c295a462549086d994e3c624b74c93b3ea3882cd2ad7c52ec9cdc421e547087c6937540fd60db3294a4999bbc04
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD530bf9d3ca374b1d667d3f5cf7dbe631f
SHA1ff73fefcfa62f4dd2d25d994088d2bfa45a96be5
SHA256e82d262ebde82228f5d29aaa3c1cf15abefa50a9999c108f5c4fa13599c16ec7
SHA51246f669f446b28247809b1e99ab23139d178dfb07dd41b6a0526ddc68ec4848fa8d2e9f217c61e3143256dcb38c6c4756de70aa99a837b8c0037294b05b085a77
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\44a9125d-2919-4c2c-af90-bce30fa0fa01
Filesize982B
MD55ec81998b3115cbef41a2c1f91f67737
SHA1077aeb1cfd146a68c3e47af38379cc5f95e6c0d5
SHA256a00824af09b3b0a4a1b5881bb1c7bef8708c422f19f82ecbbf43d162504e6cdb
SHA5121caf8b8597d84a41359f7c418795479c2e7070f0a536d82c493f3555fcba18951832ecc15637dbfe93b909e678d3b4e3d4e3481763261520401c36e5aa13288c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\6d84058b-ec77-487b-bebb-8010829c43b1
Filesize671B
MD5a733abf57d16bf7347fa67a50a1327e3
SHA16a0e4ff84d53f6b58fa8f486fdc672dbe923cef9
SHA2567d33f43385e665a7473f3e0b946213b017a9689b1349344d6cdc9be44447ea56
SHA512e0334fba27591fe80a1b1041438896ca4ac1e9f1262eca466ae5c0b5e380c265451e8013310259c08edbaa2ecf913593be02678c8bc093171d96e0ede5b48cc9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\da076455-e16a-4e5b-af22-1b1517d509fa
Filesize23KB
MD5b9d8aef7d1cbba953af24130c78263db
SHA116f14d98b704cded33c9a72c97dd31b9b52268f8
SHA2564ee32148c7fa1df949c35edd2b8fdb645394971c8c58160660cd7fd8365723a3
SHA512678fbca3553ed55aed0a7d35dea3279a154c28ae23146ee0eeb6c64201b732e8a7e560f6d1a0f0521be19df5e8a4e3da81c675523c5649f6f81846c4d6e77dd4
-
Filesize
10KB
MD588d7ecd83acbf1375df373b193ec3226
SHA14cf636c3e2e1cbaf3151f00e502d5d0438166958
SHA25625f4bd9da9b3d840a7c036b01047baf476620469aa8753274756e64d52dcfb7a
SHA512ef5e9cdcd232f48de368775c638b9e01c36b5dc5ab44c868c88ebe4d3bd224e063db420df4d6b179c760e710b8bafd14390846b53b01fece5b193285d3f2511e
-
Filesize
10KB
MD57b33696a0d10dcc0fcd87995e3f5085d
SHA1dc0f0a6b082dbb609cfe09771d022aedcabf52b4
SHA256fb2993819e2f1fc71255bf872bf78ded8d78929f9c12bdc3cad30f4c071da335
SHA5124e6d5f46044c32bd7e85c26bbe0ca02fcf56c19b5840e58e92c90b01d4699ffa266b515f769245e6b03ae60df16797d26767cdfeff1a475650e46f8a101d1a95