hxxps://github[.]com/cchhaarroonn/XenonChecker

Analysis

max time kernel
690s
max time network
680s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cchhaarroonn/XenonChecker

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chromedriver.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chromedriver.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\櫉⬅฀耀\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\櫉⬅฀耀	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
3452	msedge.exe
3452	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1252	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	firefox.exe
Token: SeDebugPrivilege	3664	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe
3664	firefox.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
4808	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
6064	OpenWith.exe
3664	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 4132	3452	msedge.exe	83
PID 3452 wrote to memory of 4132	3452	msedge.exe	83
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 464	3452	msedge.exe	84
PID 3452 wrote to memory of 1344	3452	msedge.exe	85
PID 3452 wrote to memory of 1344	3452	msedge.exe	85
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86
PID 3452 wrote to memory of 720	3452	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/cchhaarroonn/XenonChecker
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff927b146f8,0x7ff927b14708,0x7ff927b14718
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5330604450132025672,8616491877586224876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4620

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:6096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1252
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_XenonChecker-main.zip\XenonChecker-main\README.md
  2⤵
  PID:5364

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Temp1_XenonChecker-main.zip\XenonChecker-main\chromedriver.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_XenonChecker-main.zip\XenonChecker-main\chromedriver.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4204

C:\Users\Admin\AppData\Local\Temp\Temp1_XenonChecker-main.zip\XenonChecker-main\chromedriver.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_XenonChecker-main.zip\XenonChecker-main\chromedriver.exe"
1⤵
PID:5928

C:\Users\Admin\Downloads\XenonChecker-main\XenonChecker-main\chromedriver.exe
"C:\Users\Admin\Downloads\XenonChecker-main\XenonChecker-main\chromedriver.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6064
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XenonChecker-main\XenonChecker-main\README.md
  2⤵
  PID:3608

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XenonChecker-main\XenonChecker-main\README.md
1⤵
PID:5576

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2468
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aa1a0d8-f112-4bf9-9fb8-02a216d33a26} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" gpu
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ac31311-2bbe-43f3-a722-a7a9e3cc9e58} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" socket
    3⤵
    - Checks processor information in registry
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3308 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec22e34-9335-4dea-ba96-e685f197a6b7} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4056 -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4036 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d908c6-4291-4ea5-a515-50b70c8aed1a} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4856 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4888 -prefMapHandle 4828 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c0503c5-d7ed-4416-b752-f9eae79bc114} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" utility
    3⤵
    - Checks processor information in registry
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1460 -childID 3 -isForBrowser -prefsHandle 2708 -prefMapHandle 2704 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22bf90cd-aff5-4273-beda-e0d962e85060} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a23843b-d804-4d72-a369-38255f892f35} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0fbfab-fd0d-4b89-87c2-7201d3f28f51} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:4912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 6 -isForBrowser -prefsHandle 5692 -prefMapHandle 5932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a31ca0f-fdbf-44a9-a266-a78c5d6464cd} 3664 "\\.\pipe\gecko-crash-server-pipe.3664" tab
    3⤵
    PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f68c7b670ea43468faa02a564b6c064

SHA1
83fbceec687455dcb376f2b024d615f737b91d4e

SHA256
b32e9aa8c03feaedb129be6252ae576c4f2216875aa7eafb8a03eea3a4be2841

SHA512
4d6646c6be2d993bcc971d3e3cb2d54fcdddcf0faff4ba0b6c754e955887090e87c7c63772a406b47ea678b5938614c55e8bfd0d6ab2687f156f878eb77f3849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
72d8b549c047805a5315df059bb1539a

SHA1
3df3770c14379441be3be79eac28f5a1344cdada

SHA256
beb758c4229b5c555242bde07bb5e88edd0d43be725dd68c8a4f33e6eddf10f6

SHA512
0bee533bd41e2226f9e971c9e4b75dee9d8d8ea545bc8a119d3a3c31bbea9f4c30b0ae3dcb58cfeca103ec4880171d2d63c676ac7a4a71b990e4a5ad376fe4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7502b1510c56686322fcf82283110be

SHA1
97ff08baf713c45150815fe84247982b8b6e475f

SHA256
d92502b759c48d3b76362910e1856b25aacda33f762a1cfc5dc42bb6ce521960

SHA512
feac7a6405cfeaed22fdd42826c6f29c357dc6a1cc5cecb73cdc17bf7134e0bb5217af2c707a389f9d6b60af492ce9ea00a0ada27b40d244e23d62ae56633ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d12d02675113852c435356173dcac40

SHA1
155018f4e88bcbefa97d43d81b9572183c416b05

SHA256
8c9277709e947386608fbeb386b5f7c6750a46456907f0f8464a429ba11ea6ed

SHA512
5d602010bd6642e2e85837a30f9bbf1b22755e182d8eec35074568149c43afefc83c566315fcc59bbfaf4e1922954d314a2d5bce27bd77caf8f50b0a36c21b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bfbb56d399b585d6f900cecb1fdf0b6

SHA1
b03e64deb765ba4e243617d0dd7b7df256c4d805

SHA256
921748d1781a560005455985561c76fafd0eefc14f0c4380c879b4bb79cfafa5

SHA512
0b8063a1d1397a074e9a383808152f801f095d11f57bbdd0e2dc81855ab23554733882a339b021c96b680cec2c88c707d7d26e84b577a98a149f197ee09f1501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c984c8377ceccc9ab7473f2ed5dd20a

SHA1
724afb0f940c6fd7439ba825f88a84ac42d0618d

SHA256
c62d264d8aa74ad5736045bdf717c857b3f5862f42bb7aab819d8b5b7688c8cc

SHA512
680f0a6776e7d275ba08315d2139671d0882ebd9a4f84b80e9d43344826b04355bfec622ad824c4e88f15769aa23c92a6ba820315f15581f6d684aeab90229c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe606e2f.TMP

Filesize
1KB

MD5
77f756ceaad37b86d7c14a369a6b7991

SHA1
19aa45514d5831199fa0ddde7a256dd86e5593d9

SHA256
f5049ba2752f81b61920d893355da5cdd9a29346f9537cac23b0fa8737424c30

SHA512
13e7fa8c920672e8d62418bf7ffc52634e68f3cffc2756294da7e4439f3873c64541263baba975c1bdd320318a9f6c6372472c49c12ff50de061b749d2f5b6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04f788fa2dabde192831e7f084a21384

SHA1
1b5ca90a0581fd5bfbe0d5989b08180ade67e208

SHA256
a3b75211465453e6f9eb7dc62659fa12a21e590241922a6c0c85a02859db09c3

SHA512
17122d80b439726e0c58ad17c9b44d1386880023d79f1a4c5c719a992e161504fb6da641b38446128aa2c6dfafc52da3acb89cc980432ea6fd12d2ae25619a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f62014796f1d65bc46310bf130c38ed

SHA1
fcdd11867969d8c05af4181378c0d168379336fc

SHA256
32ba3b9088ae5b9cd54e86f67a46b871548e5a6fe855e0fce67810ee9d8e77ca

SHA512
55b9629aec2e0a4d6053e2cc4887fbe99e7c108734e18aeb30985cbe340521c9c0abe6d1f666ffed166d8b169df3aa2704ebc4a8746ee37de86bb08a983a0673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
083f829cfe122094f8eba9962c47f6ba

SHA1
bc7c1541334468469608f45ef94acf69de976e0d

SHA256
492e4764d85195c89954dac6f7158e323963205b723264b315f5ef279602c08c

SHA512
05e39da2173bcf641293f552108af92d20fbde5e3f3bd2aec2b13c6820fad9fde4833bb5021c6eeae63f7cfce3638ef50ddfae263bed403f043369a507d0a452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1828eb535388c768ae9bb56eb9e33b6

SHA1
9300508faef623db8891de754ab8cc1b6a9532dd

SHA256
428ae466e9909d297e1c6b2b5f1482476fdddd8de3f6d03d8cef5e9d836d9209

SHA512
eee8dcc54470172f5cc54a06f80a7eccd503a4a4468de7426ec0b64feb0081818e6925d28d6b95af8c75eec9fc45458c71d3605d7db4fc397861f1844c8b0a91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
669655810eda9bc00000d9196d0a793b

SHA1
fa65a1b5a08d5c757c465001f290a8c4551d4ce6

SHA256
93f1643f68dd56ed6068e140e7390107b1269862d0db3e32eca1212e6efcc8b3

SHA512
368ea983bd2c8878942e2d65c06608d433282542cdec55f352e6cf4a9b6fa6a7d2d2acf7c778b5c21c97ca23166526e213f36c43d49f3d523021874c55afe012

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

Filesize
224KB

MD5
60614b297a895296e1be2e420d4aea4e

SHA1
f69bb2ed130dd337d05b67496c805c2f7120686f

SHA256
f4320008186d30d09ce33679142d0ca498547c61322a5584209ad95e54d2e098

SHA512
c729101c17cbfbe61a630fe920d2ce51fcfe46ec6ce03d02f684b5e6a34d0f23ed9922b518e74469e99948955cfa16f0f678dcd0532606e28cc7048cd89e3076

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\2DAFED1FFA4D7E6A0CA81A21A9783F5E75F52F0A

Filesize
61KB

MD5
00c7b05ce0dd23a36a0a50c8d17315c2

SHA1
df992f5c47dbc9e732fd5e716f6f1dc94c3c2916

SHA256
f4eb5edc1a3b1afe84143c74db696ff6d06f08379e2f6f295f5176cbf4fff96d

SHA512
09d747008fba612a1fe681721f18738b50567b360ff365943e14c7a2685cbce65c8fbfd819d434918c7664515b023c39087c5c941b67c1d516a1868db124f2d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
008203aba03335d4480cefdc11152118

SHA1
95db74ec95cad307a117b9e929ca4ff14882eb53

SHA256
92ab0a247c04eb6e24cb6e3b6e177a5dd39f6864f1b9cb36a67897b77ed88c48

SHA512
0d9448ff8c0f64fb921691ad204acf65710ef5380527b166cfa368b39752ecd90e02b20b99fc2c8e36aa3695b7fff262bfbf03f8b9cac2e2555050a9d51fcc94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
12KB

MD5
60c8ab1f2b6e11916fad5dedd92ed887

SHA1
9e78188a212c91481695a49989699a11c61ae362

SHA256
bcd041085d6f0ce25071bd6fb482a2654026a284cef0116c219e72f87c3149bd

SHA512
807274f21394511c1bb4317a3cb9d552455d4c86d864a364fe2e756497325a0c1a22b40372d7c4d5fc02ae2656236774ed0f03f6935d55acf461f59c8aeacec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
234e77aed3733c090488a29f0de4cb6b

SHA1
e7714bd6afbc4e56ab422897ac4019af88e59a46

SHA256
b4bebc2107293aa5d79ce84d665efbecf7fe47f5f6749ba10bf4043308bb60db

SHA512
1c003cb45a7b0c646dce9c91366681f164871b29b584737ae02e74f43da5293406008c1801f60688785cfc07fe7dc485eb7c5230ecf0e4920f081d9be39a3903

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7c4089a255feb267a05d4d58c9d642f2

SHA1
1724c91627086fae4c525e6c653175a5a83db7db

SHA256
8e9a06322f321db6599ddc316ef0421cf4a8eeb4482d4e996c28783709a3d998

SHA512
dfbdc930d4c8bd1fad2bb971f74ddf6c760cf6ae1f6939f7fba151b9edecc1edded94ea28c1a38254f8a220412471e20418a1ed7e60e9ed8374c1a4be2b6cbac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cc15ca2f05cd2db0a259596c971eda1a

SHA1
d87bfe8cc68d983cd45939110da326e146286623

SHA256
aae65227803e2d953f0e36a27fea33c2d345bd546389efb75e7ce963bf5f4780

SHA512
d27889e4629c12ea51631b36002a40b3b5f6d83ab42c5b5a768c7dd28eeffb167035760d577e49f545f229ef3ad7d02ade37076e4f6adb768d3e7f9f36798469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
42a8e44bd17b5688b4def027ca97b940

SHA1
3e4278b5dfbf2158c56a0138b19f06829df8ac3c

SHA256
53586205f168841475a55e2f33327a495ab6665822d7673dd381bdad80170f93

SHA512
7abec68d5c363c7db7fa667253de8a57113bbb5ab6dfc99d369dbf8fb05acd767523dcc22c63bf6708cd0f8524c9b71119dbe0f4440a056deae6e72e3a60f26d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\1bc9b705-8a1c-4e07-a1eb-0d33672bbe97

Filesize
4KB

MD5
04536d1bab068988f97de5b0809d5f44

SHA1
18268125c3615b77e74016027174b2983bfcba5b

SHA256
106450e7fb1bdf4fb22055ddcc4607535fd0663e66ccad66ab16d72de42664ba

SHA512
e48431d7752f52a0b18e890ee8c1dac74dfd5b8e9ba4e49cf9fb93583e6173c4c271d373d6caa1f985efffdd3361b015fcf29d4dc00b6bc5425bcd423d7103aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\95bc2123-f29a-4ff6-972b-42fe2aef6fe1

Filesize
671B

MD5
1ff2f8faf45497b6f1306562f659ac91

SHA1
b363048f3632a1057b57f0c7698bb7a24ce5a4ff

SHA256
4a2e93cac0337df148d049ff45d845063a6d7e80cdf23cdca1390704a2d8a9a9

SHA512
8556b1755a10bfe94b39c8236f13443a53a868033a8e6795cc7d7054f7fc784e917c84cb2f7effb98c8044068200ec2138b48a1d5545a081012e1088c5bbdc08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\9993cb0b-ae0a-4a2b-b6ad-ed427a6856a2

Filesize
982B

MD5
0312ad4d402a4e16c315b10bfdb84a4b

SHA1
a8ba160f06f9d329dc661046e9b175e7b611b6cd

SHA256
39275776a98e332aa4ed19e13467538175b983fbb9fa2c1c39d4814c082cc171

SHA512
4e21a5eab6b91006ed4a47fcc79f139e918d92aefe4883cec882871f31b351a4aff60d54fcc52a96e1d7eb4781080c48045cb44fd4f19973dda041768a2429a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\ec22bfa0-dd7d-4066-9c68-39a024c4eb16

Filesize
26KB

MD5
98f35560d75b56de6fcabdd32260ff53

SHA1
2f7f466f5ce6869e3300f2ed817b4dae5b9a13f8

SHA256
29c35502eff509996e98ca0246c3fa1b7b9fe84b3ab4cbe3ed66cbb59e7ba8a2

SHA512
c593b51140b5d4c4b455bbedcc6e4d5cc79e4f410b61417f8d3270d05c10cdaa93f10ee554078cf98df20d96ca8c411b640f580bfabcbb672664d08835445a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
11KB

MD5
1eea831af7bb9f6974266bf424329bb3

SHA1
5770749f1d5bc949d419e20671637f82910d3299

SHA256
50f7341acc1510edd1d64b6067e6daba7936655506cc6846c383c43e54ce55ec

SHA512
89e7927ff7fe660f1445b47858bac5524c04e843e6ddd47dee157863b8dc8e66ffc07463e61b6ee1fa50b985703203eef5b10be7f25b60f734a13e0b283e1017

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
7316597151925d46238514daed6d44ae

SHA1
6aed2a81119433d195ca88d58c7c3b6e00ff0b1a

SHA256
ab0200ce35418cb40f9914cd73832b297fec778930ba869ff3a4b9eefa80b582

SHA512
3c2d4e60c4692c0d487a4459b419f8bbdc2af5b2f41b3b8e2498e4b6c2d32aebf4c8961804bc9517bc6c334a474cbde1dcd1afc5c2096db706135b836427acd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
21e73d1d3db9ff4148c7915b7de4712a

SHA1
7d3c28c007c6c681f513f34e7fb7105d2228664a

SHA256
0c6ca24ed3cf0170ed95008ebaa066bc0543d6a5f782e7d285016682bdb95c0f

SHA512
6877661b74435e7018de9f09e9d9922f1235946205c5465afc461ef5d34529dd670f1826afa9900578429ec828e27029eb266d4baf5cfb2c9f07dbdf5789aa90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
14d59e7ca081a800a030c04ce8fb3f0c

SHA1
a887e7b060d868a304d4e45a4e2318994639a969

SHA256
0651147117e686cec72d3c23439f39bd0899eb8b213b3c43f025c2ef6ac5dc30

SHA512
c4d3495c94e495320b23e6fb7ff4e4a0830dcbb28b9a37427aec84701034fb7437d73de925d27355b3f8c4e04434f6ab3d716eb54cf4763fa7417db3375ebe0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
02b6d04e95a86c608110845d54fe1224

SHA1
d545ad59e08c9c6b4e742876924c82cf1361d60d

SHA256
892ca04a6504df63119398358d780e9eadf6441bd8b11ff425f956d8ddb82d9f

SHA512
891c55a5415d7665a2631e59baa2644d19054d2cf31990ca91f6d2d7cd54505092d84b86734bda948294bfd533736d2ebd1bb05cdd716aecaeef97d9f1ea33de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
7aa16d4ca07a987b9d3d7643f699f31f

SHA1
cb27eb1c90e94565d835ead380476cdb9631bde4

SHA256
f960390742d2f35627722ed7c03ee308de9bcc74f19e05a1520230e5798a398b

SHA512
54685a5282fa8fec9ba08bfac71e445d9c66dcf1688ce09d6344905d66ee840f0d4ef94fc4991f4d45cbc249fb543432bf5fc6f8f7dbec6c2a9726c10b12d4e6

Download Submit
C:\Users\Admin\Downloads\XenonChecker-main.zip

Filesize
6.1MB

MD5
5fba040e2844992683c34dac35918f17

SHA1
94cd96ac2cb82950c39b15cf4af34e6b93c43d39

SHA256
463fe01572b6d20785b12dcfe3d9ca904587df18029065c5d9bb6d56b20eef52

SHA512
17e0f0e42be2a64243d8aeddb29a67b79db2fcf8308207423462c9652098253f3a28c6942af1685110a8d4225cd42b6f92f0c1e4eb0dcd6a15fa073821a18312

Download Submit