Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
71s -
max time network
64s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2024, 06:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1VpBRnnC_erXVp06OsZPaNOCorWLbDDet/view?usp=drive_link
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/1VpBRnnC_erXVp06OsZPaNOCorWLbDDet/view?usp=drive_link
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 8 drive.google.com 4 drive.google.com -
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 13 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\rbxl_auto_file\shell\open\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\rbxl_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\rbxl_auto_file OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.rbxl\ = "rbxl_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\鰀䆟縀䆁 OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\鰀䆟縀䆁\ = "rbxl_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\rbxl_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\rbxl_auto_file\shell OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.rbxl OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 2416 msedge.exe 2416 msedge.exe 2836 msedge.exe 2836 msedge.exe 1772 msedge.exe 1772 msedge.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3952 OpenWith.exe 6108 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 4080 firefox.exe Token: SeDebugPrivilege 4080 firefox.exe Token: SeDebugPrivilege 4080 firefox.exe -
Suspicious use of FindShellTrayWindow 54 IoCs
pid Process 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe -
Suspicious use of SetWindowsHookEx 53 IoCs
pid Process 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 3952 OpenWith.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 4912 AcroRd32.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 6108 OpenWith.exe 4080 firefox.exe 4912 AcroRd32.exe 4080 firefox.exe 4080 firefox.exe 4080 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2836 wrote to memory of 1092 2836 msedge.exe 85 PID 2836 wrote to memory of 1092 2836 msedge.exe 85 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 3836 2836 msedge.exe 86 PID 2836 wrote to memory of 2416 2836 msedge.exe 87 PID 2836 wrote to memory of 2416 2836 msedge.exe 87 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 PID 2836 wrote to memory of 2760 2836 msedge.exe 88 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1VpBRnnC_erXVp06OsZPaNOCorWLbDDet/view?usp=drive_link1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3a446f8,0x7ffaf3a44708,0x7ffaf3a447182⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3720 /prefetch:82⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,7151676492901909331,3237864323557151697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵PID:2912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4272
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3952 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Arbuzowski_Assets.rbxl"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4912 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:5376 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=07DAE3D75F47242285FD1C24A7E6A7EE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=07DAE3D75F47242285FD1C24A7E6A7EE --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:5520
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B4C51A1E3052E115A8DEDE44CCD909F --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5540
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6BA8B579FD9AFC09928BB0656D2FD55B --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5756
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C3E53D50544FECBE5434178EC7E2B9A --mojo-platform-channel-handle=2032 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5852
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5AFBE9A94DE6A21D0D273192E5C7A2DE --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5940
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5532
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6108 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Arbuzowski_Assets.rbxl"2⤵PID:2976
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Arbuzowski_Assets.rbxl3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4080 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f2ec76-a8dc-4b19-8dab-bbe72f0b090e} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" gpu4⤵PID:5808
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a8421f2-9754-4fb3-8501-a685132548c4} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" socket4⤵PID:5892
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3004 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc15764-023b-453c-b427-76aae77a4427} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" tab4⤵PID:548
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 1232 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a77b4ed-a0f6-40e8-a532-289f7079dfbc} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" tab4⤵PID:5840
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4488 -prefMapHandle 4544 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01a0cec4-69a6-42b0-a7cc-e36c8f1d2ff4} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" utility4⤵
- Checks processor information in registry
PID:6528
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5592 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15346355-cfda-4805-aa01-a9b45b828830} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" tab4⤵PID:6252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4528 -childID 4 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {581204f4-fe1e-4421-90b1-d4cf97767b32} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" tab4⤵PID:6260
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 5 -isForBrowser -prefsHandle 5844 -prefMapHandle 5848 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abd182c6-6b8c-48b5-a1a1-9b8a78bbc808} 4080 "\\.\pipe\gecko-crash-server-pipe.4080" tab4⤵PID:6280
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5c2f951dbb4b98be71a618f3175178fc4
SHA1d7bfd37a777e40020e44aa36be2673da99ad4e9b
SHA256ad679814eae830d02a98353f6ba9532b4db79cb9f80e6caa4f51f489aa77e41a
SHA5123b7e9974c99155bfd89d3ae8c19182df36d60b3752b79ce1b23ea65aa50c9202b189f1ae1c29ff5e58c998408da61679b4229a6607b38ba4784abe377f1a828a
-
Filesize
64KB
MD533c19c50d64dbb296ab6e38adbdd8c62
SHA18a80f7b5c872e52d0562cf5353f423b1452a52b2
SHA25684558e7d5bff9a79fe5199b2af786c99eab4bca072756604c891247fb3f8185c
SHA5123176df555dc473e0af960e979fc67e22882e4abfd595be32095be42c1cc17214b87eede304bec78abd4f23131acc6af8027fdadcb52352e522c96077ee26565c
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD56635b5bc679ad90c2d9a6f87cd92d212
SHA12d865de800ef649ff156758d162e24306f37420a
SHA256ae5ee1423cb7a2fac4a5de8f9847401b28c2e4c301ac715aae6a53de0d51972a
SHA512a796ff0190616b4c719c9353c2729680a392ac22ac58237821ce15a1e99d23da4ccd6a7aa0301ed4e1424eaaa479564786c37f33a66705269c99e1107033dcab
-
Filesize
3KB
MD5079c39dd894ad92da9f1eb13140ca054
SHA1b9dff1fc97fd941c6400a5a2d3795f974b0f63ca
SHA2560601da6c02158706fa44f9195d5ccd87fa966a99266d369f3ff007dcb2d9f097
SHA512b300a57ac449d8a22182421548d0d1639ce19344e34a20c62246855c3b0ec34e6de0a3dada6b58688d116bc0c216af6ca54044dcc5e8fb8ddcfa43bd493757ed
-
Filesize
6KB
MD566cb1d478972ca9dd20fe521e46631a6
SHA16300d0d435d898935abeb64732784bc13bea4715
SHA256a220286c7c9a651022ec5768638bb1a241ad73cee65481b89257fad2fdd68a75
SHA512cdb607dc20d92a32bfacef77df1a6c4b72df3d82cc93d062e5636d55d99460b412f76e6a5ec3ed588fa5939d6742588f341753f59601a143d93fdbcc78f99cbb
-
Filesize
5KB
MD5f3644bc0ca01d7f6d2d73ad637a8dbc0
SHA1c9611605302b7c2b9ba92231df6a7805f7f8de7b
SHA256f8f83bd90f89fdef13cdb96c2b43b42b56cb02dae89d7a82addb6b0ccac63249
SHA512d34f89dfe13800f94b50728a2013848664d83f55b670a3291d675fe709ce7e0f961c079d9490cab854fd8b74f3a3dde1cf00dbafb66bbef8c08621ff9aa503cf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5cc1f233df928c988c370aa9a37174b0b
SHA1560a6fa5483dbb767c855bd9ae7fbca61af3de75
SHA256b8515e53aec70bbc6c4accf7849a57ca36ef51a73b6da5eb59242a922feff481
SHA512cedf389b819c3be4c7d2df31e38eed7399e3b31daa61591c25d4d560e4a158112310e06d649a8dd1baa579972a115c13a6c1e7102248c7af226565e8c637b111
-
Filesize
10KB
MD5fca2a40869fc581573678a0db1b60a38
SHA11e57aa460c58826668a2710678b7efa049e0defe
SHA256e84822d748e4318b9c47f6e1e9249f23e5fcc22498103259773b3712b61a6729
SHA51248c7c613113bfb7625c7a0f04bc428a78ada7661996864edc2c93ad68a8c284178d4d0524451af4152e08b4a8198ab850067e5a0b1fcfd98bdf243316ba5c6b8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json
Filesize27KB
MD5564e8c1672263f7864e5b83a2ba0cc0d
SHA1a01b963d60d9bf3dbfc8e2393fae705cb94f803f
SHA25641cfbdac2a94a71591b62e9f8aab8b4a7eec8e7b875c4552060e7bf77e50a4d7
SHA51294abb87e60e49801c8f1121af9c6ec35da3ea5c36858a1fdd667bf4d065f1dd2705268d087aec3d09385f9a64807613a42906315b180661196b90971da017be9
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin
Filesize6KB
MD53eb48a1ad057c23fb47f5c3ca2d3a0a4
SHA1877c2a5f8bf5cc67d5e7d6e4afd3bb7a14a8ab71
SHA2568b4ae4986d0f17dda3ebd3116c997199e7bc10518baa4c287b47fe8b6df834ae
SHA5126e71408d00f5e2d493ee35d30390e24bdc4cea9c33fccb38f1aa631dbcbd8d22502815e48c02a82ff3f20c7e96acbc226f63a9fdf9d3db25bdd9b78461529bc4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD53a49125eb27e3ea30c6e9d0174acdd4b
SHA1035036617d48e5ab4277961a9cab5d3fb609f712
SHA256c406b732a496639137aca5804170f98927831bf02f9f0c38584ec7e3e74337ae
SHA512bee0abd6c2d986ba87611e2804c03a72e58f64c9f6f12eab0828f0a78483e9c6e55b817d1cbb8b053da4db5d6df394c36ec80bf9d32891684ed82a96429bd5b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\d4d53552-926a-4dfe-a9af-357bd16e0957
Filesize982B
MD5ba84b92017e8c31cf31edf3e92d60a06
SHA1921f7491dbe19cc492c5627b19887a4663dddb4e
SHA2568fe32d0a26df3337f06e972d392c77a201c3fbb2c7972596f08cc3e4d607608a
SHA5127d22ff74cd20638ee69135f3dbba78589332264da66e68073294a41b31ff8af297380ee735f539ea0325fef9f11eb718916c9ecb8191d00e86643fe8cca478b2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\de5a4a77-70a0-476f-96d3-4bca631b84b4
Filesize27KB
MD5a6c98e061432b03a04fbf47f39495266
SHA1c8334d66006ddcfa0aee6da2b150aada616ea871
SHA256149ed2a9221a3770a89e72795cb46b66ab72d196ca082a26631d507207419d89
SHA512d83b9cad5d319ef20e1ec5210565c4424030c62a11a1b9d186ece98c4068c814a0f43c4c7601572f1b9255646551421a6c38d6a077413118576c8fe4246369e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\e160f8ef-d40a-406e-8bdb-0fa27d3b91fb
Filesize671B
MD552910015d8b36d84923c36553ebd90be
SHA108dc791d324b19f3cf0de8c8009e75ae3ab5360f
SHA2569fb2acc287ef903a5d87150980c152fd8730d430401cf60de807a87e932dc4f4
SHA512598f69f8a616ad5297ead9160fe5c68699e07d4356afb752165ca54d6c24722066862e850184ddccfd6428f91cab621f1b0663da0e840bf653f6b3c7392bf589
-
Filesize
10KB
MD551ce66ae2497d368b8ae047989680616
SHA1f55c3629ad9ec0d2a4ed9568708b8ddfbd176a6b
SHA25623e5940a4cfafe399c4a9525a00dc50ff39958e69273cf5d9edad7b690344ed9
SHA512adbf6dd2a0acdb41b62757d794478373cbe2f28c74cde99bbc08c934dbfe32e1f501c7caa41f96da356bc4ea28efd9e07207026055f192005f721de3fdc1a400
-
Filesize
253KB
MD5796d66d723ece77bd5d2f9e6dec41b03
SHA104969cb5552b90f8b44a04f1557855e26d6901a5
SHA256448b29eb01ca755fcbed0406a6ddd3ccc5b62676e6c157ff75ca29ecaaac7917
SHA5121f67021965369d3b81e773047adc12e7775f43392fc51cbe7b076ee147e05bd7ba3707e7699c51bb1f0fb1dbd1489d8448c9913067eca221c048b2453507936f