lumma | aeb0d6cbcb89fc447e474619eec757e2034fdac3c49e04fe7f18abb7d5dcdaf8

Analysis

max time kernel
182s
max time network
185s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/01/2025, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Se𝓽up__Here/setup.exe
Size

684.6MB
MD5

c02cd1b381ad0a9283825004d552954d
SHA1

f714345eb3e65402822586dc584637d770a53c98
SHA256

fa463ce53647c745aa80597e7feaa70bf9f7569edbd11b7c7664f2c5d0a4012f
SHA512

50b38a2df9644f338fc9bac8d693dfc904770e4006b8bdfde75a1f04c708e07712968bc016bfbe77c561f91007df7398706be7dfa0bf6286e87f586fd3625d4d
SSDEEP

49152:YEA9P+bz2cHPcUb6HSb4SOEMkBee7nQckO6bAGx7jXTVz3338FRI6:Y92bz2Eb6pw7B6bAGx7p333SRI6

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2092	setup.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2584	2564	chrome.exe	32
PID 2564 wrote to memory of 2584	2564	chrome.exe	32
PID 2564 wrote to memory of 2584	2564	chrome.exe	32
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 1896	2564	chrome.exe	34
PID 2564 wrote to memory of 2296	2564	chrome.exe	35
PID 2564 wrote to memory of 2296	2564	chrome.exe	35
PID 2564 wrote to memory of 2296	2564	chrome.exe	35
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36
PID 2564 wrote to memory of 2800	2564	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Se𝓽up__Here\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Se𝓽up__Here\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6519758,0x7fef6519768,0x7fef6519778
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3972 --field-trial-handle=1252,i,16303564644371467216,14837784395725447921,131072 /prefetch:1
  2⤵
  PID:1628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.0.681033938\583906760" -parentBuildID 20221007134813 -prefsHandle 1188 -prefMapHandle 1168 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bda67618-b862-4874-ad4b-934871cda974} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1264 46d8558 gpu
    3⤵
    PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.1.1856982731\331312204" -parentBuildID 20221007134813 -prefsHandle 1456 -prefMapHandle 1452 -prefsLen 20850 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78e635ad-8ddf-4788-987e-75c4d6d46cdd} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1468 e70a58 socket
    3⤵
    - Checks processor information in registry
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.2.1397285570\1526276594" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 20888 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {438e42a8-0c19-4bd4-a27b-9e356e1fc3db} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2036 1a178758 tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.3.401447207\2108829231" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 2368 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ecc7add-de42-472d-bacd-ca16b03ca3b3} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2416 e5e858 tab
    3⤵
    PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.4.1685785240\617322636" -childID 3 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8dcf704-2eac-454f-a7a4-f1c3eff281e2} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2932 e61358 tab
    3⤵
    PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.5.641995257\1933911013" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3844 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd87a094-a5b8-45ae-81ca-7c9b225fc68b} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3864 1e42f258 tab
    3⤵
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.6.692535369\2144055254" -childID 5 -isForBrowser -prefsHandle 4000 -prefMapHandle 3992 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f559e49a-f056-470e-8022-0684c738ae53} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3976 1e432558 tab
    3⤵
    PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.7.192546288\1981998685" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6188791-dc89-4090-b83c-a6d291835a39} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 4144 1e431058 tab
    3⤵
    PID:2472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.8.1516170328\220875878" -childID 7 -isForBrowser -prefsHandle 3432 -prefMapHandle 3436 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4bbd284-6813-4bf4-b494-03c242f41563} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2348 1ed8cd58 tab
    3⤵
    PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.9.590412293\1518147922" -childID 8 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af0fecc9-b3ca-4d1d-8097-1a82e84dc380} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3124 1ed8d358 tab
    3⤵
    PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1b3a0cbd-8216-4375-87de-a28b6f02fb43.tmp

Filesize
333KB

MD5
05adfb3eb404138bf6495b5510a6fc0d

SHA1
74806fb4ead0c97dfe66aba0db3d2490a6f63560

SHA256
06566314630cbec8887729a014c3103d36885fc907a0c5c3b10b4b637a5bd46e

SHA512
38e379ecc3145f6debc0577ee72967e8cba50e89386381d44229b34da0f39db86f36ad6aeca7dc5b4331da549407f0066d0d19d8dd4f720925f96e93908cc6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e2c5ae207b6f17abd101174d0974df60

SHA1
39567893688b579ab1ca4d0bc543cbd35e54a4e6

SHA256
fb8538dfbe728168f85ffb234c1a1cf38a49e463e358b0c56bafed8040b6e8e4

SHA512
3a5c22cec60ba6a8c8b44c5b1030efa691fc4c8b388015161688ca2d896c82c7102f6e6aaaca61f68fa30f70252479d41af83572c270803399ccf56714b516e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
57f5eebb9c8b23f127b627a62119b9c2

SHA1
db852347f6b76a8f93cdd77596a30bea57d5b1d3

SHA256
42fb5a79d94372647dd107761149f80df9b76f396620a4849d89c5cc1fb83a93

SHA512
8f26e5c6c4744b403a7d6883e4f99a639f0d1a23edec8e40803ba1710dec6d688f75cca03724e6a85b08ecab0aaa1d5fb65cf7f694b30f9ee3645e37b6611f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1a9ed6afafb942b4786794acfef69db8

SHA1
661e1984fa4665e5deb22cb8237e374bbc706848

SHA256
9eed34b297d3588a69d47dbdd5bd10d3c53ac6247ddac8e15f1babce99ebeede

SHA512
191a9416258715612f5c628ee9990fa8aeea62b58a0eeb9a2cc886c55ac16541d0b5dd0510aa3a1cf363f4fe5979a154e1b030b2045ed611ee6e21844fc1a1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9ebc705c980d6efb305ff13f4fd8df5a

SHA1
80eb089e32c76f67866ec5ce34911f1a8d390326

SHA256
192e6489f44341d1b9c2ca630648ceeb37a385f77ca4878f97d00108124e94c1

SHA512
7dc55c9edddd2ba89ea39488c1ba828720fae43a38ae1b4721fe51a5d0a4848ab538e9596f10bc8981f6522c50f7bd46f3289196260887c297fde35e072b5238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
333KB

MD5
f564c581ec078dc20ca88a63c7efb36b

SHA1
e854f1ba5c02d08c51b6aede85a32a95b514bcc0

SHA256
41151c3673095075cb6ec1484b8d34d4ab39fa5650f06719b39aea7c19d10d4f

SHA512
416fd97858ee75f4f7793f00b5cc4689834434a734b68e6373641a60cffc371b41de3f28763b5adebf931e94a4e76c62602c2d67d0ecb984121f9f4f794a7b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
07e8313890e4e1fbfa4595f0013833b9

SHA1
66148b0a9dfc90ec59d9f8f9843831de0a8b3a7b

SHA256
c4d120eb3d3adf26127d7c11851a24b3c7143efabfff12b29c35dec9ccbc9711

SHA512
f0647566b06451ad195c5351b873da786121baa33292b2bfeb873899b1117e2c1819b380f304af7d822857930bf63229530cb8a14dfe5a3d094259219c087a6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\0512A7244F4E921037971C9AF5E9376E9DF8C6D8

Filesize
49KB

MD5
e9031021fca38143ac6d2fe2e0787306

SHA1
33c433ecff894c529deb1d647f6c598e0259b703

SHA256
f4f1d4e656673f57b640983a5056723f196c1d60a41f590593e0fa0931714125

SHA512
9d20f0209a5ba92c461b8e10ce0cf7843fb6130970eb38db67085c2a2624688b7fc2e00685e1f35bcdc68052c6430c6f3d832370b0905785430446827618a21c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD53B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD55E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
53abd7f1595190b09c36d973cd68190d

SHA1
9afe2b69c82cbec203bd8499fb68030e78bd056e

SHA256
634e79580d96937f9bf22b8f061cf13f00bbb7113ed483644adfb049fea27af7

SHA512
65d3d6ef189d0315dddb71d27ce8c8c94a5b9a56ef4437fc4be52fd89b05a6fba1e2be92929969c22d1641a3a59cd9e47dcee8ec14f15be14ce58ad92a69f88b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\e2a3bf56-b20e-4220-af54-c4fd9d16595b

Filesize
733B

MD5
104e44266d8778d9107f2038c8476ccb

SHA1
de81e079ec8d22461796f52853d5976c01bd3c8e

SHA256
eb217a90d51dce3ea40975a02a2d50d30e959ceb6c0db71cfcd7715e4113ea5e

SHA512
c855dbbf85dc2d3ddb1f58d77ad2dcd1bcfaddeef80d9fa6bd020f8062c52ee32da8c389ce9913ea3ecc878856183bce0501368ff16b53726f32b7bba478905f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
ed4808fd17a20f8e08ac79964deccecb

SHA1
23b0af948504fd6f96ddbfe734d346c410f30d22

SHA256
391ab3784a6018e82a22e1d1b393ccee738ed37ad030a8adfa3b50835c62f472

SHA512
26f75e5d2698b4bb216ceeb9e47587f9a6cd789db057ecad953b6b72afb9655b81a8f3c761c950d11e7e93dca3cf72ebc92150feb3a6e72b7cac60a64086c426

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
75eb579d7337a594142ef5e7466cfdbb

SHA1
f8934b023aaf4a8d66998dfab9a338567449825e

SHA256
f09cb31890d313d3f7205ffdd22bf809aadd490e1c12d1bfef877f1dcb8d49af

SHA512
faf7db00dfe0a7e57e622fa6964b47c30cdb181b05436065482bf9a29a919510249444958c9810fdfac9ea065f7beed7186def0d60d4363efaa0a84a5cde8e8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
6KB

MD5
12ea6f5d747244aabd5f0049a545bf1e

SHA1
b8d28940ba57d92258b9e38c08c49478c9ff4b1f

SHA256
48c92c7502db4c7d8217952fbef6a2271ea01c6ef59c8822e2c938e710ab6e48

SHA512
fc61ca8476583450b2ff8ccd28e70bd750d2dd13ec166dace9b76eed961fea913e4583bf25deaa96617b8ed9b226d8729b761c9b2aa536d89ecf4c008f19fe3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
6KB

MD5
393f40673147d0b259006bcbd1b3b4a5

SHA1
958237540427b875f59fb1fcf4269f92bed41e0f

SHA256
3b48c11f4d54e233409622b528ef0d0531f4ac705a5a871525cc6aa0958db29b

SHA512
55035db1c8d8638752595e1978ca92b0feb61deb13d035b8a1eb73957b663c0db1dc2b2aeea423b815ec3d7ecbde0192e6650b24ce45f2a55acd5bd3ce52997b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5628914b53937884445cc59c6039382b

SHA1
140eec28a63818cd4312764ed2ff21a4701afef5

SHA256
0cb2f3e37ce948dc0917310498f5da00a442167baf0ddf6cd694ccd2d289f883

SHA512
390349afbdfe36876005b19e5b4469bffda5db8a786e6d3a455a88ed5da6ad9ee2be69e978c06fc1ca36e0ecebe54fac119af0f0b44dbef925d83230e5523734

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
96adfdc2e516387dda5169f27583dc02

SHA1
9a4ab3d358671739429673b515594ab0457ae1c4

SHA256
1512cf53d02b6f04987129e72e21f8f4e1826135fbedb5cae4a58d7920636607

SHA512
1ea8bc5895a3381fca4c408aa4afde1b5cb72b2c12a9004af81a9417afbd98d2d6dae2759419a7a5c72399b7f5723ee82b0ab6feb2145ac1a5ef4802a738327f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
4d83dbc13628fb840c63c2936255b8de

SHA1
eb72e4828341989bbc906428692d309f01c84b80

SHA256
d58c5dc6c480ac30b9a57ad0b4a93301ade9e819a02b816fe6dd404804819354

SHA512
37db9e62c6901c4d6cd4e98f1ac89d686a1ff80ac6d343f9325eaa88310b07521991b91522784990cf5ff519d091562151385304d30d02cab41a8578cf469f4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
20fe9d4c55a73defa2f0b0cc2a018732

SHA1
741d448638617a9736b250b47944f55ba73cb0bc

SHA256
05ffa2aed87b452aced7ad992219d57e987c95574c0579cc63aece73951b829a

SHA512
b1bf1e8553f7ddb0d0fa8f1cf6a2a343bb8d9885306c5dcdb2e4ee3247bfb63b971054568654f211b337ac796dfc4514db5e0d54dd7d4b97a7f9c5a6f6bd802f

Download Submit
memory/2092-0-0x00000000028A0000-0x0000000002900000-memory.dmp

Filesize
384KB

Download
memory/2092-37-0x0000000000400000-0x0000000000784000-memory.dmp

Filesize
3.5MB

Download