Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
352s -
max time network
353s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 20:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk0yQnU2RE9YcVBJcFBSWDUtVzBYcGxWcEE2QXxBQ3Jtc0ttaWs1SWhPQzdxYmdQbUlVTmd6VnlPd3FEbXhzWER6ZTlBV0pWN0IzWExZZGJocmlxSzcxMmhBTTdaXzROeTQzR043NVFLVjNvZ0hyUTRENF9aNFlLOGZudzRiZkstRUJMLVJjR0ROMk1xU2l5OC1Saw&q=https%3A%2F%2Fgithub.com%2Fget-got%2Fdiscord-downloader-go&v=06UUXDQ80f8
Resource
win10v2004-20240419-en
Errors
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk0yQnU2RE9YcVBJcFBSWDUtVzBYcGxWcEE2QXxBQ3Jtc0ttaWs1SWhPQzdxYmdQbUlVTmd6VnlPd3FEbXhzWER6ZTlBV0pWN0IzWExZZGJocmlxSzcxMmhBTTdaXzROeTQzR043NVFLVjNvZ0hyUTRENF9aNFlLOGZudzRiZkstRUJMLVJjR0ROMk1xU2l5OC1Saw&q=https%3A%2F%2Fgithub.com%2Fget-got%2Fdiscord-downloader-go&v=06UUXDQ80f8
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 53 camo.githubusercontent.com -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "186" LogonUI.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 4744 msedge.exe 4744 msedge.exe 4016 msedge.exe 4016 msedge.exe 2528 identity_helper.exe 2528 identity_helper.exe 5660 msedge.exe 5660 msedge.exe 5848 msedge.exe 5848 msedge.exe 5848 msedge.exe 5848 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 5732 firefox.exe Token: SeDebugPrivilege 5732 firefox.exe Token: SeDebugPrivilege 5732 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe -
Suspicious use of SetWindowsHookEx 57 IoCs
pid Process 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 4872 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5472 OpenWith.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5732 firefox.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 5372 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 2724 OpenWith.exe 4672 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4016 wrote to memory of 1508 4016 msedge.exe 83 PID 4016 wrote to memory of 1508 4016 msedge.exe 83 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 3320 4016 msedge.exe 84 PID 4016 wrote to memory of 4744 4016 msedge.exe 85 PID 4016 wrote to memory of 4744 4016 msedge.exe 85 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 PID 4016 wrote to memory of 1668 4016 msedge.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk0yQnU2RE9YcVBJcFBSWDUtVzBYcGxWcEE2QXxBQ3Jtc0ttaWs1SWhPQzdxYmdQbUlVTmd6VnlPd3FEbXhzWER6ZTlBV0pWN0IzWExZZGJocmlxSzcxMmhBTTdaXzROeTQzR043NVFLVjNvZ0hyUTRENF9aNFlLOGZudzRiZkstRUJMLVJjR0ROMk1xU2l5OC1Saw&q=https%3A%2F%2Fgithub.com%2Fget-got%2Fdiscord-downloader-go&v=06UUXDQ80f81⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb138446f8,0x7ffb13844708,0x7ffb138447182⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:5584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,1870564110905790490,9193838539549276171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1504
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5928
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4872 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\discord-downloader-go_freebsd_amd642⤵PID:4468
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5472 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\discord-downloader-go_freebsd_amd64 (1)"2⤵PID:1780
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\discord-downloader-go_freebsd_amd64 (1)"3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5732 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {711f229c-2c79-41b5-8530-2b06cc8dffb2} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" gpu4⤵PID:3832
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b22dbca5-920c-4974-b456-ea486f0db420} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" socket4⤵PID:5940
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 26518 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9338688b-be64-45f4-9b6f-d083c68d715c} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab4⤵PID:3200
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 2 -isForBrowser -prefsHandle 3300 -prefMapHandle 3284 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec5f3fe-775c-474f-9ae9-60fddd4aa23b} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab4⤵PID:2204
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4976 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4968 -prefMapHandle 4908 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dd48a59-447d-4543-a7fb-de33e8d9b8e1} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" utility4⤵
- Checks processor information in registry
PID:4384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6fece4b-3d50-4c92-bfd4-cff9124bfcc1} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab4⤵PID:5444
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad19f743-08b1-4861-9d3c-1218c59d28f3} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab4⤵PID:4508
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1594c5-f22e-44ea-ad1b-555288eda195} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab4⤵PID:4980
-
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5372 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\discord-downloader-go_freebsd_amd64 (1)(1)2⤵PID:5136
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2724 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\discord-downloader-go_freebsd_amd64 (1)(1)2⤵PID:1984
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa38f0855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59dc60aef38e7832217e7fa02d6f0d9f6
SHA14f8539dc7d5739b36fe976a932338f459d066db6
SHA2568a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32
SHA51218371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7
-
Filesize
152B
MD57ac03b15b68af2d5cb5c8063057cc83e
SHA19b2d4db737f57322ff5c4bbddd765b3177f930ab
SHA256b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700
SHA512a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5bced68ec5a7bd2fabf5f20f55bae16d6
SHA11e39c722e7bd4df6d9ee2de13d396c7fa1bd563b
SHA2568ed5d7be029b089aec0a2cbee3287e12f700f122121a48fbcaec3ed12a49a235
SHA5124d8340268d6b4441e405e9e6f68831e73d7c9272c3685219186fce08e88b84c991cf77e189c85a7638a09cbdf7b3e6a8042a90b717db040981c7ad2b27df1ca2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD559a8c08aba23a47024295cd88407a772
SHA1573dbeaf4aa390c6441a2fcedcc4f3cef611fce9
SHA256c1de4df9cb5b5c4bc485a11771c5c29e4a7c60ce2c6ed165d7fa3cd9a110e7a7
SHA512725fe3669f7039891bf601ff7acfc4f3c63f956319d95931e1b1fc01d2e8a918663c4881ffdc5062ef296620fc55e3b60046b064c08cbced6592e49ffb0fef55
-
Filesize
975B
MD51edac865bd5747c73cd67aebb361f6ca
SHA1c06394e1a2ea2114ff7918f9abc5b09073d5c88e
SHA256b867ea18f64b28b89f9ee36027bd93f787f3a3036cc9ebe9e776b39c4ca8dba5
SHA51295fbdd84f7049104c8ede1c3881158f1d28c6820f389efd797b494380bc211c1452bfa8910647d5e4513556a5cf4f210e60b336e244ab5fa334589da7cfe7233
-
Filesize
7KB
MD56696b9a03012c96370a622547b1c40bd
SHA15913295971d41a35ba15712c954086c53c516180
SHA2567887edeb99c2d24c3520c06efce76433009e592ba68a899a1ec56dbe0eaa2c66
SHA51293a4cca8b6ca8cefead73e6936b3bb7c6f36d7d96a158e4a2826e904c899d8b1db368c08da98428b6d833922bb078beebc8986c6110436ef0b4808260bf598e2
-
Filesize
5KB
MD5e07d8eab8ba68cc7f28c3778d4dffe9a
SHA1dff78bfecab0b2a2b07becec6be9aea6663c31f3
SHA256b4356755253d703ea53328f49b817fa1329071b8d8b2bc54ed81a558a4e5f169
SHA512dfa5fd8e070e2919da3c01c8e324afc65134679ad5b9822451dfda60a74b2d6b00cfb18023d534ffdcb915dbd6d47e771c4224abf542c0db960ea4af5301d7c0
-
Filesize
6KB
MD50f661e612416affcdcda8ef1150185d5
SHA1a52ab9b6118bf8f4b74117e182e21fdeb3b6c224
SHA25654c3375d3bf5f2f0d708477810ca519aa95a2f7ab9c5fee7c51a0339d6896922
SHA512bded46de8dba8041f7463d60b6ee70f23098e85f3cd7112ff28327f69f9de88e2d38c2d96136e91f5e8ca121b6860746141bd519001f3e5b74b1c82c6282a040
-
Filesize
1KB
MD533e099cbf531e2dfe19994a0a58a4cd7
SHA115f77505ed5a04cabce4d9ad69db033f530a974d
SHA256816d529413e59f029b02d4693c05143b5c36e2a1465e6381aea703e7d7090786
SHA5123060c6d880e5593e8e90cb746d8bc297638f177b10fa48ee2523952fe2090111a152831dfc287d35c329829f7990e70f2e99169eb2841471cf65159183fee4c0
-
Filesize
1KB
MD5a0f8708394eabc6160812e1be6a0ba73
SHA159db5dfb7b863026736edb3d91d644ebc074e19a
SHA256266c05797cbb422ab46ca2594dc093ba057b485033c7c7ab1817df56595496db
SHA5120df2efd2a2bd1a0a5b7db394bae0b6ef11303404e8e367c766872cf5d637c8c335861c022ddaee7a8eda8530485186cc29ce94630b7e8c75a58ba3111d5f21b2
-
Filesize
1KB
MD5492ff9694abb698266bdb04ea68b5da6
SHA1597815ee5e3ccfe5600a4c77b8cfd98652ee47ae
SHA2560e8cb507e6595eed6ab615e32846913053cbcc5595fcac03e734517ce122403b
SHA512e3e9eff8d8e074cd865f5e15d4b7aec08c818ba38ff0322a7b59a6a9e5ead9e3de4a17f12c4524f76aaf8ca120f21322a4a5a538159c2a09a44a24b71755dd9a
-
Filesize
1KB
MD5c7f8cc988a94f392c5eadf0ac78daab1
SHA14d45b250b645791dadc41c7ce5aa0138e003b736
SHA256d0e4bd55981e2c916c82a8930fbaceacc60f2a212b3fbf86cd18e4aa4d077330
SHA51281321bdc06001998c176187d56c5dd93139ef2634ee50de9eb0ef0a7aaeabdfacf5edb78cd5a6e997d68bdeebb880c83345f51e2af2d0601a7f86fb45f839813
-
Filesize
1KB
MD549977e7371bf173994559c0ab2b53bd8
SHA13219879f6ce1c13b8fc1502664362f33a5cc279b
SHA256eeca8befd9a69ae7ae6f633f3e554ada56e9232500fc5f38abf19f4c3ec4a82b
SHA51210d4eac1817ffffb17129abb8659dfe037bbf616df8a65182cc55f17f70464bcea77a492b9d0098a67dbf2c2ebc972c978c75796915e9d6de62b1b6d5af6f4e5
-
Filesize
1KB
MD56ac50b9bebd03c3da6c5c62aeaeda68d
SHA1f7f4cde8a644ed514762201b02c0879068e5e24d
SHA25692d939300917fa9c6358534bbb377bdfb94d37d35e835b487bd383833d0817c7
SHA5126f21952a22822abb4de67ea17db8be5cf690d3e5a2d90b330def64a137a1bb2148cf925dd76d5f4d6488a0749c48e50693bdaecfcf59fc8dfddaaeeaf3f2ca74
-
Filesize
1KB
MD5566a14d78303655771eb69928aa2ac4c
SHA16d6d14097d5a61bc65311d6f3ea7cfd061d4d83f
SHA25650cc9f09cd4cd281ace7d02b613667b122e6d182d26bd349aa70dc1da2e36249
SHA5125b0da16f845533d831a4c8a95b57466ab63ae82d2285246cac1ff5d4dbd4c99589c62a318e96f33be6e08cd27b8405400423c9e6f56cb1a78f6faf7da304e971
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD56bd53e5425440c2143a2a3343019480a
SHA18e9cbbe4f461ac74be34f522d3f3ab758a93ed96
SHA256d946b50092937c7337bf6af7ee815c5930044cb4e77f97da094f6338d89c8d83
SHA5123902cb704c8ec055fb7ac992234d81e6786caf2263fca36a13f21243ecc970d792848716845bb80af641ebd5e376d23a43591e69b33a6f6b3c11e365519e5653
-
Filesize
12KB
MD585ca41f1e103bbec2d688200d0ff172b
SHA191eb873b8f2afd896f3d2f3b989786e98cf3d255
SHA25607fea1b6f2a697cb25927251b7aa19500a47f92adde63854bfd52c0d79402e38
SHA51229f7b55e6bd256d03339cd60470784ac31a1486cb3940065fc6c2f3173042f83d3d8787b998b007b884f3de1a48ef7d32921109d0a6e39ed7175c9fd8bfeab69
-
Filesize
11KB
MD5f5d2d508c156a4ee3218a383f5682543
SHA17d1768001aca631bb35417bf0ccb7115d51d3ae2
SHA2566746a9e923eea1fc82eb32646054d3f21e7ad8932c26cd693dd2cd0c6c6e82fb
SHA51209e5954ee6de25a34df2ecc48a21e217ba9c09298208e439288ea493eb5a8148874a2b4310b1f83aa3c8d7c3cbdc54e5ccfd6c3c852b069df5fde37dda07ba76
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\AlternateServices.bin
Filesize7KB
MD54b3e0e365051ff5142341fc88071b367
SHA1e9704b3f766e735a110a5b1085d32a03a8df4fcd
SHA256b5889862d0613d043f7f4a23f431fb8b52fba561c8449f1c6352580c4ad32028
SHA5124bb36f0312d6485cd40db685cf5d05784540bca5129a27103a43f6f6966a99b340b0f085cff48822aa1cda40c0b716e8a9dfd8e7d031c740c8e6cb253d456d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5d32e3996d18c27f906de3b83e6a84bd1
SHA1a73d212a74331dc09c34f590db3987db0482803b
SHA256003968e98143bb02e0e31811804aafc210fd32ad1261e4973dafb875eaeb3547
SHA5124a0b4aaa49e7edd37f844dd3a106342beb953dbc38c7650903aeeee502e2e764813fecadff7c853e304d72a34fdc46375fa1a92c2e08e8f424c8a1d137e3a2b5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD51779e95aafbe8758004cf7ffc680cb34
SHA1c6cc078dd1b31cff642d9d17c40e0241c9781272
SHA25609964b6029adb0a95794d98493e343170da17151275d2ccd3ee71eff3ae201b5
SHA512b255b6d05c872122d76392bd9630ae1a28aaca3c65cd0151f56832995eeca1822d1f0c30ac63a4f8574940a1b0d5c1c4065e15420394202dec098aba9caedf38
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\f4eaaacf-dd7c-457c-9b68-03cab6e15373
Filesize26KB
MD556df2d36ccdc0853952b6d77b0dbca72
SHA1c2dfe417e11f9a1fe59840762bfb0fe4e9d37499
SHA25617d97418619f805b08f196646fc9be4c5bfb754601f9f2171489dd8af9dd913a
SHA51214c0e44ca6a2b6e6f91f9fd089ab1810f1f6f8e465e5d4f3d20be200649e3cfc03b28e3962909e59019b34fce3cee7ce0e96eab9b913b61a3b40b49814c9ad6f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\f64740c8-d208-48e2-a531-7606b552a5fa
Filesize982B
MD535b78c17ebd34b364710020ce6ad8775
SHA1a7e3930238980af346c61b2c7e84c7c011d817fc
SHA2560ec45d7c8a2e7edc0feb8e375fde0b2632379eabd75a3e22f15f385ea2e1798d
SHA512e9de512d3d53100d06eb3eacb602989c733967572175b62e509725c2e0524d24c3a00bd46c53f6565c5f7addf48a396c47d93dcc1f87a728d658a17103fffb8d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\f963d6ad-e08e-482e-8ed2-2f08864a8233
Filesize671B
MD573708d3db7a20d797c502f2516e24338
SHA135626ac6c0421eac3243ccb6ef3ca6d83c906077
SHA2561edb3786601680e36637ea23d05fd7505a2394492b1d38883577081d7a9ebd63
SHA51246755d9b88509f73d3100911466b5d61fca1bdceb12b842241f5e76e318bc382f716f37b2e537f382d739a5f754c17e95e5d2dc4595cb202acd0092e045b26ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
8KB
MD5005fd1b371b333a2269dfd2f5ab2e4d8
SHA1e20aefcb9c5fad42dd5ae65f79b31bf0ee6d2e8b
SHA256e2058afacf0547dcc54c89a7ebd1b0fa96203f5aa58ad41bf6649c83a5485632
SHA512b0b02888fefc179164c1099cfa1393423a172b83a541f5509887de9de3b342e162bf319549847aadefcdac97436fb2410db2bbcac4f9290ea6eae90b586204b1
-
Filesize
9KB
MD5c1cd731b1e6548d3d14ae3d2124e42b1
SHA1eb01b8781ead5aec25b6af754cf2aeb5d6f05387
SHA256205f630d50168196d7e1e6cf18a61ff9d4ea0b33ac0269077274cb6f2003ca7a
SHA51259a995627d99f963bc933d1a873efeca979245beb2d3cee7313811c87d9421c02f450ddf896aaddae8e7498ba119e5d39bd5afaf3df538065fb66cd0e37c9d4e
-
Filesize
8KB
MD53a2f860487a3fbafff0fe3727deb7efe
SHA17622ada16aaebb03c191b717f94f6dcd652ad773
SHA256ff928729e406ea8f264e683c918e83ed8ec24c2a57263b2cd170ad9e4c4657db
SHA51237293c8ab0cec29acc4392a18e0465f760c19b738372240af292d1ee56f12c8d79c6a01637e72cfd4325f80c0cd855b6e0c0d94111d2f182765b6482fd72e653
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD561c3cc0d2baf3ca7175c804260843949
SHA19f02f8a8544642fb9592aebcbd14997edbed72c9
SHA25638756e48f8b0332140aa6ddac919519cf1b83bfdc2755a2d8dd096e500fa0dd4
SHA5120aed91d6a240a3bf36378c10fad73248238c195892656a4016c0ba2d19fb8d2d1458e21c1ea7c59c683a8e33ee2b737df77d54a6939ea52bebd63ce182c19ebd
-
Filesize
18.2MB
MD54bb1d5b30d3063dfc1c82555111cd278
SHA16f030ae70888a03fe78bb558cd91dd87745121dd
SHA2560b31cbdf343166a70f8e2cf73e575dd04d58b6eff3ce0ecad9d146d51dfb6950
SHA512c1d95aef5bf2a81432de98448044a82c92c09cb2610c199ec9cc82be5e42fe2d0942031361f10ad4691249ef5b1557bd82c02e601baa16862d4da0a0f596a9c0